Solved Delayed write failed virus removed?

A

akaGizmo

Posts: 26   +0
I tried removing with MBAM, Superantispyware, MSE --thought I had a clean system, but Internet Explorer randomly launches itself to strange sites.

BTW: I am doing this remote, using TeamViewer

I followed the 5-Step instructions (except disconnecting from the Internet).

gmer found nothing; mbam.log, dds and attach.txt to follow


I hope someone can help.

Thanks in advance!
 
mbam.log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Kelli :: KRIS-PC [administrator]

3/22/2012 9:46:59 AM
mbam-log-2012-03-22 (09-46-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218173
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Kelli at 10:11:45 on 2012-03-22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2068 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
C:\Windows\system32\taskeng.exe
c:\program files\teamviewer\version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080730
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\~disab~1\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://wmtss1.wcsu.edu/auth/taweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{9F7136FC-BD10-40C5-BB3A-A09C78481805} : DhcpNameServer = 167.206.251.130 167.206.251.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kelli\appdata\roaming\mozilla\firefox\profiles\l79wd44r.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla337b3e9;MpKsla337b3e9;c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\MpKsla337b3e9.sys [2012-3-22 29904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-30 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2012-3-20 2337144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-8 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-30 111616]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 pxldqpoc;pxldqpoc;c:\users\kelli\appdata\local\temp\pxldqpoc.sys [2012-3-22 100864]
S2 0029071332293059mcinstcleanup;McAfee Application Installer Cleanup (0029071332293059);c:\users\kelli\appdata\local\temp\002907~1.exe -cleanup -nolog --> c:\users\kelli\appdata\local\temp\002907~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-22 14:08:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\MpKsla337b3e9.sys
2012-03-22 13:45:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:45:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-22 12:33:02 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4040a0ce-c292-406e-9eea-195731fd7168}\gapaengine.dll
2012-03-22 12:32:51 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\mpengine.dll
2012-03-22 12:30:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 05:03:37 -------- d-----w- c:\users\kelli\appdata\roaming\SUPERAntiSpyware.com
2012-03-21 05:02:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 02:07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 02:04:16 -------- d-----w- c:\program files\WOT
2012-03-21 01:49:40 -------- d-----w- c:\users\kelli\appdata\local\Adobe
2012-03-21 01:24:33 -------- d-----w- c:\users\kelli\appdata\local\Mozilla
2012-03-21 01:14:27 -------- d-----w- c:\users\kelli\appdata\local\Stardock_Corporation
2012-03-21 01:14:11 -------- d-----w- c:\users\kelli\appdata\local\AIM Toolbar
2012-03-21 01:12:14 -------- d-----w- c:\users\kelli\appdata\roaming\Intel
2012-03-21 01:08:47 -------- d-----w- c:\users\kelli\appdata\local\KodakGallery
2012-03-21 01:06:23 -------- d-----w- c:\users\kelli\appdata\local\Apple Computer
2012-03-21 01:06:13 -------- d-----w- c:\users\kelli\appdata\local\MediaDirect
2012-03-21 01:06:12 -------- d-----w- c:\users\kelli\appdata\local\Google
2012-03-21 01:05:52 -------- d-----w- c:\users\kelli\appdata\local\SupportSoft
2012-03-21 01:05:50 -------- d-----w- c:\users\kelli\appdata\local\Symantec
2012-03-21 01:05:01 -------- d-----w- c:\users\kelli\appdata\roaming\Dell
2012-03-21 01:04:18 -------- d-----w- c:\users\kelli\appdata\local\VirtualStore
2012-03-20 23:36:31 -------- d-----w- c:\users\kelli\appdata\roaming\Malwarebytes
2012-03-20 23:30:13 -------- d-----w- c:\program files\CCleaner
2012-03-20 23:02:22 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 22:25:39 -------- d-----w- C:\usr
2012-03-20 22:22:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6064ebb1-a048-460c-94d3-dea32612088f}\mpengine.dll
2012-03-20 21:54:29 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:18:56.07 ===============
 
Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/30/2008 9:13:08 AM
System Uptime: 3/22/2012 9:39:36 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 59.377 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.424 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 7
AIM MusicLink 4.0.0.0
AIM Toolbar
Aleks 3.14
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
BufferChm
C4400
C4400_Help
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX210 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Copy
CustomerResearchQFolder
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Download Updater (AOL LLC)
EarthLink Setup Files
EDocs
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
FlipShare
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Works
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 11.0 (x86 en-US)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
netbrdg
NetWaiting
NetZeroInstallers
Notifier
OCR Software by I.R.I.S. 10.0
OfotoXMI
OGA Notifier 2.0.0048.0
ooVoo
OutlookAddinSetup
PanoStandAlone
PCDADDIN
PCDHELP
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SFR
SHASTA
Shop for HP Supplies
SKIN0001
SKINXSDK
Skype Toolbars
Skype™ 5.3
SmartWebPrintingOC
Snood 4
SolutionCenter
staticcr
Status
TeamViewer 6
Toolbox
tooltips
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
VideoToolkit01
Viewpoint Media Player
VPRINTOL
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WIRELESS
WOT for Internet Explorer
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
3/22/2012 9:12:03 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/22/2012 8:19:46 AM, Error: EventLog [6008] - The previous system shutdown at 8:17:40 AM on 3/22/2012 was unexpected.
3/21/2012 8:05:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/20/2012 9:46:31 PM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
3/20/2012 9:44:28 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/20/2012 9:44:14 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/20/2012 11:58:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.2.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/20/2012 10:16:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/20/2012 10:16:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/20/2012 10:16:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/20/2012 10:16:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/20/2012 10:15:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/20/2012 10:15:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/20/2012 10:15:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
3/20/2012 10:15:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2012 10:15:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR.exe isn't working. After I open it, and choose "allow", nothing happens. I tried running as Administrator and even in safe mode --nothing
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`73800000

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
ListParts by Farbar Version: 12-03-2012 03
Ran by Kelli (administrator) on 22-03-2012 at 22:25:19
Windows Vista (X86)
Running From: C:\Users\Kelli\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 3573.12 MB
Available physical RAM: 2255.5 MB
Total Pagefile: 7332 MB
Available Pagefile: 6145.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:58.94 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 221 GB 10 GB
Partition 0 Extended 2559 MB 230 GB
Partition 4 Logical 2558 MB 230 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 221 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******
 
That looks fine.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
TDSSFix tool has a repair button, should I press it?

(BTW: aswMBR just launched...i'll scan and post results)
 
FYI: ...while scanning, Microsoft Security Essentials had a pop-up "detected 1 potential threat and suspended it. Click clean computer to remove this threat"
 
aswMBR.txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 23:25:51
-----------------------------
23:25:51.536 OS Version: Windows 6.0.6001 Service Pack 1
23:25:51.536 Number of processors: 2 586 0xF0D
23:25:51.536 ComputerName: KRIS-PC UserName: Kelli
23:26:26.246 Initialize success
23:27:18.199 AVAST engine defs: 12032000
23:28:29.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:28:29.618 Disk 0 Vendor: WDC_WD25 01.0 Size: 0MB BusType: 3
23:28:29.618 Disk 0 MBR read successfully
23:28:29.634 Disk 0 MBR scan
23:28:29.665 Disk 0 unknown MBR code
23:28:29.665 Disk 0 MBR hidden
23:28:29.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:28:29.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
23:28:29.759 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
23:28:29.805 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
23:28:29.821 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
23:28:30.117 Disk 0 scanning sectors +488394752
23:28:30.227 Disk 0 scanning C:\Windows\system32\drivers
23:28:59.708 Service scanning
23:29:25.516 Service MpKsl1ba73dea c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl1ba73dea.sys **LOCKED** 32
23:29:25.641 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:29:55.221 Modules scanning
23:30:00.744 Disk 0 trace - called modules:
23:30:00.759
23:30:02.506 AVAST engine scan C:\Windows
23:30:07.155 AVAST engine scan C:\Windows\system32
23:36:07.361 AVAST engine scan C:\Windows\system32\drivers
23:36:42.433 AVAST engine scan C:\Users\Kelli
23:37:44.225 Disk 0 MBR has been saved successfully to "C:\Users\Kelli\Desktop\MBR.dat"
23:37:44.756 The log file has been saved successfully to "C:\Users\Kelli\Desktop\aswMBR.txt"
 
FYI: Microsoft Security Essentials now said "To complete the cleanup, you'll need to restart your computer"


Should I restart anyway?

Run TDSSKiller?
 
00:09:33.0422 1484 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
00:09:33.0688 1484 ============================================================
00:09:33.0688 1484 Current date / time: 2012/03/23 00:09:33.0688
00:09:33.0688 1484 SystemInfo:
00:09:33.0688 1484
00:09:33.0688 1484 OS Version: 6.0.6001 ServicePack: 1.0
00:09:33.0688 1484 Product type: Workstation
00:09:33.0688 1484 ComputerName: KRIS-PC
00:09:33.0688 1484 UserName: Kelli
00:09:33.0688 1484 Windows directory: C:\Windows
00:09:33.0688 1484 System windows directory: C:\Windows
00:09:33.0688 1484 Processor architecture: Intel x86
00:09:33.0688 1484 Number of processors: 2
00:09:33.0688 1484 Page size: 0x1000
00:09:33.0688 1484 Boot type: Normal boot
00:09:33.0688 1484 ============================================================
00:09:35.0092 1484 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:09:35.0123 1484 \Device\Harddisk0\DR0:
00:09:35.0123 1484 MBR used
00:09:35.0123 1484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
00:09:35.0123 1484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
00:09:35.0341 1484 Initialize success
00:09:35.0341 1484 ============================================================
00:09:40.0677 1300 ============================================================
00:09:40.0677 1300 Scan started
00:09:40.0677 1300 Mode: Manual;
00:09:40.0677 1300 ============================================================
00:09:41.0099 1300 0029071332293059mcinstcleanup - ok
00:09:41.0223 1300 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
00:09:41.0239 1300 ACPI - ok
00:09:41.0379 1300 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:09:41.0395 1300 adp94xx - ok
00:09:41.0489 1300 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:09:41.0504 1300 adpahci - ok
00:09:41.0551 1300 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:09:41.0551 1300 adpu160m - ok
00:09:41.0582 1300 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:09:41.0598 1300 adpu320 - ok
00:09:41.0645 1300 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:09:41.0660 1300 AeLookupSvc - ok
00:09:41.0707 1300 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
00:09:41.0707 1300 AESTFilters - ok
00:09:41.0801 1300 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
00:09:41.0816 1300 AFD - ok
00:09:41.0894 1300 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:09:41.0894 1300 agp440 - ok
00:09:41.0925 1300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:09:41.0941 1300 aic78xx - ok
00:09:41.0988 1300 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:09:41.0988 1300 ALG - ok
00:09:42.0019 1300 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:09:42.0019 1300 aliide - ok
00:09:42.0097 1300 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:09:42.0113 1300 amdagp - ok
00:09:42.0159 1300 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:09:42.0159 1300 amdide - ok
00:09:42.0191 1300 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:09:42.0191 1300 AmdK7 - ok
00:09:42.0237 1300 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:09:42.0237 1300 AmdK8 - ok
00:09:42.0300 1300 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:09:42.0300 1300 ApfiltrService - ok
00:09:42.0378 1300 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:09:42.0378 1300 Appinfo - ok
00:09:42.0518 1300 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:09:42.0534 1300 Apple Mobile Device - ok
00:09:42.0721 1300 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:09:42.0721 1300 arc - ok
00:09:42.0768 1300 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:09:42.0768 1300 arcsas - ok
00:09:42.0815 1300 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:42.0815 1300 AsyncMac - ok
00:09:42.0846 1300 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
00:09:42.0846 1300 atapi - ok
00:09:43.0017 1300 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
00:09:43.0017 1300 AudioEndpointBuilder - ok
00:09:43.0049 1300 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
00:09:43.0064 1300 Audiosrv - ok
00:09:43.0142 1300 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:09:43.0142 1300 Beep - ok
00:09:43.0236 1300 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
00:09:43.0251 1300 BFE - ok
00:09:43.0345 1300 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
00:09:43.0376 1300 BITS - ok
00:09:43.0423 1300 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:09:43.0423 1300 blbdrive - ok
00:09:43.0548 1300 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
00:09:43.0563 1300 Bonjour Service - ok
00:09:43.0704 1300 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
00:09:43.0704 1300 bowser - ok
00:09:43.0782 1300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:09:43.0782 1300 BrFiltLo - ok
00:09:43.0829 1300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:09:43.0829 1300 BrFiltUp - ok
00:09:43.0875 1300 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:09:43.0875 1300 Browser - ok
00:09:43.0922 1300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:09:43.0922 1300 Brserid - ok
00:09:43.0969 1300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:09:43.0969 1300 BrSerWdm - ok
00:09:44.0016 1300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:09:44.0016 1300 BrUsbMdm - ok
00:09:44.0078 1300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:09:44.0078 1300 BrUsbSer - ok
00:09:44.0125 1300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:09:44.0125 1300 BTHMODEM - ok
00:09:44.0172 1300 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:09:44.0172 1300 cdfs - ok
00:09:44.0219 1300 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
00:09:44.0219 1300 cdrom - ok
00:09:44.0281 1300 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
00:09:44.0281 1300 CertPropSvc - ok
00:09:44.0312 1300 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:09:44.0312 1300 circlass - ok
00:09:44.0359 1300 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
00:09:44.0359 1300 CLFS - ok
00:09:44.0484 1300 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:09:44.0484 1300 clr_optimization_v2.0.50727_32 - ok
00:09:44.0593 1300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:09:44.0593 1300 clr_optimization_v4.0.30319_32 - ok
00:09:44.0687 1300 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:09:44.0687 1300 CmBatt - ok
00:09:44.0733 1300 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:09:44.0733 1300 cmdide - ok
00:09:44.0749 1300 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:09:44.0749 1300 Compbatt - ok
00:09:44.0765 1300 COMSysApp - ok
00:09:44.0780 1300 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:09:44.0796 1300 crcdisk - ok
00:09:44.0889 1300 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:09:44.0889 1300 Crusoe - ok
00:09:44.0983 1300 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
00:09:44.0983 1300 CryptSvc - ok
00:09:45.0077 1300 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
00:09:45.0108 1300 DcomLaunch - ok
00:09:45.0217 1300 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
00:09:45.0217 1300 DfsC - ok
00:09:45.0357 1300 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
00:09:45.0435 1300 DFSR - ok
00:09:45.0529 1300 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
00:09:45.0529 1300 Dhcp - ok
00:09:45.0638 1300 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
00:09:45.0638 1300 disk - ok
00:09:45.0716 1300 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
00:09:45.0716 1300 Dnscache - ok
00:09:45.0810 1300 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
00:09:45.0810 1300 DockLoginService - ok
00:09:45.0888 1300 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
00:09:45.0903 1300 dot3svc - ok
00:09:46.0059 1300 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
00:09:46.0059 1300 Dot4 - ok
00:09:46.0075 1300 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:09:46.0075 1300 Dot4Print - ok
00:09:46.0122 1300 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
00:09:46.0122 1300 dot4usb - ok
00:09:46.0169 1300 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:09:46.0184 1300 DPS - ok
00:09:46.0231 1300 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:09:46.0231 1300 drmkaud - ok
00:09:46.0309 1300 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
00:09:46.0325 1300 DXGKrnl - ok
00:09:46.0403 1300 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
00:09:46.0403 1300 e1express - ok
00:09:46.0465 1300 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:09:46.0465 1300 E1G60 - ok
00:09:46.0543 1300 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:09:46.0559 1300 EapHost - ok
00:09:46.0621 1300 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
00:09:46.0621 1300 Ecache - ok
00:09:46.0839 1300 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:09:46.0855 1300 ehRecvr - ok
00:09:46.0886 1300 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:09:46.0886 1300 ehSched - ok
00:09:46.0917 1300 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:09:46.0917 1300 ehstart - ok
00:09:47.0011 1300 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:09:47.0027 1300 elxstor - ok
00:09:47.0089 1300 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
00:09:47.0120 1300 EMDMgmt - ok
00:09:47.0151 1300 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:09:47.0151 1300 ErrDev - ok
00:09:47.0214 1300 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
00:09:47.0214 1300 EventSystem - ok
00:09:47.0292 1300 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:09:47.0448 1300 EvtEng - ok
00:09:47.0541 1300 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
00:09:47.0541 1300 exfat - ok
00:09:47.0619 1300 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
00:09:47.0619 1300 fastfat - ok
00:09:47.0651 1300 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:09:47.0651 1300 fdc - ok
00:09:47.0682 1300 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:09:47.0682 1300 fdPHost - ok
00:09:47.0713 1300 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:09:47.0713 1300 FDResPub - ok
00:09:47.0760 1300 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:09:47.0760 1300 FileInfo - ok
00:09:47.0791 1300 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:09:47.0838 1300 Filetrace - ok
00:09:48.0259 1300 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
00:09:48.0275 1300 FlipShare Service - ok
00:09:48.0665 1300 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
00:09:48.0930 1300 FlipShareServer - ok
00:09:49.0195 1300 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:09:49.0195 1300 flpydisk - ok
00:09:49.0257 1300 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
00:09:49.0257 1300 FltMgr - ok
00:09:49.0351 1300 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:09:49.0351 1300 FontCache3.0.0.0 - ok
00:09:49.0398 1300 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:09:49.0398 1300 Fs_Rec - ok
00:09:49.0445 1300 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:09:49.0445 1300 gagp30kx - ok
00:09:49.0491 1300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:09:49.0491 1300 GEARAspiWDM - ok
00:09:49.0569 1300 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
00:09:49.0585 1300 gpsvc - ok
00:09:49.0710 1300 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:09:49.0710 1300 gupdate - ok
00:09:49.0741 1300 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:09:49.0757 1300 gupdatem - ok
00:09:49.0881 1300 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:09:49.0881 1300 HDAudBus - ok
00:09:49.0913 1300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:09:49.0928 1300 HidBth - ok
00:09:49.0944 1300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:09:49.0959 1300 HidIr - ok
00:09:50.0069 1300 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
00:09:50.0069 1300 hidserv - ok
00:09:50.0147 1300 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
00:09:50.0147 1300 HidUsb - ok
00:09:50.0193 1300 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:09:50.0209 1300 hkmsvc - ok
00:09:50.0240 1300 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:09:50.0240 1300 HpCISSs - ok
00:09:50.0381 1300 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:09:50.0646 1300 hpqcxs08 - ok
00:09:50.0880 1300 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:09:50.0880 1300 hpqddsvc - ok
00:09:51.0051 1300 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:09:51.0083 1300 HSF_DPV - ok
00:09:51.0129 1300 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:09:51.0129 1300 HSXHWAZL - ok
00:09:51.0192 1300 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
00:09:51.0192 1300 HTTP - ok
00:09:51.0270 1300 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:09:51.0270 1300 i2omp - ok
00:09:51.0332 1300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:09:51.0348 1300 i8042prt - ok
00:09:51.0504 1300 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
00:09:51.0519 1300 IAANTMON - ok
00:09:51.0660 1300 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
00:09:51.0660 1300 iaStor - ok
00:09:51.0769 1300 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:09:51.0769 1300 iaStorV - ok
00:09:51.0878 1300 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:09:51.0909 1300 idsvc - ok
00:09:52.0081 1300 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:09:52.0159 1300 igfx - ok
00:09:52.0206 1300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:09:52.0206 1300 iirsp - ok
00:09:52.0268 1300 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
00:09:52.0299 1300 IKEEXT - ok
00:09:52.0346 1300 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
00:09:52.0362 1300 IntcHdmiAddService - ok
00:09:52.0409 1300 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
00:09:52.0409 1300 intelide - ok
00:09:52.0471 1300 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:09:52.0471 1300 intelppm - ok
00:09:52.0518 1300 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:09:52.0518 1300 IPBusEnum - ok
00:09:52.0565 1300 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:09:52.0565 1300 IpFilterDriver - ok
00:09:52.0611 1300 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
00:09:52.0611 1300 iphlpsvc - ok
00:09:52.0627 1300 IpInIp - ok
00:09:52.0658 1300 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:09:52.0658 1300 IPMIDRV - ok
00:09:52.0689 1300 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:09:52.0689 1300 IPNAT - ok
00:09:52.0783 1300 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
00:09:52.0814 1300 iPod Service - ok
00:09:52.0845 1300 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:09:52.0845 1300 IRENUM - ok
00:09:52.0892 1300 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:09:52.0892 1300 isapnp - ok
00:09:52.0923 1300 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
00:09:52.0939 1300 iScsiPrt - ok
00:09:52.0955 1300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:09:52.0955 1300 iteatapi - ok
00:09:53.0001 1300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:09:53.0001 1300 iteraid - ok
00:09:53.0033 1300 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:09:53.0033 1300 kbdclass - ok
00:09:53.0064 1300 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
00:09:53.0064 1300 kbdhid - ok
00:09:53.0126 1300 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
00:09:53.0126 1300 KeyIso - ok
00:09:53.0173 1300 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
00:09:53.0189 1300 KSecDD - ok
00:09:53.0235 1300 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:09:53.0251 1300 KtmRm - ok
00:09:53.0313 1300 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
00:09:53.0313 1300 LanmanServer - ok
00:09:53.0376 1300 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
00:09:53.0376 1300 LanmanWorkstation - ok
00:09:53.0547 1300 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
00:09:53.0657 1300 LiveUpdate - ok
00:09:53.0781 1300 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:09:53.0781 1300 lltdio - ok
00:09:53.0859 1300 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:09:53.0875 1300 lltdsvc - ok
00:09:53.0891 1300 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:09:53.0891 1300 lmhosts - ok
00:09:53.0953 1300 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:09:53.0953 1300 LSI_FC - ok
00:09:53.0984 1300 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:09:53.0984 1300 LSI_SAS - ok
00:09:54.0031 1300 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:09:54.0031 1300 LSI_SCSI - ok
00:09:54.0062 1300 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:09:54.0078 1300 luafv - ok
00:09:54.0109 1300 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:09:54.0109 1300 Mcx2Svc - ok
00:09:54.0140 1300 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:09:54.0156 1300 mdmxsdk - ok
00:09:54.0171 1300 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:09:54.0187 1300 megasas - ok
00:09:54.0234 1300 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:09:54.0234 1300 MegaSR - ok
00:09:54.0312 1300 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:09:54.0312 1300 Microsoft Office Groove Audit Service - ok
00:09:54.0421 1300 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:09:54.0421 1300 MMCSS - ok
00:09:54.0515 1300 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:09:54.0515 1300 Modem - ok
00:09:54.0561 1300 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:09:54.0561 1300 monitor - ok
00:09:54.0593 1300 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:09:54.0593 1300 mouclass - ok
00:09:54.0624 1300 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:09:54.0624 1300 mouhid - ok
00:09:54.0655 1300 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:09:54.0671 1300 MountMgr - ok
00:09:54.0749 1300 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
00:09:54.0749 1300 MpFilter - ok
00:09:54.0795 1300 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:09:54.0795 1300 mpio - ok
00:09:55.0123 1300 MpKsl25625841 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl25625841.sys
00:09:55.0139 1300 MpKsl25625841 - ok
00:09:55.0295 1300 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:09:55.0295 1300 MpNWMon - ok
00:09:55.0373 1300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:09:55.0373 1300 mpsdrv - ok
00:09:55.0435 1300 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
00:09:55.0451 1300 MpsSvc - ok
00:09:55.0513 1300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:09:55.0513 1300 Mraid35x - ok
00:09:55.0529 1300 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
00:09:55.0544 1300 MRxDAV - ok
00:09:55.0607 1300 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:09:55.0607 1300 mrxsmb - ok
00:09:55.0654 1300 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:09:55.0654 1300 mrxsmb10 - ok
00:09:55.0717 1300 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:09:55.0717 1300 mrxsmb20 - ok
00:09:55.0748 1300 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:09:55.0748 1300 msahci - ok
00:09:55.0795 1300 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:09:55.0795 1300 msdsm - ok
00:09:55.0842 1300 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:09:55.0857 1300 MSDTC - ok
00:09:55.0888 1300 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:09:55.0904 1300 Msfs - ok
00:09:55.0935 1300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:09:55.0935 1300 msisadrv - ok
00:09:55.0998 1300 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:09:55.0998 1300 MSiSCSI - ok
00:09:56.0013 1300 msiserver - ok
00:09:56.0060 1300 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:09:56.0060 1300 MSKSSRV - ok
00:09:56.0263 1300 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:09:56.0263 1300 MsMpSvc - ok
00:09:56.0278 1300 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:09:56.0278 1300 MSPCLOCK - ok
00:09:56.0310 1300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:09:56.0310 1300 MSPQM - ok
00:09:56.0341 1300 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
00:09:56.0341 1300 MsRPC - ok
00:09:56.0372 1300 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:09:56.0372 1300 mssmbios - ok
00:09:56.0419 1300 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:09:56.0419 1300 MSTEE - ok
00:09:56.0450 1300 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
00:09:56.0466 1300 Mup - ok
00:09:56.0512 1300 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
00:09:56.0528 1300 napagent - ok
00:09:56.0590 1300 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
00:09:56.0590 1300 NativeWifiP - ok
00:09:56.0653 1300 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
00:09:56.0668 1300 NDIS - ok
00:09:56.0715 1300 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:09:56.0715 1300 NdisTapi - ok
00:09:56.0762 1300 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:09:56.0762 1300 Ndisuio - ok
00:09:56.0793 1300 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:56.0793 1300 NdisWan - ok
00:09:56.0840 1300 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:09:56.0840 1300 NDProxy - ok
00:09:56.0887 1300 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
00:09:56.0902 1300 Net Driver HPZ12 - ok
00:09:56.0918 1300 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:09:56.0918 1300 NetBIOS - ok
00:09:56.0949 1300 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
00:09:56.0965 1300 netbt - ok
00:09:57.0012 1300 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
00:09:57.0012 1300 Netlogon - ok
00:09:57.0058 1300 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:09:57.0074 1300 Netman - ok
00:09:57.0136 1300 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:09:57.0152 1300 netprofm - ok
00:09:57.0214 1300 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:09:57.0214 1300 NetTcpPortSharing - ok
00:09:57.0448 1300 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
00:09:57.0526 1300 NETw4v32 - ok
00:09:57.0698 1300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:09:57.0760 1300 nfrd960 - ok
00:09:57.0948 1300 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:09:57.0963 1300 NisDrv - ok
00:09:58.0166 1300 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:09:58.0182 1300 NisSrv - ok
00:09:58.0275 1300 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:09:58.0291 1300 NlaSvc - ok
00:09:58.0369 1300 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
00:09:58.0369 1300 Npfs - ok
00:09:58.0416 1300 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:09:58.0416 1300 nsi - ok
00:09:58.0447 1300 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:09:58.0462 1300 nsiproxy - ok
00:09:58.0525 1300 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
 
00:09:58.0572 1300 Ntfs - ok
00:09:58.0603 1300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:09:58.0603 1300 ntrigdigi - ok
00:09:58.0634 1300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:09:58.0634 1300 Null - ok
00:09:58.0681 1300 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:09:58.0681 1300 nvraid - ok
00:09:58.0712 1300 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:09:58.0712 1300 nvstor - ok
00:09:58.0743 1300 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:09:58.0759 1300 nv_agp - ok
00:09:58.0774 1300 NwlnkFlt - ok
00:09:58.0790 1300 NwlnkFwd - ok
00:09:58.0962 1300 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:09:58.0977 1300 odserv - ok
00:09:59.0102 1300 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
00:09:59.0118 1300 OEM02Dev - ok
00:09:59.0164 1300 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
00:09:59.0164 1300 OEM02Vfx - ok
00:09:59.0211 1300 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
00:09:59.0211 1300 ohci1394 - ok
00:09:59.0336 1300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:09:59.0336 1300 ose - ok
00:09:59.0461 1300 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
00:09:59.0492 1300 p2pimsvc - ok
00:09:59.0508 1300 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
00:09:59.0523 1300 p2psvc - ok
00:09:59.0648 1300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:09:59.0648 1300 Parport - ok
00:09:59.0679 1300 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
00:09:59.0679 1300 partmgr - ok
00:09:59.0710 1300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:09:59.0710 1300 Parvdm - ok
00:09:59.0757 1300 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:09:59.0773 1300 PcaSvc - ok
00:09:59.0804 1300 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
00:09:59.0804 1300 pci - ok
00:09:59.0835 1300 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:09:59.0835 1300 pciide - ok
00:09:59.0929 1300 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:09:59.0929 1300 pcmcia - ok
00:10:00.0022 1300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:10:00.0054 1300 PEAUTH - ok
00:10:00.0194 1300 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:10:00.0272 1300 pla - ok
00:10:00.0319 1300 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
00:10:00.0334 1300 PlugPlay - ok
00:10:00.0397 1300 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
00:10:00.0397 1300 Pml Driver HPZ12 - ok
00:10:00.0459 1300 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
00:10:00.0475 1300 PNRPAutoReg - ok
00:10:00.0522 1300 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
00:10:00.0537 1300 PNRPsvc - ok
00:10:00.0600 1300 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
00:10:00.0615 1300 PolicyAgent - ok
00:10:00.0662 1300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:00.0678 1300 PptpMiniport - ok
00:10:00.0709 1300 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:10:00.0724 1300 Processor - ok
00:10:00.0771 1300 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
00:10:00.0771 1300 ProfSvc - ok
00:10:00.0834 1300 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
00:10:00.0834 1300 ProtectedStorage - ok
00:10:00.0880 1300 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
00:10:00.0880 1300 PSched - ok
00:10:00.0912 1300 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
00:10:00.0912 1300 PxHelp20 - ok
00:10:00.0990 1300 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:10:01.0036 1300 ql2300 - ok
00:10:01.0068 1300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:10:01.0068 1300 ql40xx - ok
00:10:01.0114 1300 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:10:01.0114 1300 QWAVE - ok
00:10:01.0146 1300 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:10:01.0146 1300 QWAVEdrv - ok
00:10:01.0239 1300 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:10:01.0333 1300 R300 - ok
00:10:01.0380 1300 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:01.0380 1300 RasAcd - ok
00:10:01.0426 1300 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:10:01.0426 1300 RasAuto - ok
00:10:01.0458 1300 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:01.0458 1300 Rasl2tp - ok
00:10:01.0489 1300 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
00:10:01.0504 1300 RasMan - ok
00:10:01.0536 1300 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:01.0536 1300 RasPppoe - ok
00:10:01.0567 1300 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:01.0567 1300 RasSstp - ok
00:10:01.0614 1300 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:01.0645 1300 rdbss - ok
00:10:01.0707 1300 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:01.0707 1300 RDPCDD - ok
00:10:01.0755 1300 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:10:01.0755 1300 rdpdr - ok
00:10:01.0771 1300 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:10:01.0786 1300 RDPENCDD - ok
00:10:01.0817 1300 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
00:10:01.0833 1300 RDPWD - ok
00:10:01.0895 1300 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:10:02.0036 1300 RegSrvc - ok
00:10:02.0145 1300 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:10:02.0145 1300 RemoteAccess - ok
00:10:02.0207 1300 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
00:10:02.0223 1300 RemoteRegistry - ok
00:10:02.0270 1300 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:10:02.0270 1300 rimmptsk - ok
00:10:02.0285 1300 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:10:02.0301 1300 rimsptsk - ok
00:10:02.0317 1300 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:10:02.0317 1300 rismxdp - ok
00:10:02.0348 1300 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:10:02.0363 1300 RpcLocator - ok
00:10:02.0426 1300 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
00:10:02.0426 1300 RpcSs - ok
00:10:02.0504 1300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:02.0504 1300 rspndr - ok
00:10:02.0551 1300 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
00:10:02.0551 1300 SamSs - ok
00:10:02.0597 1300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:10:02.0613 1300 sbp2port - ok
00:10:02.0644 1300 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
00:10:02.0660 1300 SCardSvr - ok
00:10:02.0722 1300 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
00:10:02.0769 1300 Schedule - ok
00:10:02.0816 1300 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
00:10:02.0816 1300 SCPolicySvc - ok
00:10:03.0284 1300 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:10:03.0299 1300 sdbus - ok
00:10:03.0409 1300 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:10:03.0409 1300 SDRSVC - ok
00:10:03.0455 1300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:10:03.0455 1300 secdrv - ok
00:10:03.0487 1300 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:10:03.0502 1300 seclogon - ok
00:10:03.0533 1300 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:10:03.0549 1300 SENS - ok
00:10:03.0565 1300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:10:03.0565 1300 Serenum - ok
00:10:03.0611 1300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:10:03.0611 1300 Serial - ok
00:10:03.0643 1300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:10:03.0643 1300 sermouse - ok
00:10:03.0705 1300 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:10:03.0705 1300 SessionEnv - ok
00:10:03.0736 1300 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:10:03.0736 1300 sffdisk - ok
00:10:03.0768 1300 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:10:03.0768 1300 sffp_mmc - ok
00:10:03.0800 1300 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:10:03.0800 1300 sffp_sd - ok
00:10:03.0815 1300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:10:03.0815 1300 sfloppy - ok
00:10:03.0893 1300 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:10:03.0893 1300 SharedAccess - ok
00:10:03.0956 1300 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
00:10:03.0971 1300 ShellHWDetection - ok
00:10:04.0018 1300 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:10:04.0018 1300 sisagp - ok
00:10:04.0049 1300 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:10:04.0049 1300 SiSRaid2 - ok
00:10:04.0080 1300 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:10:04.0080 1300 SiSRaid4 - ok
00:10:04.0205 1300 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
00:10:04.0299 1300 slsvc - ok
00:10:04.0346 1300 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
00:10:04.0361 1300 SLUINotify - ok
00:10:04.0408 1300 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
00:10:04.0408 1300 Smb - ok
00:10:04.0455 1300 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:10:04.0455 1300 SNMPTRAP - ok
00:10:04.0486 1300 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:10:04.0486 1300 spldr - ok
00:10:04.0533 1300 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
00:10:04.0548 1300 Spooler - ok
00:10:04.0580 1300 sprtsvc_dellsupportcenter - ok
00:10:04.0673 1300 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
00:10:04.0673 1300 srv - ok
00:10:04.0751 1300 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
00:10:04.0751 1300 srv2 - ok
00:10:04.0829 1300 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:04.0829 1300 srvnet - ok
00:10:04.0876 1300 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:10:04.0876 1300 SSDPSRV - ok
00:10:04.0970 1300 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:10:04.0970 1300 SstpSvc - ok
00:10:05.0063 1300 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
00:10:05.0063 1300 STacSV - ok
00:10:05.0157 1300 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
00:10:05.0204 1300 STHDA - ok
00:10:05.0297 1300 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
00:10:05.0313 1300 stisvc - ok
00:10:05.0406 1300 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:10:05.0469 1300 stllssvr - ok
00:10:05.0531 1300 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:10:05.0531 1300 swenum - ok
00:10:05.0625 1300 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
00:10:05.0625 1300 swprv - ok
00:10:05.0656 1300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:10:05.0656 1300 Symc8xx - ok
00:10:05.0687 1300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:10:05.0687 1300 Sym_hi - ok
00:10:05.0718 1300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:10:05.0718 1300 Sym_u3 - ok
00:10:05.0750 1300 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
00:10:05.0781 1300 SysMain - ok
00:10:05.0812 1300 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:10:05.0812 1300 TabletInputService - ok
00:10:05.0859 1300 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
00:10:05.0859 1300 TapiSrv - ok
00:10:05.0890 1300 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:10:05.0890 1300 TBS - ok
00:10:05.0968 1300 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
00:10:05.0984 1300 Tcpip - ok
00:10:06.0046 1300 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:06.0062 1300 Tcpip6 - ok
00:10:06.0124 1300 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
00:10:06.0124 1300 tcpipreg - ok
00:10:06.0171 1300 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:10:06.0171 1300 TDPIPE - ok
00:10:06.0202 1300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:10:06.0233 1300 TDTCP - ok
00:10:06.0249 1300 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
00:10:06.0264 1300 tdx - ok
00:10:06.0530 1300 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
00:10:06.0561 1300 TeamViewer6 - ok
00:10:06.0717 1300 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
00:10:06.0717 1300 TermDD - ok
00:10:06.0779 1300 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
00:10:06.0795 1300 TermService - ok
00:10:06.0873 1300 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
00:10:06.0888 1300 Themes - ok
00:10:06.0966 1300 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:06.0982 1300 THREADORDER - ok
00:10:07.0044 1300 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:10:07.0044 1300 TrkWks - ok
00:10:07.0107 1300 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
00:10:07.0107 1300 TrustedInstaller - ok
00:10:07.0185 1300 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:07.0185 1300 tssecsrv - ok
00:10:07.0232 1300 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:10:07.0232 1300 tunmp - ok
00:10:07.0278 1300 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:07.0278 1300 tunnel - ok
00:10:07.0310 1300 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:10:07.0310 1300 uagp35 - ok
00:10:07.0372 1300 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
00:10:07.0372 1300 udfs - ok
00:10:07.0466 1300 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:10:07.0466 1300 UI0Detect - ok
00:10:07.0512 1300 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:10:07.0512 1300 uliagpkx - ok
00:10:07.0544 1300 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:10:07.0559 1300 uliahci - ok
00:10:07.0575 1300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:10:07.0575 1300 UlSata - ok
00:10:07.0622 1300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:10:07.0622 1300 ulsata2 - ok
00:10:07.0653 1300 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:10:07.0653 1300 umbus - ok
00:10:07.0731 1300 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:10:07.0746 1300 upnphost - ok
00:10:07.0824 1300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:10:07.0840 1300 USBAAPL - ok
00:10:07.0902 1300 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:07.0902 1300 usbccgp - ok
00:10:07.0934 1300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:10:07.0934 1300 usbcir - ok
00:10:07.0980 1300 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
00:10:07.0980 1300 usbehci - ok
00:10:07.0996 1300 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
00:10:08.0012 1300 usbhub - ok
00:10:08.0027 1300 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:10:08.0043 1300 usbohci - ok
00:10:08.0090 1300 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:10:08.0090 1300 usbprint - ok
00:10:08.0152 1300 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:10:08.0152 1300 usbscan - ok
00:10:08.0183 1300 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:08.0183 1300 USBSTOR - ok
00:10:08.0230 1300 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:08.0230 1300 usbuhci - ok
00:10:08.0277 1300 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
00:10:08.0292 1300 UxSms - ok
00:10:08.0324 1300 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
00:10:08.0355 1300 vds - ok
00:10:08.0402 1300 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:08.0402 1300 vga - ok
00:10:08.0433 1300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:10:08.0433 1300 VgaSave - ok
00:10:08.0480 1300 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:10:08.0480 1300 viaagp - ok
00:10:08.0511 1300 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:10:08.0511 1300 ViaC7 - ok
00:10:08.0558 1300 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:10:08.0558 1300 viaide - ok
00:10:08.0651 1300 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
00:10:08.0698 1300 Viewpoint Manager Service - ok
00:10:09.0119 1300 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:10:09.0119 1300 volmgr - ok
00:10:09.0197 1300 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
00:10:09.0197 1300 volmgrx - ok
00:10:09.0291 1300 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
00:10:09.0306 1300 volsnap - ok
00:10:09.0338 1300 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:10:09.0353 1300 vsmraid - ok
00:10:09.0416 1300 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
00:10:09.0462 1300 VSS - ok
00:10:09.0494 1300 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
00:10:09.0509 1300 W32Time - ok
00:10:09.0603 1300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:10:09.0603 1300 WacomPen - ok
00:10:09.0665 1300 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:09.0665 1300 Wanarp - ok
00:10:09.0681 1300 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:09.0681 1300 Wanarpv6 - ok
00:10:09.0806 1300 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
00:10:09.0821 1300 wcncsvc - ok
00:10:09.0884 1300 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:10:09.0899 1300 WcsPlugInService - ok
00:10:09.0962 1300 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:10:09.0977 1300 Wd - ok
00:10:10.0024 1300 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:10:10.0040 1300 Wdf01000 - ok
00:10:10.0071 1300 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:10.0071 1300 WdiServiceHost - ok
00:10:10.0086 1300 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:10.0102 1300 WdiSystemHost - ok
00:10:10.0118 1300 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
00:10:10.0133 1300 WebClient - ok
00:10:10.0196 1300 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:10:10.0196 1300 Wecsvc - ok
00:10:10.0242 1300 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:10:10.0242 1300 wercplsupport - ok
00:10:10.0289 1300 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
00:10:10.0305 1300 WerSvc - ok
00:10:10.0367 1300 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:10:10.0430 1300 winachsf - ok
00:10:10.0492 1300 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:10:10.0492 1300 WinDefend - ok
00:10:10.0508 1300 WinHttpAutoProxySvc - ok
00:10:10.0586 1300 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
00:10:10.0601 1300 Winmgmt - ok
00:10:10.0695 1300 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:10:10.0757 1300 WinRM - ok
00:10:10.0866 1300 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
00:10:10.0898 1300 Wlansvc - ok
00:10:10.0976 1300 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:10:10.0976 1300 WmiAcpi - ok
00:10:11.0069 1300 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
00:10:11.0069 1300 wmiApSrv - ok
00:10:11.0210 1300 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:10:11.0241 1300 WMPNetworkSvc - ok
00:10:11.0319 1300 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
00:10:11.0334 1300 WPCSvc - ok
00:10:11.0350 1300 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
00:10:11.0366 1300 WPDBusEnum - ok
00:10:11.0428 1300 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:10:11.0428 1300 WpdUsb - ok
00:10:11.0600 1300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:10:11.0646 1300 WPFFontCache_v0400 - ok
00:10:11.0693 1300 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:10:11.0693 1300 ws2ifsl - ok
00:10:11.0771 1300 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
00:10:11.0787 1300 wscsvc - ok
00:10:11.0787 1300 WSearch - ok
00:10:11.0912 1300 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:10:11.0990 1300 wuauserv - ok
00:10:12.0036 1300 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:12.0036 1300 WUDFRd - ok
00:10:12.0083 1300 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:10:12.0083 1300 wudfsvc - ok
00:10:12.0130 1300 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
00:10:12.0146 1300 XAudio - ok
00:10:12.0177 1300 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
00:10:12.0192 1300 XAudioService - ok
00:10:12.0239 1300 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
00:10:12.0255 1300 yukonwlh - ok
00:10:12.0286 1300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:10:13.0113 1300 \Device\Harddisk0\DR0 - ok
00:10:13.0144 1300 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
00:10:13.0144 1300 \Device\Harddisk0\DR0\Partition0 - ok
00:10:13.0191 1300 Boot (0x1200) (6eb823f88d298c188019456d43267234) \Device\Harddisk0\DR0\Partition1
00:10:13.0191 1300 \Device\Harddisk0\DR0\Partition1 - ok
00:10:13.0191 1300 ============================================================
00:10:13.0191 1300 Scan finished
00:10:13.0191 1300 ============================================================
00:10:13.0222 3660 Detected object count: 0
00:10:13.0222 3660 Actual detected object count: 0
 
Very good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-03-22.01 - Kelli 03/23/2012 0:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2399 [GMT -4:00]
Running from: c:\users\Kelli\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~xSw8pf89PIF3eg
c:\programdata\~xSw8pf89PIF3egr
c:\programdata\xSw8pf89PIF3eg
c:\users\Kris\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 04:47 . 2012-03-23 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 04:09 . 2012-03-23 04:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl25625841.sys
2012-03-23 04:07 . 2012-03-23 04:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\offreg.dll
2012-03-23 02:15 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\mpengine.dll
2012-03-22 13:45 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:45 . 2012-03-22 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-22 12:33 . 2012-03-22 12:32 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4040A0CE-C292-406E-9EEA-195731FD7168}\gapaengine.dll
2012-03-22 12:30 . 2012-03-22 12:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 05:02 . 2012-03-21 05:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 02:07 . 2012-03-21 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 02:04 . 2012-03-21 02:04 -------- d-----w- c:\program files\WOT
2012-03-20 23:35 . 2012-03-21 01:05 -------- d-----w- c:\users\Kelli
2012-03-20 23:30 . 2012-03-20 23:30 -------- d-----w- c:\program files\CCleaner
2012-03-20 23:02 . 2012-03-20 23:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 22:25 . 2012-03-20 23:27 -------- d-----w- C:\usr
2012-03-20 22:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6064EBB1-A048-460C-94D3-DEA32612088F}\mpengine.dll
2012-03-20 22:04 . 2012-03-20 22:08 -------- d-----w- c:\users\Rollbackrx
2012-03-20 21:54 . 2012-03-20 21:54 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-10-22 23:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-03-21 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Rollbackrx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-30 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0029071332293059mcinstcleanup;McAfee Application Installer Cleanup (0029071332293059);c:\users\Kelli\AppData\Local\Temp\002907~1.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25675224
*NewlyCreated* - MPKSL25625841
*Deregistered* - 25675224
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
.
2012-03-23 c:\windows\Tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job
- c:\windows\system32\msfeedssync.exe [2011-06-20 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://wmtss1.wcsu.edu/auth/taweb.cab
FF - ProfilePath - c:\users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-3ivx MPEG-4 5.0.3 - c:\program files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe
AddRemove-AIM MusicLink 4.0.0.0 - c:\progra~1\AIMMUS~1\UNWISE.EXE
AddRemove-Snood 4_is1 - c:\program files\Snood 4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-23 00:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-23 00:50:22
ComboFix-quarantined-files.txt 2012-03-23 04:50
.
Pre-Run: 63,040,983,040 bytes free
Post-Run: 63,159,918,592 bytes free
.
- - End Of File - - 1AB7D8EC6E9D63B4DA9069984F23C872
 
You must log in or register to reply here.

Similar threads

D
Solved Potential Virus
Replies
16
Views
6K
Broni
Broni
Binh Nguyen
  • Locked
Inactive "Failed to create Conexant Audio Factory, Smartaudio will now exit.", Virus suspected
Replies
1
Views
13K
Broni
Broni
T
  • Locked
[Closed] Delayed write failed issue
Replies
19
Views
5K
TedCorcoran
T

Latest posts

Back