Jump to content

Malware Bytes cannot detect ad insertion malware


kjw
 Share

Recommended Posts

This malware pops up ads in the bottom left and bottom right corners of the browser. One of the ads that keeps coming up is for a green card service (probably a scam of course). It also causes regular clicks on links to get redirected to ads. It pops up for odd (squatter) sites like sale.com and sell.com, but not google.com or yahoo.com. Proxy server appears normal.

Malware Bytes, FPAV, and ESET do not detect this, though the attached DDS.txt notes five Hosts entries that are definitely wrong. but I don't see them in C:\Windows\system32\drivers\etc\hosts . I don't see them in the registry either. I'm not sure where to remove them.

Note: this system had a second infection that FPAV and MalwareBytes did not detect. It appears to be a new variant of http://blog.teesupport.com/system-error-hard-disk-failure-detected-fake-alert-and-all-files-hidden-how-to-fix/ . ESET did detect something and appear to have removed it, though logins now cause a temporary profile to be used. That is a common end result of removing the above ransom-ware.

DDS.txt

Link to post
Share on other sites

Hello kjw and welcome to MalwareBytes forums.

Henceforth, please do not attach reports/logs. Always Copy & Paste directly into main-body of reply.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here

If you do that, let me know.

Otherwise, I will help you. Follow my guide and do not run any other tools on your own.

Do not do any websurfing, browsing, online games, or anything else online.

Just only go to this forum and the sites I guide you to.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner from >>here<< and save it on your Desktop.

:excl: Close all your browsers and any other open application-program. :excl:

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 5

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 6

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-18 19:59:11

-----------------------------

19:59:11.693 OS Version: Windows x64 6.1.7601 Service Pack 1

19:59:11.693 Number of processors: 2 586 0x170A

19:59:11.694 ComputerName: BENTO UserName: kjw

19:59:12.151 Initialize success

19:59:23.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:59:23.924 Disk 0 Vendor: WDC_WD2500AAKX-753CA0 15.01H15 Size: 238475MB BusType: 3

19:59:23.941 Disk 0 MBR read successfully

19:59:23.944 Disk 0 MBR scan

19:59:23.948 Disk 0 Windows 7 default MBR code

19:59:23.952 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 12048 MB offset 63

19:59:23.956 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226392 MB offset 24675840

19:59:23.978 Disk 0 scanning C:\Windows\system32\drivers

19:59:29.392 Service scanning

19:59:39.745 Modules scanning

19:59:39.755 Scan finished successfully

19:59:46.524 Disk 0 MBR has been saved successfully to "C:\Users\kjw\Desktop\MBR.dat"

19:59:46.525 The log file has been saved successfully to "C:\Users\kjw\Desktop\aswMBR.txt"

20:00:25.0568 1344 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

20:00:25.0911 1344 ============================================================

20:00:25.0911 1344 Current date / time: 2012/09/18 20:00:25.0911

20:00:25.0911 1344 SystemInfo:

20:00:25.0911 1344

20:00:25.0911 1344 OS Version: 6.1.7601 ServicePack: 1.0

20:00:25.0911 1344 Product type: Workstation

20:00:25.0911 1344 ComputerName: BENTO

20:00:25.0911 1344 UserName: kjw

20:00:25.0911 1344 Windows directory: C:\Windows

20:00:25.0911 1344 System windows directory: C:\Windows

20:00:25.0911 1344 Running under WOW64

20:00:25.0911 1344 Processor architecture: Intel x64

20:00:25.0911 1344 Number of processors: 2

20:00:25.0911 1344 Page size: 0x1000

20:00:25.0911 1344 Boot type: Normal boot

20:00:25.0911 1344 ============================================================

20:00:26.0862 1344 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:00:26.0865 1344 Drive \Device\Harddisk1\DR2 - Size: 0x7A4B600 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:00:26.0866 1344 ============================================================

20:00:26.0866 1344 \Device\Harddisk0\DR0:

20:00:26.0867 1344 MBR partitions:

20:00:26.0867 1344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17885C1

20:00:26.0867 1344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1788600, BlocksNum 0x1BA2C47D

20:00:26.0867 1344 \Device\Harddisk1\DR2:

20:00:26.0867 1344 MBR partitions:

20:00:26.0867 1344 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D23B

20:00:26.0867 1344 ============================================================

20:00:26.0900 1344 C: <-> \Device\Harddisk0\DR0\Partition2

20:00:26.0908 1344 V: <-> \Device\Harddisk0\DR0\Partition1

20:00:26.0908 1344 ============================================================

20:00:26.0908 1344 Initialize success

20:00:26.0908 1344 ============================================================

20:00:33.0842 4604 ============================================================

20:00:33.0842 4604 Scan started

20:00:33.0842 4604 Mode: Manual;

20:00:33.0842 4604 ============================================================

20:00:34.0209 4604 ================ Scan system memory ========================

20:00:34.0209 4604 System memory - ok

20:00:34.0210 4604 ================ Scan services =============================

20:00:34.0324 4604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

20:00:34.0331 4604 1394ohci - ok

20:00:34.0360 4604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:00:34.0369 4604 ACPI - ok

20:00:34.0376 4604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:00:34.0379 4604 AcpiPmi - ok

20:00:34.0485 4604 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:00:34.0526 4604 AdobeARMservice - ok

20:00:34.0806 4604 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:00:34.0845 4604 AdobeFlashPlayerUpdateSvc - ok

20:00:34.0881 4604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:00:34.0992 4604 adp94xx - ok

20:00:35.0017 4604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:00:35.0077 4604 adpahci - ok

20:00:35.0083 4604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:00:35.0087 4604 adpu320 - ok

20:00:35.0107 4604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:00:35.0110 4604 AeLookupSvc - ok

20:00:35.0156 4604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

20:00:35.0167 4604 AFD - ok

20:00:35.0188 4604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:00:35.0192 4604 agp440 - ok

20:00:35.0214 4604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

20:00:35.0219 4604 ALG - ok

20:00:35.0226 4604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

20:00:35.0230 4604 aliide - ok

20:00:35.0237 4604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

20:00:35.0241 4604 amdide - ok

20:00:35.0249 4604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

20:00:35.0253 4604 AmdK8 - ok

20:00:35.0261 4604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

20:00:35.0265 4604 AmdPPM - ok

20:00:35.0274 4604 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:00:35.0279 4604 amdsata - ok

20:00:35.0297 4604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

20:00:35.0305 4604 amdsbs - ok

20:00:35.0319 4604 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:00:35.0321 4604 amdxata - ok

20:00:35.0334 4604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

20:00:35.0337 4604 AppID - ok

20:00:35.0353 4604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:00:35.0355 4604 AppIDSvc - ok

20:00:35.0372 4604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

20:00:35.0374 4604 Appinfo - ok

20:00:35.0428 4604 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:00:35.0467 4604 Apple Mobile Device - ok

20:00:35.0533 4604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

20:00:35.0541 4604 AppMgmt - ok

20:00:35.0549 4604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

20:00:35.0554 4604 arc - ok

20:00:35.0562 4604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:00:35.0567 4604 arcsas - ok

20:00:35.0643 4604 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:00:35.0648 4604 aspnet_state - ok

20:00:35.0662 4604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:00:35.0666 4604 AsyncMac - ok

20:00:35.0672 4604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

20:00:35.0673 4604 atapi - ok

20:00:35.0715 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:00:35.0737 4604 AudioEndpointBuilder - ok

20:00:35.0757 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:00:35.0764 4604 AudioSrv - ok

20:00:35.0802 4604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:00:35.0809 4604 AxInstSV - ok

20:00:35.0832 4604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

20:00:35.0842 4604 b06bdrv - ok

20:00:35.0878 4604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:00:35.0885 4604 b57nd60a - ok

20:00:35.0907 4604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

20:00:35.0913 4604 BDESVC - ok

20:00:35.0927 4604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

20:00:35.0931 4604 Beep - ok

20:00:35.0974 4604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

20:00:35.0993 4604 BFE - ok

20:00:36.0032 4604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

20:00:36.0043 4604 BITS - ok

20:00:36.0076 4604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:00:36.0079 4604 blbdrive - ok

20:00:36.0100 4604 [ 228086F7ED08E8F1F8622E8F0DED7B6E ] Blfp C:\Windows\system32\DRIVERS\basp.sys

20:00:36.0106 4604 Blfp - ok

20:00:36.0148 4604 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

20:00:36.0470 4604 Bonjour Service - ok

20:00:36.0493 4604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:00:36.0495 4604 bowser - ok

20:00:36.0562 4604 [ 96AFB6D33247FE90421A5B2E76F4ED59 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

20:00:36.0651 4604 BrcmMgmtAgent - ok

20:00:36.0669 4604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

20:00:36.0671 4604 BrFiltLo - ok

20:00:36.0676 4604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

20:00:36.0678 4604 BrFiltUp - ok

20:00:36.0704 4604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

20:00:36.0707 4604 Browser - ok

20:00:36.0714 4604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:00:36.0718 4604 Brserid - ok

20:00:36.0723 4604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:00:36.0725 4604 BrSerWdm - ok

20:00:36.0730 4604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:00:36.0732 4604 BrUsbMdm - ok

20:00:36.0737 4604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:00:36.0739 4604 BrUsbSer - ok

20:00:36.0752 4604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:00:36.0755 4604 BTHMODEM - ok

20:00:36.0780 4604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

20:00:36.0784 4604 bthserv - ok

20:00:36.0811 4604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:00:36.0814 4604 cdfs - ok

20:00:36.0839 4604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:00:36.0844 4604 cdrom - ok

20:00:36.0869 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

20:00:36.0875 4604 CertPropSvc - ok

20:00:36.0891 4604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

20:00:36.0895 4604 circlass - ok

20:00:36.0914 4604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

20:00:36.0926 4604 CLFS - ok

20:00:36.0966 4604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:00:36.0990 4604 clr_optimization_v2.0.50727_32 - ok

20:00:37.0022 4604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:00:37.0029 4604 clr_optimization_v2.0.50727_64 - ok

20:00:37.0079 4604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:00:37.0100 4604 clr_optimization_v4.0.30319_32 - ok

20:00:37.0121 4604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:00:37.0127 4604 clr_optimization_v4.0.30319_64 - ok

20:00:37.0159 4604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

20:00:37.0162 4604 CmBatt - ok

20:00:37.0166 4604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:00:37.0169 4604 cmdide - ok

20:00:37.0200 4604 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

20:00:37.0213 4604 CNG - ok

20:00:37.0217 4604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:00:37.0221 4604 Compbatt - ok

20:00:37.0246 4604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

20:00:37.0249 4604 CompositeBus - ok

20:00:37.0261 4604 COMSysApp - ok

20:00:37.0265 4604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:00:37.0268 4604 crcdisk - ok

20:00:37.0312 4604 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:00:37.0319 4604 CryptSvc - ok

20:00:37.0361 4604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

20:00:37.0373 4604 CSC - ok

20:00:37.0401 4604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

20:00:37.0415 4604 CscService - ok

20:00:37.0452 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:00:37.0455 4604 DcomLaunch - ok

20:00:37.0485 4604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

20:00:37.0496 4604 defragsvc - ok

20:00:37.0515 4604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:00:37.0520 4604 DfsC - ok

20:00:37.0543 4604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

20:00:37.0555 4604 Dhcp - ok

20:00:37.0581 4604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

20:00:37.0585 4604 discache - ok

20:00:37.0619 4604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

20:00:37.0667 4604 Disk - ok

20:00:37.0744 4604 [ DC44F5FB17D958355B3C9147A3FDCCC6 ] DLPWD C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

20:00:37.0838 4604 DLPWD - ok

20:00:37.0852 4604 [ 4C23AA9FCC1CAA134C925B359BB6438F ] DLSDB C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

20:00:37.0896 4604 DLSDB - ok

20:00:37.0917 4604 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

20:00:37.0920 4604 dmvsc - ok

20:00:37.0944 4604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:00:37.0949 4604 Dnscache - ok

20:00:37.0988 4604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:00:37.0999 4604 dot3svc - ok

20:00:38.0015 4604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

20:00:38.0022 4604 DPS - ok

20:00:38.0045 4604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:00:38.0049 4604 drmkaud - ok

20:00:38.0090 4604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:00:38.0110 4604 DXGKrnl - ok

20:00:38.0125 4604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

20:00:38.0132 4604 EapHost - ok

20:00:38.0226 4604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

20:00:38.0269 4604 ebdrv - ok

20:00:38.0299 4604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

20:00:38.0302 4604 EFS - ok

20:00:38.0358 4604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:00:38.0378 4604 ehRecvr - ok

20:00:38.0390 4604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

20:00:38.0397 4604 ehSched - ok

20:00:38.0425 4604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:00:38.0440 4604 elxstor - ok

20:00:38.0447 4604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:00:38.0450 4604 ErrDev - ok

20:00:38.0494 4604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

20:00:38.0505 4604 EventSystem - ok

20:00:38.0528 4604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

20:00:38.0535 4604 exfat - ok

20:00:38.0559 4604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:00:38.0566 4604 fastfat - ok

20:00:38.0603 4604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

20:00:38.0621 4604 Fax - ok

20:00:38.0628 4604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

20:00:38.0632 4604 fdc - ok

20:00:38.0649 4604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

20:00:38.0653 4604 fdPHost - ok

20:00:38.0663 4604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

20:00:38.0668 4604 FDResPub - ok

20:00:38.0683 4604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:00:38.0685 4604 FileInfo - ok

20:00:38.0700 4604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:00:38.0702 4604 Filetrace - ok

20:00:38.0707 4604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

20:00:38.0709 4604 flpydisk - ok

20:00:38.0735 4604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:00:38.0745 4604 FltMgr - ok

20:00:38.0786 4604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

20:00:38.0811 4604 FontCache - ok

20:00:38.0846 4604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:00:38.0856 4604 FontCache3.0.0.0 - ok

20:00:38.0907 4604 [ 6F0D5420DF53205C2960E6C1C7FD6BA6 ] FPAVServer C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

20:00:38.0920 4604 FPAVServer - ok

20:00:38.0959 4604 [ BC5C7C3D4834554491A941781E28495C ] FPAV_RTP C:\Windows\system32\DRIVERS\FPAV_RTP.sys

20:00:38.0975 4604 FPAV_RTP - ok

20:00:39.0000 4604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:00:39.0004 4604 FsDepends - ok

20:00:39.0032 4604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:00:39.0035 4604 Fs_Rec - ok

20:00:39.0056 4604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:00:39.0064 4604 fvevol - ok

20:00:39.0089 4604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:00:39.0093 4604 gagp30kx - ok

20:00:39.0113 4604 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:00:39.0116 4604 GEARAspiWDM - ok

20:00:39.0178 4604 [ 80D6EA9C46904608CEA146C4996A824A ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe

20:00:39.0189 4604 GoToAssist - ok

20:00:39.0229 4604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

20:00:39.0246 4604 gpsvc - ok

20:00:39.0262 4604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:00:39.0266 4604 hcw85cir - ok

20:00:39.0289 4604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:00:39.0294 4604 HDAudBus - ok

20:00:39.0298 4604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

20:00:39.0301 4604 HidBatt - ok

20:00:39.0306 4604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:00:39.0311 4604 HidBth - ok

20:00:39.0328 4604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

20:00:39.0332 4604 HidIr - ok

20:00:39.0350 4604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

20:00:39.0356 4604 hidserv - ok

20:00:39.0382 4604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:00:39.0386 4604 HidUsb - ok

20:00:39.0406 4604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:00:39.0413 4604 hkmsvc - ok

20:00:39.0432 4604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:00:39.0443 4604 HomeGroupListener - ok

20:00:39.0470 4604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:00:39.0479 4604 HomeGroupProvider - ok

20:00:39.0493 4604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:00:39.0498 4604 HpSAMD - ok

20:00:39.0535 4604 [ 34E9BF9CAEBF49B8AAF1FF45AB5AE577 ] HPSIService C:\Windows\system32\HPSIsvc.exe

20:00:39.0542 4604 HPSIService - ok

20:00:39.0572 4604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:00:39.0588 4604 HTTP - ok

20:00:39.0605 4604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:00:39.0609 4604 hwpolicy - ok

20:00:39.0627 4604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:00:39.0632 4604 i8042prt - ok

20:00:39.0665 4604 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:00:39.0677 4604 iaStorV - ok

20:00:39.0723 4604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:00:39.0749 4604 idsvc - ok

20:00:39.0948 4604 [ C02B4A9988A5BE86348C74D6F8CC7E81 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

20:00:40.0033 4604 igfx - ok

20:00:40.0045 4604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:00:40.0048 4604 iirsp - ok

20:00:40.0078 4604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

20:00:40.0092 4604 IKEEXT - ok

20:00:40.0147 4604 [ 9F61C293284A2435BADB78A4E287AE88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys

20:00:40.0187 4604 IntcAzAudAddService - ok

20:00:40.0217 4604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

20:00:40.0221 4604 intelide - ok

20:00:40.0236 4604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:00:40.0240 4604 intelppm - ok

20:00:40.0264 4604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:00:40.0271 4604 IPBusEnum - ok

20:00:40.0282 4604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:00:40.0286 4604 IpFilterDriver - ok

20:00:40.0309 4604 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:00:40.0325 4604 iphlpsvc - ok

20:00:40.0334 4604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:00:40.0339 4604 IPMIDRV - ok

20:00:40.0348 4604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:00:40.0354 4604 IPNAT - ok

20:00:40.0389 4604 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:00:40.0475 4604 iPod Service - ok

20:00:40.0497 4604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:00:40.0499 4604 IRENUM - ok

20:00:40.0504 4604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:00:40.0506 4604 isapnp - ok

20:00:40.0539 4604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:00:40.0546 4604 iScsiPrt - ok

20:00:40.0581 4604 [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

20:00:40.0585 4604 k57nd60a - ok

20:00:40.0610 4604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:00:40.0614 4604 kbdclass - ok

20:00:40.0629 4604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:00:40.0633 4604 kbdhid - ok

20:00:40.0649 4604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

20:00:40.0652 4604 KeyIso - ok

20:00:40.0683 4604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:00:40.0689 4604 KSecDD - ok

20:00:40.0706 4604 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:00:40.0712 4604 KSecPkg - ok

20:00:40.0727 4604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:00:40.0730 4604 ksthunk - ok

20:00:40.0759 4604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

20:00:40.0773 4604 KtmRm - ok

20:00:40.0805 4604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

20:00:40.0891 4604 LanmanServer - ok

20:00:40.0927 4604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:00:40.0932 4604 LanmanWorkstation - ok

20:00:40.0964 4604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:00:40.0968 4604 lltdio - ok

20:00:40.0997 4604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:00:41.0028 4604 lltdsvc - ok

20:00:41.0043 4604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:00:41.0047 4604 lmhosts - ok

20:00:41.0073 4604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:00:41.0079 4604 LSI_FC - ok

20:00:41.0087 4604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:00:41.0092 4604 LSI_SAS - ok

20:00:41.0100 4604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

20:00:41.0105 4604 LSI_SAS2 - ok

20:00:41.0114 4604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:00:41.0120 4604 LSI_SCSI - ok

20:00:41.0143 4604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

20:00:41.0146 4604 luafv - ok

20:00:41.0166 4604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:00:41.0170 4604 Mcx2Svc - ok

20:00:41.0175 4604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

20:00:41.0178 4604 megasas - ok

20:00:41.0195 4604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

20:00:41.0420 4604 MegaSR - ok

20:00:41.0438 4604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

20:00:41.0441 4604 MMCSS - ok

20:00:41.0446 4604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

20:00:41.0449 4604 Modem - ok

20:00:41.0463 4604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:00:41.0465 4604 monitor - ok

20:00:41.0486 4604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:00:41.0488 4604 mouclass - ok

20:00:41.0525 4604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:00:41.0529 4604 mouhid - ok

20:00:41.0547 4604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:00:41.0551 4604 mountmgr - ok

20:00:41.0560 4604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

20:00:41.0566 4604 mpio - ok

20:00:41.0581 4604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:00:41.0586 4604 mpsdrv - ok

20:00:41.0610 4604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:00:41.0637 4604 MpsSvc - ok

20:00:41.0658 4604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:00:41.0664 4604 MRxDAV - ok

20:00:41.0690 4604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:00:41.0693 4604 mrxsmb - ok

20:00:41.0725 4604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:00:41.0729 4604 mrxsmb10 - ok

20:00:41.0746 4604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:00:41.0752 4604 mrxsmb20 - ok

20:00:41.0768 4604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

20:00:41.0772 4604 msahci - ok

20:00:41.0781 4604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:00:41.0787 4604 msdsm - ok

20:00:41.0803 4604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

20:00:41.0812 4604 MSDTC - ok

20:00:41.0836 4604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:00:41.0840 4604 Msfs - ok

20:00:41.0856 4604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:00:41.0860 4604 mshidkmdf - ok

20:00:41.0871 4604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:00:41.0874 4604 msisadrv - ok

20:00:41.0903 4604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:00:41.0912 4604 MSiSCSI - ok

20:00:41.0918 4604 msiserver - ok

20:00:41.0932 4604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:00:41.0936 4604 MSKSSRV - ok

20:00:41.0949 4604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:00:41.0953 4604 MSPCLOCK - ok

20:00:41.0959 4604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:00:41.0963 4604 MSPQM - ok

20:00:41.0985 4604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:00:41.0989 4604 MsRPC - ok

20:00:42.0008 4604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:00:42.0010 4604 mssmbios - ok

20:00:42.0024 4604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:00:42.0026 4604 MSTEE - ok

20:00:42.0030 4604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

20:00:42.0032 4604 MTConfig - ok

20:00:42.0049 4604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

20:00:42.0053 4604 Mup - ok

20:00:42.0089 4604 [ 86292363B050C1B55FE77D75AF3EFB71 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys

20:00:42.0092 4604 mvusbews - ok

20:00:42.0123 4604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

20:00:42.0137 4604 napagent - ok

20:00:42.0174 4604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:00:42.0183 4604 NativeWifiP - ok

20:00:42.0225 4604 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:00:42.0245 4604 NDIS - ok

20:00:42.0258 4604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:00:42.0262 4604 NdisCap - ok

20:00:42.0288 4604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:00:42.0290 4604 NdisTapi - ok

20:00:42.0300 4604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:00:42.0302 4604 Ndisuio - ok

20:00:42.0308 4604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:00:42.0311 4604 NdisWan - ok

20:00:42.0318 4604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:00:42.0320 4604 NDProxy - ok

20:00:42.0331 4604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:00:42.0333 4604 NetBIOS - ok

20:00:42.0352 4604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:00:42.0357 4604 NetBT - ok

20:00:42.0387 4604 [ 5D3E93151CCA238420DB9DB65715A1F5 ] NETGEARUCOMP C:\Windows\system32\DRIVERS\NETGEARUCOMP.sys

20:00:42.0389 4604 NETGEARUCOMP - ok

20:00:42.0425 4604 [ 5167CA339A8A36FEC32B03EC8FDBBF64 ] NETGEARUHOST C:\Windows\system32\DRIVERS\NETGEARUHOST.sys

20:00:42.0429 4604 NETGEARUHOST - ok

20:00:42.0442 4604 [ A6068421D3A33255F9D77DFDE29C8416 ] NETGEARUHUB C:\Windows\system32\DRIVERS\NETGEARUHUB.sys

20:00:42.0446 4604 NETGEARUHUB - ok

20:00:42.0466 4604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

20:00:42.0468 4604 Netlogon - ok

20:00:42.0502 4604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

20:00:42.0513 4604 Netman - ok

20:00:42.0552 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:00:42.0565 4604 NetMsmqActivator - ok

20:00:42.0571 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:00:42.0573 4604 NetPipeActivator - ok

20:00:42.0595 4604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

20:00:42.0608 4604 netprofm - ok

20:00:42.0615 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:00:42.0617 4604 NetTcpActivator - ok

20:00:42.0624 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:00:42.0626 4604 NetTcpPortSharing - ok

20:00:42.0658 4604 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys

20:00:42.0661 4604 netvsc - ok

20:00:42.0692 4604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:00:42.0695 4604 nfrd960 - ok

20:00:42.0718 4604 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:00:42.0729 4604 NlaSvc - ok

20:00:42.0741 4604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:00:42.0745 4604 Npfs - ok

20:00:42.0755 4604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

20:00:42.0759 4604 nsi - ok

20:00:42.0774 4604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:00:42.0776 4604 nsiproxy - ok

20:00:42.0822 4604 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:00:42.0852 4604 Ntfs - ok

20:00:42.0871 4604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

20:00:42.0874 4604 Null - ok

20:00:43.0107 4604 [ F3CC465A438235D5859A2C2FE8A6335F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:00:43.0248 4604 nvlddmkm - ok

20:00:43.0273 4604 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:00:43.0276 4604 nvraid - ok

20:00:43.0282 4604 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:00:43.0285 4604 nvstor - ok

20:00:43.0301 4604 [ 794DC4FD31462943FE37099CAE7F6A91 ] nvsvc C:\Windows\system32\nvvsvc.exe

20:00:43.0345 4604 nvsvc - ok

20:00:43.0353 4604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:00:43.0356 4604 nv_agp - ok

20:00:43.0414 4604 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:00:43.0444 4604 odserv - ok

20:00:43.0451 4604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:00:43.0456 4604 ohci1394 - ok

20:00:43.0502 4604 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:00:43.0798 4604 ose - ok

20:00:43.0820 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:00:43.0828 4604 p2pimsvc - ok

20:00:43.0847 4604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

20:00:43.0857 4604 p2psvc - ok

20:00:43.0869 4604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

20:00:43.0872 4604 Parport - ok

20:00:43.0896 4604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:00:43.0901 4604 partmgr - ok

20:00:43.0929 4604 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys

20:00:43.0933 4604 PBADRV - ok

20:00:43.0952 4604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:00:43.0963 4604 PcaSvc - ok

20:00:43.0974 4604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

20:00:43.0980 4604 pci - ok

20:00:43.0998 4604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

20:00:44.0002 4604 pciide - ok

20:00:44.0012 4604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:00:44.0017 4604 pcmcia - ok

20:00:44.0028 4604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

20:00:44.0031 4604 pcw - ok

20:00:44.0120 4604 [ 93586A9FA78BF86B35C0CD443694CB6B ] PDFProFiltSrvPP C:\Program Files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe

20:00:44.0411 4604 PDFProFiltSrvPP - ok

20:00:44.0428 4604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:00:44.0434 4604 PEAUTH - ok

20:00:44.0480 4604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

20:00:44.0527 4604 PeerDistSvc - ok

20:00:44.0586 4604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:00:44.0601 4604 PerfHost - ok

20:00:44.0651 4604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

20:00:44.0688 4604 pla - ok

20:00:44.0931 4604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:00:44.0944 4604 PlugPlay - ok

20:00:44.0963 4604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:00:44.0969 4604 PNRPAutoReg - ok

20:00:44.0987 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:00:44.0991 4604 PNRPsvc - ok

20:00:45.0023 4604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:00:45.0035 4604 PolicyAgent - ok

20:00:45.0068 4604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

20:00:45.0075 4604 Power - ok

20:00:45.0101 4604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:00:45.0106 4604 PptpMiniport - ok

20:00:45.0119 4604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

20:00:45.0123 4604 Processor - ok

20:00:45.0158 4604 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

20:00:45.0169 4604 ProfSvc - ok

20:00:45.0182 4604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:00:45.0185 4604 ProtectedStorage - ok

20:00:45.0201 4604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:00:45.0207 4604 Psched - ok

20:00:45.0245 4604 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

20:00:45.0249 4604 PxHlpa64 - ok

20:00:45.0289 4604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:00:45.0322 4604 ql2300 - ok

20:00:45.0330 4604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:00:45.0335 4604 ql40xx - ok

20:00:45.0356 4604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

20:00:45.0363 4604 QWAVE - ok

20:00:45.0375 4604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:00:45.0377 4604 QWAVEdrv - ok

20:00:45.0382 4604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:00:45.0384 4604 RasAcd - ok

20:00:45.0408 4604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:00:45.0411 4604 RasAgileVpn - ok

20:00:45.0424 4604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

20:00:45.0430 4604 RasAuto - ok

20:00:45.0449 4604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:00:45.0452 4604 Rasl2tp - ok

20:00:45.0464 4604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

20:00:45.0478 4604 RasMan - ok

20:00:45.0500 4604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:00:45.0505 4604 RasPppoe - ok

20:00:45.0522 4604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:00:45.0524 4604 RasSstp - ok

20:00:45.0539 4604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:00:45.0544 4604 rdbss - ok

20:00:45.0549 4604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

20:00:45.0551 4604 rdpbus - ok

20:00:45.0566 4604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:00:45.0568 4604 RDPCDD - ok

20:00:45.0591 4604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

20:00:45.0593 4604 RDPDR - ok

20:00:45.0616 4604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:00:45.0618 4604 RDPENCDD - ok

20:00:45.0633 4604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:00:45.0636 4604 RDPREFMP - ok

20:00:45.0668 4604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:00:45.0675 4604 RDPWD - ok

20:00:45.0701 4604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:00:45.0778 4604 rdyboost - ok

20:00:45.0807 4604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:00:45.0811 4604 RemoteAccess - ok

20:00:45.0832 4604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:00:45.0838 4604 RemoteRegistry - ok

20:00:45.0921 4604 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

20:00:45.0992 4604 RoxMediaDB12OEM - ok

20:00:46.0019 4604 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

20:00:46.0027 4604 RoxWatch12 - ok

20:00:46.0050 4604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:00:46.0054 4604 RpcEptMapper - ok

20:00:46.0076 4604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

20:00:46.0081 4604 RpcLocator - ok

20:00:46.0103 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

20:00:46.0118 4604 RpcSs - ok

20:00:46.0150 4604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:00:46.0154 4604 rspndr - ok

20:00:46.0175 4604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

20:00:46.0178 4604 s3cap - ok

20:00:46.0190 4604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

20:00:46.0193 4604 SamSs - ok

20:00:46.0210 4604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:00:46.0215 4604 sbp2port - ok

20:00:46.0233 4604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:00:46.0244 4604 SCardSvr - ok

20:00:46.0262 4604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:00:46.0266 4604 scfilter - ok

20:00:46.0301 4604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

20:00:46.0340 4604 Schedule - ok

20:00:46.0368 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

20:00:46.0369 4604 SCPolicySvc - ok

20:00:46.0397 4604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:00:46.0403 4604 SDRSVC - ok

20:00:46.0426 4604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:00:46.0430 4604 secdrv - ok

20:00:46.0449 4604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

20:00:46.0456 4604 seclogon - ok

20:00:46.0575 4604 [ F3D951071C624137430FE65A67541EF9 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe

20:00:46.0728 4604 SecureStorageService - ok

20:00:46.0744 4604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

20:00:46.0747 4604 SENS - ok

20:00:46.0765 4604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:00:46.0768 4604 SensrSvc - ok

20:00:46.0796 4604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:00:46.0800 4604 Serenum - ok

20:00:46.0825 4604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:00:46.0831 4604 Serial - ok

20:00:46.0849 4604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:00:46.0853 4604 sermouse - ok

20:00:46.0872 4604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

20:00:46.0881 4604 SessionEnv - ok

20:00:46.0888 4604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:00:46.0892 4604 sffdisk - ok

20:00:46.0897 4604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:00:46.0899 4604 sffp_mmc - ok

20:00:46.0906 4604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:00:46.0909 4604 sffp_sd - ok

20:00:46.0913 4604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:00:46.0915 4604 sfloppy - ok

20:00:46.0949 4604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:00:46.0962 4604 SharedAccess - ok

20:00:46.0980 4604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:00:46.0992 4604 ShellHWDetection - ok

20:00:47.0002 4604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

20:00:47.0007 4604 SiSRaid2 - ok

20:00:47.0014 4604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:00:47.0017 4604 SiSRaid4 - ok

20:00:47.0030 4604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:00:47.0032 4604 Smb - ok

20:00:47.0078 4604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:00:47.0084 4604 SNMPTRAP - ok

20:00:47.0103 4604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

20:00:47.0106 4604 spldr - ok

20:00:47.0133 4604 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

20:00:47.0151 4604 Spooler - ok

20:00:47.0229 4604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

20:00:47.0274 4604 sppsvc - ok

20:00:47.0289 4604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:00:47.0293 4604 sppuinotify - ok

20:00:47.0318 4604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

20:00:47.0323 4604 srv - ok

20:00:47.0339 4604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:00:47.0347 4604 srv2 - ok

20:00:47.0357 4604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:00:47.0361 4604 srvnet - ok

20:00:47.0395 4604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:00:47.0400 4604 SSDPSRV - ok

20:00:47.0410 4604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:00:47.0415 4604 SstpSvc - ok

20:00:47.0437 4604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

20:00:47.0440 4604 stexstor - ok

20:00:47.0485 4604 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

20:00:47.0488 4604 StillCam - ok

20:00:47.0527 4604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

20:00:47.0544 4604 stisvc - ok

20:00:47.0592 4604 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:00:47.0605 4604 stllssvr - ok

20:00:47.0629 4604 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

20:00:47.0636 4604 StorSvc - ok

20:00:47.0663 4604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

20:00:47.0666 4604 storvsc - ok

20:00:47.0681 4604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:00:47.0685 4604 swenum - ok

20:00:47.0717 4604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

20:00:47.0740 4604 swprv - ok

20:00:47.0754 4604 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys

20:00:47.0758 4604 SynthVid - ok

20:00:47.0802 4604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

20:00:47.0837 4604 SysMain - ok

20:00:47.0853 4604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:00:47.0858 4604 TabletInputService - ok

20:00:47.0874 4604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:00:47.0881 4604 TapiSrv - ok

20:00:47.0892 4604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

20:00:47.0896 4604 TBS - ok

20:00:47.0957 4604 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:00:47.0992 4604 Tcpip - ok

20:00:48.0041 4604 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:00:48.0058 4604 TCPIP6 - ok

20:00:48.0084 4604 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:00:48.0088 4604 tcpipreg - ok

20:00:48.0152 4604 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

20:00:48.0297 4604 tcsd_win32.exe - ok

20:00:48.0386 4604 [ 347D6407C90C0B6AC82F8249EBA9A482 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

20:00:48.0444 4604 TdmService - ok

20:00:48.0464 4604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:00:48.0467 4604 TDPIPE - ok

20:00:48.0504 4604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:00:48.0506 4604 TDTCP - ok

20:00:48.0533 4604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:00:48.0539 4604 tdx - ok

20:00:48.0559 4604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:00:48.0563 4604 TermDD - ok

20:00:48.0602 4604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

20:00:48.0628 4604 TermService - ok

20:00:48.0647 4604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

20:00:48.0654 4604 Themes - ok

20:00:48.0679 4604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

20:00:48.0682 4604 THREADORDER - ok

20:00:48.0698 4604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

20:00:48.0707 4604 TrkWks - ok

20:00:48.0750 4604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:00:48.0757 4604 TrustedInstaller - ok

20:00:48.0783 4604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:00:48.0892 4604 tssecsrv - ok

20:00:48.0911 4604 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:00:48.0913 4604 TsUsbFlt - ok

20:00:48.0927 4604 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

20:00:48.0929 4604 TsUsbGD - ok

20:00:48.0944 4604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:00:48.0947 4604 tunnel - ok

20:00:48.0964 4604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:00:48.0967 4604 uagp35 - ok

20:00:48.0985 4604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:00:48.0989 4604 udfs - ok

20:00:49.0006 4604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:00:49.0014 4604 UI0Detect - ok

20:00:49.0021 4604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:00:49.0025 4604 uliagpkx - ok

20:00:49.0042 4604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:00:49.0047 4604 umbus - ok

20:00:49.0064 4604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

20:00:49.0065 4604 UmPass - ok

20:00:49.0094 4604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

20:00:49.0100 4604 UmRdpService - ok

20:00:49.0119 4604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

20:00:49.0133 4604 upnphost - ok

20:00:49.0160 4604 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

20:00:49.0165 4604 USBAAPL64 - ok

20:00:49.0198 4604 [ 3FAF7E3545695D3AE0F2A11FCC01C1F1 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:00:49.0201 4604 usbccgp - ok

20:00:49.0210 4604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:00:49.0213 4604 usbcir - ok

20:00:49.0226 4604 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:00:49.0228 4604 usbehci - ok

20:00:49.0255 4604 [ 24FD746641704A5B37903CBD7A2814DA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:00:49.0266 4604 usbhub - ok

20:00:49.0279 4604 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:00:49.0282 4604 usbohci - ok

20:00:49.0298 4604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:00:49.0302 4604 usbprint - ok

20:00:49.0335 4604 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:00:49.0339 4604 usbscan - ok

20:00:49.0356 4604 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:00:49.0361 4604 USBSTOR - ok

20:00:49.0379 4604 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

20:00:49.0383 4604 usbuhci - ok

20:00:49.0417 4604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

20:00:49.0424 4604 UxSms - ok

20:00:49.0433 4604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

20:00:49.0438 4604 VaultSvc - ok

20:00:49.0452 4604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:00:49.0456 4604 vdrvroot - ok

20:00:49.0478 4604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

20:00:49.0503 4604 vds - ok

20:00:49.0521 4604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:00:49.0525 4604 vga - ok

20:00:49.0539 4604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

20:00:49.0543 4604 VgaSave - ok

20:00:49.0552 4604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:00:49.0559 4604 vhdmp - ok

20:00:49.0566 4604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

20:00:49.0570 4604 viaide - ok

20:00:49.0595 4604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

20:00:49.0598 4604 VMBusHID - ok

20:00:49.0613 4604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:00:49.0618 4604 volmgr - ok

20:00:49.0639 4604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:00:49.0647 4604 volmgrx - ok

20:00:49.0664 4604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:00:49.0673 4604 volsnap - ok

20:00:49.0693 4604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:00:49.0700 4604 vsmraid - ok

20:00:49.0749 4604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

20:00:49.0802 4604 VSS - ok

20:00:49.0815 4604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

20:00:49.0819 4604 vwifibus - ok

20:00:49.0840 4604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

20:00:49.0856 4604 W32Time - ok

20:00:49.0867 4604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:00:49.0871 4604 WacomPen - ok

20:00:49.0889 4604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:00:49.0894 4604 WANARP - ok

20:00:49.0900 4604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:00:49.0901 4604 Wanarpv6 - ok

20:00:49.0946 4604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:00:49.0982 4604 WatAdminSvc - ok

20:00:50.0024 4604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

20:00:50.0077 4604 wbengine - ok

20:00:50.0093 4604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:00:50.0100 4604 WbioSrvc - ok

20:00:50.0121 4604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:00:50.0130 4604 wcncsvc - ok

20:00:50.0141 4604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:00:50.0145 4604 WcsPlugInService - ok

20:00:50.0172 4604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

20:00:50.0174 4604 Wd - ok

20:00:50.0193 4604 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:00:50.0210 4604 Wdf01000 - ok

20:00:50.0222 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:00:50.0230 4604 WdiServiceHost - ok

20:00:50.0236 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:00:50.0241 4604 WdiSystemHost - ok

20:00:50.0255 4604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

20:00:50.0262 4604 WebClient - ok

20:00:50.0278 4604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:00:50.0285 4604 Wecsvc - ok

20:00:50.0299 4604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:00:50.0302 4604 wercplsupport - ok

20:00:50.0322 4604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

20:00:50.0326 4604 WerSvc - ok

20:00:50.0342 4604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:00:50.0344 4604 WfpLwf - ok

20:00:50.0360 4604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:00:50.0362 4604 WIMMount - ok

20:00:50.0374 4604 WinDefend - ok

20:00:50.0381 4604 WinHttpAutoProxySvc - ok

20:00:50.0418 4604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:00:50.0425 4604 Winmgmt - ok

20:00:50.0470 4604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

20:00:50.0534 4604 WinRM - ok

20:00:50.0586 4604 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

20:00:50.0588 4604 WinUsb - ok

20:00:50.0613 4604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

20:00:50.0640 4604 Wlansvc - ok

20:00:50.0691 4604 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:00:50.0696 4604 wlcrasvc - ok

20:00:50.0765 4604 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:00:50.0845 4604 wlidsvc - ok

20:00:50.0876 4604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

20:00:50.0878 4604 WmiAcpi - ok

20:00:50.0902 4604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:00:50.0908 4604 wmiApSrv - ok

20:00:50.0932 4604 WMPNetworkSvc - ok

20:00:50.0958 4604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:00:50.0965 4604 WPCSvc - ok

20:00:50.0983 4604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:00:50.0991 4604 WPDBusEnum - ok

20:00:51.0009 4604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:00:51.0013 4604 ws2ifsl - ok

20:00:51.0029 4604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

20:00:51.0037 4604 wscsvc - ok

20:00:51.0076 4604 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

20:00:51.0080 4604 WSDPrintDevice - ok

20:00:51.0086 4604 WSearch - ok

20:00:51.0161 4604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

20:00:51.0212 4604 wuauserv - ok

20:00:51.0230 4604 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:00:51.0233 4604 WudfPf - ok

20:00:51.0259 4604 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:00:51.0262 4604 WUDFRd - ok

20:00:51.0272 4604 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:00:51.0278 4604 wudfsvc - ok

20:00:51.0298 4604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

20:00:51.0311 4604 WwanSvc - ok

20:00:51.0322 4604 ================ Scan global ===============================

20:00:51.0363 4604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:00:51.0391 4604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

20:00:51.0417 4604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

20:00:51.0447 4604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:00:51.0482 4604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:00:51.0494 4604 [Global] - ok

20:00:51.0495 4604 ================ Scan MBR ==================================

20:00:51.0512 4604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:00:51.0714 4604 \Device\Harddisk0\DR0 - ok

20:00:51.0721 4604 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR2

20:00:53.0383 4604 \Device\Harddisk1\DR2 - ok

20:00:53.0383 4604 ================ Scan VBR ==================================

20:00:53.0385 4604 [ D7B99BAD13A90BB2F97560BA176D48A2 ] \Device\Harddisk0\DR0\Partition1

20:00:53.0386 4604 \Device\Harddisk0\DR0\Partition1 - ok

20:00:53.0390 4604 [ 439316294545F234F7FC19573674D1DE ] \Device\Harddisk0\DR0\Partition2

20:00:53.0391 4604 \Device\Harddisk0\DR0\Partition2 - ok

20:00:53.0396 4604 [ 24ABEE232E0204D9F149F8F9D28F955D ] \Device\Harddisk1\DR2\Partition1

20:00:53.0397 4604 \Device\Harddisk1\DR2\Partition1 - ok

20:00:53.0397 4604 ============================================================

20:00:53.0397 4604 Scan finished

20:00:53.0397 4604 ============================================================

20:00:53.0408 3808 Detected object count: 0

20:00:53.0408 3808 Actual detected object count: 0

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : kjw [Admin rights]

Mode : Scan -- Date : 09/18/2012 20:03:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

64.27.10.42 www.google-analytics.com.

64.27.10.42 ad-emea.doubleclick.net.

64.27.10.42 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++

--- User ---

[MBR] 587849e339b0478d5650725534eec6e8

[bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

and fyi, here's the eset report that ran earlier:

C:\ProgramData\LqZ6Q5P2qVqdWz.exe a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined

C:\ProgramData\OeeeIHmGxabi.exe a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined

C:\Users\kjw\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f4 HTML/ScrInject.B.Gen virus deleted - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\212B.tmp a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\C937.tmp a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\hfzNaUAVWHRsG1.exe.tmp a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\l0OVEZkZiEwL7V.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\UAC.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\Uninstall.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined

C:\Users\Shigematsu Insurance\AppData\Local\Temp\zZ9HbrtCxZq2LF.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined

I have a backup of the drive (removed, not booted) so I can recover these files if needed.

Link to post
Share on other sites

Do the following.

Step 1

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

<p> </p>

<div>RogueKiller V8.0.3 [09/13/2012] by Tigzy</div>

<div>mail: tigzyRK<at>gmail<dot>com</div>

<div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Blog: http://tigzyrk.blogspot.com</div>

<div> </div>

<div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>

<div>Started in : Normal mode</div>

<div>User : kjw [Admin rights]</div>

<div>Mode : Remove -- Date : 09/19/2012 17:21:24</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 3 ¤¤¤</div>

<div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ Infection :  ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\Windows\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div>::1             localhost</div>

<div>64.27.10.42 www.google-analytics.com.</div>

<div>64.27.10.42 ad-emea.doubleclick.net.</div>

<div>64.27.10.42 www.statcounter.com.</div>

<div>108.163.215.51 www.google-analytics.com.</div>

<div>108.163.215.51 ad-emea.doubleclick.net.</div>

<div>108.163.215.51 www.statcounter.com.</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++</div>

<div>--- User ---</div>

<div>[MBR] 587849e339b0478d5650725534eec6e8</div>

<div>[bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[2].txt >></div>

<div>RKreport[1].txt ; RKreport[2].txt</div>

<div> </div>

<div> </div>

<div>...</div>

<div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">C:\Windows\System32\drivers\etc>attrib -h -s -r hosts</strong></div>

<div>Access is denied</div>

<div> </div>

<div>I tried unhiding the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied.</div>

<div> </div>

<div>ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected."</div>

<div> </div>

<div>netsh winsock reset all</div>

<div>Access is denied.</div>

<div> </div>

<div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">netsh int ip reset resetlog.log</strong></div>

<div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Reseting Global, OK!</strong></div>

<div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Reseting Interface, OK!</strong></div>

<div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Restart the computer to complete this action.</strong></div>

<div><br />

(reboot initiated)</div>

<div> </div>

<div>do not have combofix.  </div>

<div> </div>

<div>rerun of malwarebytes shows host entries still present.  reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1</div>

<div> </div>

<div>system is still infected</div>

Link to post
Share on other sites

Make sure that wordwrap is OFF in NOTEPAD. Be sure you only use NOTEPAD to get to contents of logs/reports.

Start NOTEPAD. On Main menu, select Format

IF Word wrap is checked, click it once to clear the settings. Close Notepad.

Please proceed to what I listed for Steps 2 (the flush.bat steps) and Step 3 for Combofix. Go forward.

Your last reply was hard to read due to the extra formatting garbage.

What do you mean on Combofix ? Did you run it ? Did it finish ?

If you ran it, look closely for a log named C:\combofix.txt and Copy and Paste the contents into a reply.

IF you have Spybot S & D on this system, make sure that Tea Timer is OFF.

P.S. Do not use Wordpad or Word to look or copy the logs/reports. Only NOTEPAD

Edited by Maurice Naggar
Link to post
Share on other sites

<p>RogueKiller V8.0.3 [09/13/2012] by Tigzy<br />

mail: tigzyRK<at>gmail<dot>com<br />

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/<br />

Blog: http://tigzyrk.blogspot.com</p>

<p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version<br />

Started in : Normal mode<br />

User : kjw [Admin rights]<br />

Mode : Remove -- Date : 09/19/2012 17:21:24</p>

<p>¤¤¤ Bad processes : 0 ¤¤¤</p>

<p>¤¤¤ Registry Entries : 3 ¤¤¤<br />

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)<br />

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)<br />

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</p>

<p>¤¤¤ Particular Files / Folders: ¤¤¤</p>

<p>¤¤¤ Driver : [NOT LOADED] ¤¤¤</p>

<p>¤¤¤ Infection :  ¤¤¤</p>

<p>¤¤¤ HOSTS File: ¤¤¤<br />

--> C:\Windows\system32\drivers\etc\hosts</p>

<p>127.0.0.1       localhost<br />

::1             localhost<br />

64.27.10.42 www.google-analytics.com.<br />

64.27.10.42 ad-emea.doubleclick.net.<br />

64.27.10.42 www.statcounter.com.<br />

108.163.215.51 www.google-analytics.com.<br />

108.163.215.51 ad-emea.doubleclick.net.<br />

108.163.215.51 www.statcounter.com.</p>

<p><br />

¤¤¤ MBR Check: ¤¤¤</p>

<p>+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++<br />

--- User ---<br />

[MBR] 587849e339b0478d5650725534eec6e8<br />

[bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code<br />

Partition table:<br />

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo<br />

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo<br />

User = LL1 ... OK!<br />

User = LL2 ... OK!</p>

<p>Finished : << RKreport[3].txt >><br />

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt</p>

<br />

<p><br />

C:\Windows\System32\drivers\etc>attrib -h -s -r hosts<br />

Access is denied<br />

<br />

Attempts to unhide the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied.</p>

<p> </p>

<p> </p>

<p>ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected."</p>

<p>(which is correct, it's not plugged into the network, but I ran all the commands anyways)</p>

<p> </p>

<p>netsh winsock reset all</div><br />

Access is denied.</div><br />

<br />

netsh int ip reset resetlog.log</strong></div><br />

Reseting Global, OK!<br />

Reseting Interface, OK!<br />

Restart the computer to complete this action.<br />

<br />

(reboot initiated)<br />

<br />

I do not have combofix.<br />

<br />

rerun of malwarebytes shows host entries still present.  reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1.  I attached the disk to a separate computer, and the hosts file only contains two entries for localhost.  The insertion of the fakehosts is not happening via the file.</p>

<div><br />

<br />

system is still infected</div>

Link to post
Share on other sites

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : kjw [Admin rights]

Mode : Remove -- Date : 09/19/2012 17:21:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

64.27.10.42 www.google-analytics.com.

64.27.10.42 ad-emea.doubleclick.net.

64.27.10.42 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++

--- User ---

[MBR] 587849e339b0478d5650725534eec6e8

[bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Link to post
Share on other sites

C:\Windows\System32\drivers\etc>attrib -h -s -r hosts

Access is denied

Attempts to unhide the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied.

ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected."

(which is correct, it's not plugged into the network, but I ran all the commands anyways)

netsh winsock reset all

Access is denied.

netsh int ip reset resetlog.log

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

(reboot performed)

I do not have combofix

rerun of malwarebytes shows host entries still present. reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1. I attached the disk to a separate computer, and the hosts file only contains two entries for localhost. The insertion of the fakehosts is not happening via the file.

system is still infected

Link to post
Share on other sites

Reminder:

Do not attach any logs, or reports. Always Copy & Paste the log or report inside main-body of reply-box.

Use separate individual replies if you wish.

do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

2

Using IE (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

:excl: When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply. :excl:

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

4

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Also, confirm for me that you are running Windows 7 ( and not Windows 8 )

Link to post
Share on other sites

OK. I wish you well.

Safer practices & malware prevention

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.