username123

Members

View Profile See their activity

Posts
18
Joined
June 8, 2012
Last visited
July 9, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by username123

Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

It is running ok, malwarebytes scan come up clean.
- July 7, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

I ran the kaspersky virus removal tool and it did detect and remove a couple things, but I accidentally closed the window before I copied the log. I could not find a copy of the log anywhere on the c: drive, is there a way to recover it?
- July 7, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

It found and rremoved 2 things, thswas all that was in the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
- July 4, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

Combofix log ComboFix 12-07-02.01 - Owner 07/02/2012 13:51:27.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1859 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Local\Temp\libsqlitejdbc-1097905350671404327.lib c:\users\Owner\AppData\Local\Temp\swt-gdip-win32-3448.dll c:\users\Owner\AppData\Local\Temp\swt-win32-3448.dll c:\users\Owner\AppData\Local\Temp\WindowsAPI.dll3028653110324797918.lib . . ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 ))))))))))))))))))))))))))))))) . . 2012-06-28 14:42 . 2012-06-28 14:42 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 20:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 20:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 20:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 20:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 20:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 20:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 20:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 20:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 20:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 01:40 . 2012-06-14 01:40 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d 2012-06-14 00:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 00:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 00:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 00:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 00:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 00:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-14 00:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 00:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 00:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 00:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 00:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 00:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 00:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 00:08 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 00:50 . 2012-06-13 23:13 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003 2012-06-08 18:51 . 2012-06-08 18:51 -------- d-----w- c:\programdata\Kodak 2012-06-08 18:51 . 2010-09-02 19:31 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-19 02:13 . 2011-08-16 20:43 900 --sha-w- c:\programdata\KGyGaAvL.sys 2012-04-04 19:56 . 2012-03-21 20:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-5-18 473616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-16 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120627.001\IDSvia64.sys [2012-06-18 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-04-20 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 7767552] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 279040] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_C6F09094 . Contents of the 'Scheduled Tasks' folder . 2012-06-08 c:\windows\Tasks\HPCeeScheduleForOWNER-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-06-10 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.foxnews.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\atibtmon.exe c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe . ************************************************************************** . Completion time: 2012-07-02 14:18:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-02 18:18 . Pre-Run: 653,102,952,448 bytes free Post-Run: 655,518,060,544 bytes free . - - End Of File - - EBA19477B837EFD9FF6DDAA469BF4C13
- July 2, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

Logs: 10:38:00.0834 0912 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 10:38:02.0831 0912 ============================================================ 10:38:02.0831 0912 Current date / time: 2012/06/28 10:38:02.0831 10:38:02.0831 0912 SystemInfo: 10:38:02.0831 0912 10:38:02.0831 0912 OS Version: 6.1.7601 ServicePack: 1.0 10:38:02.0831 0912 Product type: Workstation 10:38:02.0831 0912 ComputerName: OWNER-HP 10:38:02.0831 0912 UserName: Owner 10:38:02.0831 0912 Windows directory: C:\Windows 10:38:02.0831 0912 System windows directory: C:\Windows 10:38:02.0831 0912 Running under WOW64 10:38:02.0831 0912 Processor architecture: Intel x64 10:38:02.0831 0912 Number of processors: 3 10:38:02.0831 0912 Page size: 0x1000 10:38:02.0831 0912 Boot type: Normal boot 10:38:02.0831 0912 ============================================================ 10:38:05.0655 0912 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:38:05.0670 0912 ============================================================ 10:38:05.0670 0912 \Device\Harddisk0\DR0: 10:38:05.0670 0912 MBR partitions: 10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x5441F000 10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54483000, BlocksNum 0x308F800 10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0 10:38:05.0670 0912 ============================================================ 10:38:05.0795 0912 C: <-> \Device\Harddisk0\DR0\Partition1 10:38:06.0201 0912 D: <-> \Device\Harddisk0\DR0\Partition2 10:38:06.0357 0912 F: <-> \Device\Harddisk0\DR0\Partition3 10:38:06.0357 0912 ============================================================ 10:38:06.0357 0912 Initialize success 10:38:06.0357 0912 ============================================================ 10:38:48.0335 1412 ============================================================ 10:38:48.0335 1412 Scan started 10:38:48.0335 1412 Mode: Manual; SigCheck; TDLFS; 10:38:48.0335 1412 ============================================================ 10:38:53.0869 1412 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:38:54.0112 1412 1394ohci - ok 10:38:54.0207 1412 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys 10:38:54.0278 1412 Accelerometer - ok 10:38:54.0707 1412 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:38:54.0757 1412 ACPI - ok 10:38:54.0820 1412 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:38:54.0913 1412 AcpiPmi - ok 10:38:55.0092 1412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:38:55.0189 1412 adp94xx - ok 10:38:55.0349 1412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:38:55.0457 1412 adpahci - ok 10:38:55.0588 1412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:38:55.0652 1412 adpu320 - ok 10:38:55.0721 1412 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:38:55.0839 1412 AeLookupSvc - ok 10:38:56.0097 1412 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 10:38:56.0161 1412 AESTFilters - ok 10:38:56.0448 1412 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:38:56.0630 1412 AFD - ok 10:38:56.0737 1412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:38:56.0793 1412 agp440 - ok 10:38:56.0877 1412 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:38:56.0999 1412 ALG - ok 10:38:57.0091 1412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:38:57.0137 1412 aliide - ok 10:38:57.0278 1412 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe 10:38:57.0347 1412 AMD External Events Utility - ok 10:38:57.0437 1412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:38:57.0471 1412 amdide - ok 10:38:57.0647 1412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:38:57.0735 1412 AmdK8 - ok 10:39:02.0477 1412 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys 10:39:03.0384 1412 amdkmdag - ok 10:39:05.0014 1412 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys 10:39:05.0207 1412 amdkmdap - ok 10:39:05.0320 1412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:39:05.0417 1412 AmdPPM - ok 10:39:05.0572 1412 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:39:05.0679 1412 amdsata - ok 10:39:05.0943 1412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:39:06.0009 1412 amdsbs - ok 10:39:06.0309 1412 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:39:06.0504 1412 amdxata - ok 10:39:06.0655 1412 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:39:06.0816 1412 AppID - ok 10:39:06.0892 1412 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:39:07.0053 1412 AppIDSvc - ok 10:39:07.0142 1412 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:39:07.0249 1412 Appinfo - ok 10:39:07.0338 1412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:39:07.0374 1412 arc - ok 10:39:07.0533 1412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:39:07.0603 1412 arcsas - ok 10:39:07.0711 1412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:39:07.0835 1412 AsyncMac - ok 10:39:07.0893 1412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:39:07.0921 1412 atapi - ok 10:39:08.0803 1412 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys 10:39:09.0021 1412 athr - ok 10:39:10.0593 1412 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 10:39:10.0644 1412 AtiHdmiService - ok 10:39:10.0714 1412 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 10:39:10.0763 1412 AtiPcie - ok 10:39:11.0135 1412 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:39:11.0285 1412 AudioEndpointBuilder - ok 10:39:11.0303 1412 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:39:11.0412 1412 AudioSrv - ok 10:39:11.0623 1412 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:39:11.0800 1412 AxInstSV - ok 10:39:11.0972 1412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:39:12.0118 1412 b06bdrv - ok 10:39:12.0330 1412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:39:12.0483 1412 b57nd60a - ok 10:39:12.0716 1412 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 10:39:12.0788 1412 BBSvc - ok 10:39:12.0849 1412 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 10:39:12.0891 1412 BBUpdate - ok 10:39:13.0721 1412 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys 10:39:13.0925 1412 BCM43XX - ok 10:39:14.0454 1412 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:39:14.0563 1412 BDESVC - ok 10:39:14.0762 1412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:39:14.0902 1412 Beep - ok 10:39:15.0253 1412 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:39:15.0383 1412 BFE - ok 10:39:18.0356 1412 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys 10:39:18.0433 1412 BHDrvx64 - ok 10:39:20.0236 1412 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 10:39:20.0465 1412 BITS - ok 10:39:20.0724 1412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:39:20.0790 1412 blbdrive - ok 10:39:21.0090 1412 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:39:21.0159 1412 bowser - ok 10:39:21.0245 1412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:39:21.0376 1412 BrFiltLo - ok 10:39:21.0434 1412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:39:21.0499 1412 BrFiltUp - ok 10:39:22.0001 1412 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:39:22.0171 1412 Browser - ok 10:39:23.0125 1412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:39:23.0311 1412 Brserid - ok 10:39:23.0404 1412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:39:23.0560 1412 BrSerWdm - ok 10:39:23.0671 1412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:39:23.0753 1412 BrUsbMdm - ok 10:39:23.0814 1412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:39:23.0901 1412 BrUsbSer - ok 10:39:24.0106 1412 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 10:39:24.0237 1412 BthEnum - ok 10:39:24.0498 1412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:39:24.0608 1412 BTHMODEM - ok 10:39:25.0059 1412 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 10:39:25.0188 1412 BthPan - ok 10:39:27.0017 1412 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 10:39:27.0195 1412 BTHPORT - ok 10:39:27.0405 1412 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:39:27.0611 1412 bthserv - ok 10:39:28.0080 1412 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 10:39:28.0328 1412 BTHUSB - ok 10:39:28.0755 1412 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys 10:39:28.0869 1412 btwampfl - ok 10:39:28.0995 1412 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys 10:39:29.0102 1412 btwaudio - ok 10:39:29.0219 1412 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys 10:39:29.0313 1412 btwavdt - ok 10:39:30.0037 1412 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 10:39:30.0143 1412 btwdins - ok 10:39:30.0299 1412 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys 10:39:30.0389 1412 btwl2cap - ok 10:39:30.0495 1412 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys 10:39:30.0528 1412 btwrchid - ok 10:39:30.0818 1412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:39:31.0013 1412 cdfs - ok 10:39:31.0362 1412 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 10:39:31.0468 1412 cdrom - ok 10:39:31.0768 1412 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:39:32.0020 1412 CertPropSvc - ok 10:39:32.0387 1412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:39:32.0579 1412 circlass - ok 10:39:33.0817 1412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:39:33.0988 1412 CLFS - ok 10:39:34.0989 1412 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe 10:39:35.0164 1412 CLKMSVC10_C6F09094 - ok 10:39:35.0670 1412 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:39:35.0904 1412 clr_optimization_v2.0.50727_32 - ok 10:39:36.0399 1412 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:39:36.0564 1412 clr_optimization_v2.0.50727_64 - ok 10:39:38.0165 1412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:39:38.0581 1412 clr_optimization_v4.0.30319_32 - ok 10:39:39.0054 1412 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:39:39.0162 1412 clr_optimization_v4.0.30319_64 - ok 10:39:39.0403 1412 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys 10:39:39.0485 1412 clwvd - ok 10:39:39.0604 1412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:39:39.0671 1412 CmBatt - ok 10:39:39.0738 1412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:39:39.0779 1412 cmdide - ok 10:39:40.0964 1412 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:39:41.0073 1412 CNG - ok 10:39:41.0210 1412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:39:41.0329 1412 Compbatt - ok 10:39:41.0473 1412 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:39:41.0633 1412 CompositeBus - ok 10:39:41.0719 1412 COMSysApp - ok 10:39:41.0792 1412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:39:41.0910 1412 crcdisk - ok 10:39:42.0453 1412 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 10:39:42.0558 1412 CryptSvc - ok 10:39:46.0390 1412 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 10:39:46.0452 1412 cvhsvc - ok 10:39:47.0284 1412 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:39:47.0451 1412 DcomLaunch - ok 10:39:48.0225 1412 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:39:48.0486 1412 defragsvc - ok 10:39:48.0967 1412 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:39:49.0080 1412 DfsC - ok 10:39:49.0901 1412 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:39:50.0054 1412 Dhcp - ok 10:39:50.0204 1412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:39:50.0482 1412 discache - ok 10:39:50.0653 1412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:39:50.0985 1412 Disk - ok 10:39:51.0460 1412 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:39:51.0759 1412 Dnscache - ok 10:39:52.0111 1412 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:39:52.0348 1412 dot3svc - ok 10:39:53.0437 1412 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe 10:39:53.0559 1412 DpHost - ok 10:39:54.0065 1412 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:39:54.0188 1412 DPS - ok 10:39:54.0322 1412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:39:54.0920 1412 drmkaud - ok 10:39:56.0359 1412 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:39:56.0517 1412 DXGKrnl - ok 10:39:56.0820 1412 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:39:56.0939 1412 EapHost - ok 10:40:04.0546 1412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:40:04.0897 1412 ebdrv - ok 10:40:05.0789 1412 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 10:40:06.0029 1412 eeCtrl - ok 10:40:07.0694 1412 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:40:07.0778 1412 EFS - ok 10:40:08.0413 1412 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:40:08.0584 1412 ehRecvr - ok 10:40:08.0774 1412 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:40:08.0951 1412 ehSched - ok 10:40:09.0434 1412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:40:09.0517 1412 elxstor - ok 10:40:09.0768 1412 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 10:40:09.0818 1412 EraserUtilRebootDrv - ok 10:40:09.0878 1412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:40:09.0937 1412 ErrDev - ok 10:40:10.0427 1412 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:40:10.0578 1412 EventSystem - ok 10:40:10.0752 1412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:40:10.0886 1412 exfat - ok 10:40:11.0051 1412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:40:11.0189 1412 fastfat - ok 10:40:11.0757 1412 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:40:11.0914 1412 Fax - ok 10:40:11.0976 1412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:40:12.0030 1412 fdc - ok 10:40:12.0129 1412 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:40:12.0278 1412 fdPHost - ok 10:40:12.0410 1412 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:40:12.0543 1412 FDResPub - ok 10:40:12.0711 1412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:40:12.0850 1412 FileInfo - ok 10:40:12.0937 1412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:40:13.0068 1412 Filetrace - ok 10:40:13.0112 1412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:40:13.0135 1412 flpydisk - ok 10:40:13.0335 1412 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:40:13.0418 1412 FltMgr - ok 10:40:13.0961 1412 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:40:14.0080 1412 FontCache - ok 10:40:14.0238 1412 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:40:14.0264 1412 FontCache3.0.0.0 - ok 10:40:14.0371 1412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:40:14.0444 1412 FsDepends - ok 10:40:14.0521 1412 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:40:14.0566 1412 Fs_Rec - ok 10:40:14.0682 1412 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:40:14.0713 1412 fvevol - ok 10:40:14.0772 1412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:40:14.0807 1412 gagp30kx - ok 10:40:15.0058 1412 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 10:40:15.0123 1412 GameConsoleService - ok 10:40:15.0540 1412 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 10:40:15.0635 1412 GamesAppService - ok 10:40:16.0109 1412 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:40:16.0243 1412 gpsvc - ok 10:40:16.0450 1412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:40:16.0566 1412 hcw85cir - ok 10:40:16.0768 1412 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:40:16.0830 1412 HdAudAddService - ok 10:40:16.0889 1412 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:40:16.0936 1412 HDAudBus - ok 10:40:16.0978 1412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:40:17.0023 1412 HidBatt - ok 10:40:17.0258 1412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:40:17.0333 1412 HidBth - ok 10:40:17.0393 1412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:40:17.0468 1412 HidIr - ok 10:40:17.0558 1412 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 10:40:17.0679 1412 hidserv - ok 10:40:17.0761 1412 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 10:40:17.0816 1412 HidUsb - ok 10:40:18.0129 1412 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:40:18.0315 1412 hkmsvc - ok 10:40:18.0584 1412 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:40:18.0676 1412 HomeGroupListener - ok 10:40:18.0747 1412 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:40:18.0789 1412 HomeGroupProvider - ok 10:40:18.0948 1412 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 10:40:18.0968 1412 HP Support Assistant Service - ok 10:40:19.0231 1412 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 10:40:19.0264 1412 HP Wireless Assistant Service - ok 10:40:19.0644 1412 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 10:40:19.0707 1412 HPClientSvc - ok 10:40:19.0914 1412 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 10:40:19.0939 1412 HPDrvMntSvc.exe - ok 10:40:19.0965 1412 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys 10:40:19.0987 1412 hpdskflt - ok 10:40:20.0627 1412 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 10:40:20.0716 1412 hpqwmiex - ok 10:40:20.0840 1412 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:40:20.0916 1412 HpSAMD - ok 10:40:21.0041 1412 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe 10:40:21.0091 1412 hpsrv - ok 10:40:21.0226 1412 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 10:40:21.0253 1412 HPWMISVC - ok 10:40:21.0845 1412 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:40:21.0989 1412 HTTP - ok 10:40:22.0057 1412 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:40:22.0089 1412 hwpolicy - ok 10:40:22.0169 1412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:40:22.0205 1412 i8042prt - ok 10:40:22.0333 1412 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:40:22.0402 1412 iaStorV - ok 10:40:23.0204 1412 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:40:23.0341 1412 idsvc - ok 10:40:24.0393 1412 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSvia64.sys 10:40:24.0451 1412 IDSVia64 - ok 10:40:27.0418 1412 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 10:40:27.0751 1412 igfx - ok 10:40:28.0005 1412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:40:28.0039 1412 iirsp - ok 10:40:28.0281 1412 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:40:28.0421 1412 IKEEXT - ok 10:40:28.0464 1412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:40:28.0498 1412 intelide - ok 10:40:28.0617 1412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:40:28.0724 1412 intelppm - ok 10:40:28.0818 1412 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:40:28.0957 1412 IPBusEnum - ok 10:40:29.0064 1412 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:40:29.0202 1412 IpFilterDriver - ok 10:40:29.0535 1412 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:40:29.0677 1412 iphlpsvc - ok 10:40:29.0762 1412 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:40:29.0860 1412 IPMIDRV - ok 10:40:29.0959 1412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:40:30.0062 1412 IPNAT - ok 10:40:30.0103 1412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:40:30.0125 1412 IRENUM - ok 10:40:30.0198 1412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:40:30.0231 1412 isapnp - ok 10:40:30.0329 1412 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:40:30.0409 1412 iScsiPrt - ok 10:40:30.0438 1412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 10:40:30.0463 1412 kbdclass - ok 10:40:30.0554 1412 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 10:40:30.0633 1412 kbdhid - ok 10:40:30.0735 1412 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:40:30.0771 1412 KeyIso - ok 10:40:30.0940 1412 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:40:30.0998 1412 KSecDD - ok 10:40:31.0075 1412 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:40:31.0113 1412 KSecPkg - ok 10:40:31.0157 1412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:40:31.0274 1412 ksthunk - ok 10:40:32.0214 1412 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:40:32.0351 1412 KtmRm - ok 10:40:32.0771 1412 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 10:40:32.0895 1412 LanmanServer - ok 10:40:33.0031 1412 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:40:33.0162 1412 LanmanWorkstation - ok 10:40:33.0233 1412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:40:33.0336 1412 lltdio - ok 10:40:34.0202 1412 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:40:34.0342 1412 lltdsvc - ok 10:40:34.0376 1412 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:40:34.0460 1412 lmhosts - ok 10:40:34.0593 1412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:40:34.0639 1412 LSI_FC - ok 10:40:34.0781 1412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:40:34.0888 1412 LSI_SAS - ok 10:40:35.0076 1412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:40:35.0173 1412 LSI_SAS2 - ok 10:40:35.0224 1412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:40:35.0261 1412 LSI_SCSI - ok 10:40:35.0331 1412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:40:35.0431 1412 luafv - ok 10:40:35.0559 1412 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:40:35.0611 1412 Mcx2Svc - ok 10:40:35.0704 1412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:40:35.0764 1412 megasas - ok 10:40:36.0157 1412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:40:36.0227 1412 MegaSR - ok 10:40:36.0283 1412 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:40:36.0393 1412 MMCSS - ok 10:40:36.0418 1412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:40:36.0491 1412 Modem - ok 10:40:36.0536 1412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:40:36.0615 1412 monitor - ok 10:40:36.0720 1412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 10:40:36.0762 1412 mouclass - ok 10:40:36.0828 1412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:40:36.0887 1412 mouhid - ok 10:40:37.0135 1412 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:40:37.0170 1412 mountmgr - ok 10:40:37.0459 1412 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:40:37.0539 1412 mpio - ok 10:40:37.0645 1412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:40:37.0764 1412 mpsdrv - ok 10:40:38.0997 1412 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:40:39.0164 1412 MpsSvc - ok 10:40:39.0357 1412 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:40:39.0427 1412 MRxDAV - ok 10:40:39.0713 1412 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:40:39.0808 1412 mrxsmb - ok 10:40:40.0377 1412 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:40:40.0467 1412 mrxsmb10 - ok 10:40:40.0632 1412 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:40:40.0667 1412 mrxsmb20 - ok 10:40:40.0737 1412 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:40:40.0778 1412 msahci - ok 10:40:41.0012 1412 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:40:41.0058 1412 msdsm - ok 10:40:41.0364 1412 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:40:41.0437 1412 MSDTC - ok 10:40:41.0525 1412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:40:41.0610 1412 Msfs - ok 10:40:41.0637 1412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:40:41.0741 1412 mshidkmdf - ok 10:40:41.0799 1412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:40:41.0831 1412 msisadrv - ok 10:40:42.0054 1412 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:40:42.0196 1412 MSiSCSI - ok 10:40:42.0204 1412 msiserver - ok 10:40:42.0272 1412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:40:42.0383 1412 MSKSSRV - ok 10:40:42.0430 1412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:40:42.0547 1412 MSPCLOCK - ok 10:40:42.0568 1412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:40:42.0667 1412 MSPQM - ok 10:40:43.0006 1412 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:40:43.0054 1412 MsRPC - ok 10:40:43.0167 1412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:40:43.0200 1412 mssmbios - ok 10:40:43.0270 1412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:40:43.0384 1412 MSTEE - ok 10:40:43.0451 1412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:40:43.0512 1412 MTConfig - ok 10:40:43.0573 1412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:40:43.0606 1412 Mup - ok 10:40:44.0203 1412 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:40:44.0349 1412 napagent - ok 10:40:44.0797 1412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:40:44.0882 1412 NativeWifiP - ok 10:40:45.0532 1412 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\ENG64.SYS 10:40:45.0595 1412 NAVENG - ok 10:40:48.0318 1412 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\EX64.SYS 10:40:48.0435 1412 NAVEX15 - ok 10:40:49.0503 1412 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:40:49.0562 1412 NDIS - ok 10:40:49.0614 1412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:40:49.0724 1412 NdisCap - ok 10:40:49.0768 1412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:40:49.0850 1412 NdisTapi - ok 10:40:49.0931 1412 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:40:50.0039 1412 Ndisuio - ok 10:40:50.0338 1412 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:40:50.0472 1412 NdisWan - ok 10:40:50.0614 1412 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:40:50.0718 1412 NDProxy - ok 10:40:50.0846 1412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:40:50.0975 1412 NetBIOS - ok 10:40:51.0246 1412 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:40:51.0366 1412 NetBT - ok 10:40:51.0430 1412 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:40:51.0480 1412 Netlogon - ok 10:40:52.0493 1412 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:40:52.0642 1412 Netman - ok 10:40:53.0688 1412 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:40:53.0806 1412 netprofm - ok 10:40:54.0144 1412 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:40:54.0220 1412 NetTcpPortSharing - ok 10:40:58.0587 1412 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 10:40:58.0853 1412 netw5v64 - ok 10:40:59.0032 1412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:40:59.0066 1412 nfrd960 - ok 10:40:59.0339 1412 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe 10:40:59.0371 1412 NIS - ok 10:40:59.0470 1412 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:40:59.0594 1412 NlaSvc - ok 10:40:59.0954 1412 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 10:41:00.0133 1412 NOBU - ok 10:41:00.0347 1412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:41:00.0427 1412 Npfs - ok 10:41:00.0454 1412 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:41:00.0581 1412 nsi - ok 10:41:00.0603 1412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:41:00.0715 1412 nsiproxy - ok 10:41:01.0009 1412 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:41:01.0096 1412 Ntfs - ok 10:41:01.0250 1412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:41:01.0353 1412 Null - ok 10:41:01.0422 1412 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:41:01.0471 1412 nvraid - ok 10:41:01.0555 1412 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:41:01.0594 1412 nvstor - ok 10:41:01.0655 1412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:41:01.0692 1412 nv_agp - ok 10:41:01.0722 1412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:41:01.0776 1412 ohci1394 - ok 10:41:01.0905 1412 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:41:01.0951 1412 ose - ok 10:41:02.0635 1412 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:41:02.0851 1412 osppsvc - ok 10:41:03.0061 1412 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:41:03.0156 1412 p2pimsvc - ok 10:41:03.0227 1412 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:41:03.0276 1412 p2psvc - ok 10:41:03.0372 1412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:41:03.0409 1412 Parport - ok 10:41:03.0446 1412 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 10:41:03.0495 1412 partmgr - ok 10:41:03.0563 1412 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:41:03.0636 1412 PcaSvc - ok 10:41:03.0692 1412 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:41:03.0736 1412 pci - ok 10:41:03.0776 1412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:41:03.0809 1412 pciide - ok 10:41:03.0853 1412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:41:03.0895 1412 pcmcia - ok 10:41:03.0925 1412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:41:03.0973 1412 pcw - ok 10:41:04.0101 1412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:41:04.0223 1412 PEAUTH - ok 10:41:04.0358 1412 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:41:04.0434 1412 PerfHost - ok 10:41:04.0694 1412 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:41:04.0830 1412 pla - ok 10:41:04.0916 1412 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:41:05.0006 1412 PlugPlay - ok 10:41:05.0107 1412 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys 10:41:05.0177 1412 pneteth - ok 10:41:05.0239 1412 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:41:05.0290 1412 PNRPAutoReg - ok 10:41:05.0348 1412 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:41:05.0390 1412 PNRPsvc - ok 10:41:05.0489 1412 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:41:05.0619 1412 PolicyAgent - ok 10:41:05.0669 1412 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:41:05.0772 1412 Power - ok 10:41:05.0838 1412 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:41:05.0955 1412 PptpMiniport - ok 10:41:05.0993 1412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:41:06.0046 1412 Processor - ok 10:41:06.0115 1412 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 10:41:06.0191 1412 ProfSvc - ok 10:41:06.0239 1412 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:06.0272 1412 ProtectedStorage - ok 10:41:06.0423 1412 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:41:06.0516 1412 Psched - ok 10:41:06.0684 1412 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 10:41:06.0717 1412 PSI_SVC_2 - ok 10:41:07.0091 1412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:41:07.0224 1412 ql2300 - ok 10:41:08.0109 1412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:41:08.0148 1412 ql40xx - ok 10:41:08.0337 1412 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:41:08.0409 1412 QWAVE - ok 10:41:08.0458 1412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:41:08.0506 1412 QWAVEdrv - ok 10:41:08.0542 1412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:41:08.0646 1412 RasAcd - ok 10:41:08.0794 1412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:41:08.0906 1412 RasAgileVpn - ok 10:41:09.0051 1412 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:41:09.0191 1412 RasAuto - ok 10:41:09.0491 1412 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:41:09.0606 1412 Rasl2tp - ok 10:41:09.0736 1412 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:41:09.0852 1412 RasMan - ok 10:41:10.0022 1412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:41:10.0135 1412 RasPppoe - ok 10:41:10.0221 1412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:41:10.0326 1412 RasSstp - ok 10:41:10.0561 1412 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:41:10.0689 1412 rdbss - ok 10:41:10.0776 1412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:41:10.0841 1412 rdpbus - ok 10:41:10.0912 1412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:41:11.0028 1412 RDPCDD - ok 10:41:11.0072 1412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:41:11.0188 1412 RDPENCDD - ok 10:41:11.0225 1412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:41:11.0308 1412 RDPREFMP - ok 10:41:11.0364 1412 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 10:41:11.0446 1412 RDPWD - ok 10:41:11.0689 1412 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:41:11.0732 1412 rdyboost - ok 10:41:11.0822 1412 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:41:11.0919 1412 RemoteAccess - ok 10:41:11.0973 1412 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:41:12.0058 1412 RemoteRegistry - ok 10:41:12.0142 1412 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 10:41:12.0201 1412 RFCOMM - ok 10:41:12.0394 1412 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 10:41:12.0446 1412 RoxioNow Service - ok 10:41:12.0510 1412 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:41:12.0635 1412 RpcEptMapper - ok 10:41:12.0712 1412 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:41:12.0790 1412 RpcLocator - ok 10:41:12.0902 1412 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:41:12.0980 1412 RpcSs - ok 10:41:13.0192 1412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:41:13.0310 1412 rspndr - ok 10:41:13.0464 1412 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys 10:41:13.0512 1412 RSUSBSTOR - ok 10:41:13.0651 1412 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:41:13.0735 1412 RTL8167 - ok 10:41:13.0840 1412 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:13.0893 1412 SamSs - ok 10:41:13.0966 1412 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:41:14.0003 1412 sbp2port - ok 10:41:14.0056 1412 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:41:14.0146 1412 SCardSvr - ok 10:41:14.0206 1412 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:41:14.0305 1412 scfilter - ok 10:41:14.0511 1412 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:41:14.0676 1412 Schedule - ok 10:41:14.0775 1412 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:41:14.0842 1412 SCPolicySvc - ok 10:41:14.0906 1412 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 10:41:14.0958 1412 sdbus - ok 10:41:15.0113 1412 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:41:15.0239 1412 SDRSVC - ok 10:41:15.0322 1412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:41:15.0399 1412 secdrv - ok 10:41:15.0454 1412 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:41:15.0578 1412 seclogon - ok 10:41:15.0637 1412 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 10:41:15.0759 1412 SENS - ok 10:41:15.0822 1412 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:41:15.0894 1412 SensrSvc - ok 10:41:15.0942 1412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:41:15.0996 1412 Serenum - ok 10:41:16.0053 1412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:41:16.0091 1412 Serial - ok 10:41:16.0137 1412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:41:16.0188 1412 sermouse - ok 10:41:16.0259 1412 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:41:16.0389 1412 SessionEnv - ok 10:41:16.0451 1412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:41:16.0541 1412 sffdisk - ok 10:41:16.0605 1412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:41:16.0729 1412 sffp_mmc - ok 10:41:16.0771 1412 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:41:16.0826 1412 sffp_sd - ok 10:41:16.0875 1412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:41:16.0910 1412 sfloppy - ok 10:41:17.0051 1412 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 10:41:17.0098 1412 Sftfs - ok 10:41:17.0318 1412 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 10:41:17.0362 1412 sftlist - ok 10:41:17.0602 1412 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 10:41:17.0665 1412 Sftplay - ok 10:41:17.0723 1412 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 10:41:17.0752 1412 Sftredir - ok 10:41:17.0778 1412 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 10:41:17.0807 1412 Sftvol - ok 10:41:17.0984 1412 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 10:41:18.0019 1412 sftvsa - ok 10:41:18.0111 1412 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:41:18.0220 1412 SharedAccess - ok 10:41:18.0325 1412 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:41:18.0456 1412 ShellHWDetection - ok 10:41:18.0679 1412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:41:18.0717 1412 SiSRaid2 - ok 10:41:18.0777 1412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:41:18.0814 1412 SiSRaid4 - ok 10:41:19.0122 1412 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 10:41:19.0191 1412 SkypeUpdate - ok 10:41:19.0252 1412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:41:19.0371 1412 Smb - ok 10:41:19.0432 1412 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:41:19.0506 1412 SNMPTRAP - ok 10:41:19.0546 1412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:41:19.0579 1412 spldr - ok 10:41:19.0713 1412 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:41:19.0814 1412 Spooler - ok 10:41:20.0597 1412 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:41:20.0896 1412 sppsvc - ok 10:41:21.0186 1412 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:41:21.0270 1412 sppuinotify - ok 10:41:21.0555 1412 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS 10:41:21.0597 1412 SRTSP - ok 10:41:21.0619 1412 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS 10:41:21.0634 1412 SRTSPX - ok 10:41:21.0738 1412 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:41:21.0829 1412 srv - ok 10:41:22.0079 1412 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:41:22.0162 1412 srv2 - ok 10:41:22.0279 1412 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 10:41:22.0353 1412 SrvHsfHDA - ok 10:41:22.0696 1412 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 10:41:22.0815 1412 SrvHsfV92 - ok 10:41:23.0230 1412 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 10:41:23.0281 1412 SrvHsfWinac - ok 10:41:23.0364 1412 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:41:23.0460 1412 srvnet - ok 10:41:23.0606 1412 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:41:23.0734 1412 SSDPSRV - ok 10:41:23.0860 1412 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:41:23.0935 1412 SstpSvc - ok 10:41:24.0230 1412 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe 10:41:24.0298 1412 STacSV - ok 10:41:24.0347 1412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:41:24.0396 1412 stexstor - ok 10:41:24.0840 1412 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys 10:41:24.0940 1412 STHDA - ok 10:41:25.0087 1412 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:41:25.0188 1412 stisvc - ok 10:41:25.0220 1412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:41:25.0252 1412 swenum - ok 10:41:25.0408 1412 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:41:25.0532 1412 swprv - ok 10:41:25.0712 1412 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS 10:41:25.0754 1412 SymDS - ok 10:41:25.0915 1412 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS 10:41:25.0979 1412 SymEFA - ok 10:41:26.0086 1412 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 10:41:26.0123 1412 SymEvent - ok 10:41:26.0181 1412 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS 10:41:26.0214 1412 SymIRON - ok 10:41:26.0363 1412 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS 10:41:26.0405 1412 SymNetS - ok 10:41:26.0712 1412 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys 10:41:26.0839 1412 SynTP - ok 10:41:27.0254 1412 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:41:27.0363 1412 SysMain - ok 10:41:27.0562 1412 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:41:27.0616 1412 TabletInputService - ok 10:41:27.0667 1412 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:41:27.0772 1412 TapiSrv - ok 10:41:27.0804 1412 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:41:27.0907 1412 TBS - ok 10:41:28.0238 1412 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 10:41:28.0340 1412 Tcpip - ok 10:41:29.0248 1412 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 10:41:29.0327 1412 TCPIP6 - ok 10:41:29.0520 1412 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:41:29.0624 1412 tcpipreg - ok 10:41:29.0660 1412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:41:29.0753 1412 TDPIPE - ok 10:41:29.0824 1412 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:41:29.0883 1412 TDTCP - ok 10:41:29.0954 1412 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:41:30.0047 1412 tdx - ok 10:41:30.0118 1412 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:41:30.0153 1412 TermDD - ok 10:41:30.0292 1412 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:41:30.0444 1412 TermService - ok 10:41:30.0486 1412 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:41:30.0550 1412 Themes - ok 10:41:30.0598 1412 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:41:30.0687 1412 THREADORDER - ok 10:41:30.0746 1412 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:41:30.0833 1412 TrkWks - ok 10:41:31.0056 1412 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:41:31.0168 1412 TrustedInstaller - ok 10:41:31.0219 1412 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:41:31.0319 1412 tssecsrv - ok 10:41:31.0391 1412 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:41:31.0432 1412 TsUsbFlt - ok 10:41:31.0529 1412 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:41:31.0625 1412 tunnel - ok 10:41:31.0727 1412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:41:31.0770 1412 uagp35 - ok 10:41:31.0996 1412 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:41:32.0118 1412 udfs - ok 10:41:32.0199 1412 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:41:32.0256 1412 UI0Detect - ok 10:41:32.0344 1412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:41:32.0379 1412 uliagpkx - ok 10:41:32.0434 1412 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 10:41:32.0510 1412 umbus - ok 10:41:32.0589 1412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:41:32.0647 1412 UmPass - ok 10:41:32.0991 1412 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:41:33.0117 1412 upnphost - ok 10:41:33.0225 1412 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:41:33.0313 1412 usbccgp - ok 10:41:33.0397 1412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:41:33.0489 1412 usbcir - ok 10:41:33.0513 1412 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:41:33.0562 1412 usbehci - ok 10:41:33.0639 1412 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys 10:41:33.0699 1412 usbfilter - ok 10:41:33.0788 1412 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:41:33.0847 1412 usbhub - ok 10:41:33.0900 1412 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 10:41:33.0963 1412 usbohci - ok 10:41:34.0028 1412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:41:34.0103 1412 usbprint - ok 10:41:34.0148 1412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 10:41:34.0246 1412 usbscan - ok 10:41:34.0371 1412 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 10:41:34.0487 1412 USBSTOR - ok 10:41:34.0514 1412 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:41:34.0570 1412 usbuhci - ok 10:41:34.0744 1412 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 10:41:34.0793 1412 usbvideo - ok 10:41:34.0880 1412 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 10:41:34.0929 1412 usb_rndisx - ok 10:41:34.0972 1412 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:41:35.0083 1412 UxSms - ok 10:41:35.0130 1412 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:35.0163 1412 VaultSvc - ok 10:41:36.0521 1412 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe 10:41:36.0670 1412 vcsFPService - ok 10:41:37.0548 1412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:41:37.0580 1412 vdrvroot - ok 10:41:37.0820 1412 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:41:37.0950 1412 vds - ok 10:41:38.0171 1412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:41:38.0241 1412 vga - ok 10:41:38.0260 1412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:41:38.0383 1412 VgaSave - ok 10:41:38.0597 1412 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:41:38.0666 1412 vhdmp - ok 10:41:38.0733 1412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:41:38.0776 1412 viaide - ok 10:41:38.0845 1412 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:41:38.0892 1412 volmgr - ok 10:41:39.0049 1412 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:41:39.0095 1412 volmgrx - ok 10:41:39.0239 1412 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:41:39.0285 1412 volsnap - ok 10:41:39.0485 1412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:41:39.0525 1412 vsmraid - ok 10:41:40.0471 1412 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:41:40.0647 1412 VSS - ok 10:41:41.0129 1412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:41:41.0189 1412 vwifibus - ok 10:41:41.0244 1412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:41:41.0297 1412 vwififlt - ok 10:41:41.0554 1412 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:41:41.0683 1412 W32Time - ok 10:41:41.0740 1412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:41:41.0805 1412 WacomPen - ok 10:41:41.0854 1412 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:41:41.0954 1412 WANARP - ok 10:41:41.0982 1412 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:41:42.0061 1412 Wanarpv6 - ok 10:41:42.0567 1412 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:41:42.0750 1412 WatAdminSvc - ok 10:41:43.0267 1412 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:41:43.0386 1412 wbengine - ok 10:41:44.0326 1412 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:41:44.0404 1412 WbioSrvc - ok 10:41:44.0713 1412 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:41:44.0796 1412 wcncsvc - ok 10:41:44.0964 1412 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:41:45.0323 1412 WcsPlugInService - ok 10:41:45.0662 1412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:41:45.0700 1412 Wd - ok 10:41:46.0555 1412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:41:46.0680 1412 Wdf01000 - ok 10:41:46.0866 1412 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:41:46.0994 1412 WdiServiceHost - ok 10:41:47.0001 1412 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:41:47.0035 1412 WdiSystemHost - ok 10:41:47.0129 1412 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:41:47.0207 1412 WebClient - ok 10:41:47.0271 1412 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:41:47.0380 1412 Wecsvc - ok 10:41:47.0417 1412 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:41:47.0571 1412 wercplsupport - ok 10:41:47.0655 1412 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:41:47.0756 1412 WerSvc - ok 10:41:47.0909 1412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:41:48.0000 1412 WfpLwf - ok 10:41:48.0102 1412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:41:48.0135 1412 WIMMount - ok 10:41:48.0176 1412 WinDefend - ok 10:41:48.0193 1412 WinHttpAutoProxySvc - ok 10:41:48.0400 1412 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:41:48.0575 1412 Winmgmt - ok 10:41:49.0422 1412 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:41:49.0632 1412 WinRM - ok 10:41:49.0963 1412 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 10:41:50.0021 1412 WinUSB - ok 10:41:50.0169 1412 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:41:50.0244 1412 Wlansvc - ok 10:41:51.0748 1412 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:41:51.0870 1412 wlidsvc - ok 10:41:52.0466 1412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:41:52.0588 1412 WmiAcpi - ok 10:41:52.0717 1412 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:41:52.0803 1412 wmiApSrv - ok 10:41:52.0866 1412 WMPNetworkSvc - ok 10:41:52.0892 1412 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:41:52.0950 1412 WPCSvc - ok 10:41:53.0011 1412 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:41:53.0084 1412 WPDBusEnum - ok 10:41:53.0112 1412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:41:53.0205 1412 ws2ifsl - ok 10:41:53.0255 1412 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 10:41:53.0322 1412 wscsvc - ok 10:41:53.0330 1412 WSearch - ok 10:41:53.0626 1412 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 10:41:53.0731 1412 wuauserv - ok 10:41:54.0128 1412 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:41:54.0267 1412 WudfPf - ok 10:41:54.0343 1412 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:41:54.0468 1412 WUDFRd - ok 10:41:54.0539 1412 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:41:54.0624 1412 wudfsvc - ok 10:41:54.0690 1412 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:41:54.0793 1412 WwanSvc - ok 10:41:54.0966 1412 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 10:41:55.0082 1412 yukonw7 - ok 10:41:55.0151 1412 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0 10:41:55.0195 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 10:41:55.0195 1412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 10:41:55.0326 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:41:55.0326 1412 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:41:55.0348 1412 Boot (0x1200) (59289c2b48e375dded0bbbd04edd3b99) \Device\Harddisk0\DR0\Partition0 10:41:55.0358 1412 \Device\Harddisk0\DR0\Partition0 - ok 10:41:55.0457 1412 Boot (0x1200) (31b7528e894dd44a2d13f1fbb17edbf6) \Device\Harddisk0\DR0\Partition1 10:41:55.0627 1412 \Device\Harddisk0\DR0\Partition1 - ok 10:41:55.0693 1412 Boot (0x1200) (ece4f927bcdb5482a95bfaf7384b3603) \Device\Harddisk0\DR0\Partition2 10:41:55.0729 1412 \Device\Harddisk0\DR0\Partition2 - ok 10:41:55.0820 1412 Boot (0x1200) (f22c95416878215ea58f71b74cca52c4) \Device\Harddisk0\DR0\Partition3 10:41:55.0822 1412 \Device\Harddisk0\DR0\Partition3 - ok 10:41:55.0823 1412 ============================================================ 10:41:55.0823 1412 Scan finished 10:41:55.0823 1412 ============================================================ 10:41:55.0854 5956 Detected object count: 2 10:41:55.0854 5956 Actual detected object count: 2 10:42:13.0562 5956 \Device\Harddisk0\DR0\# - copied to quarantine 10:42:13.0563 5956 \Device\Harddisk0\DR0 - copied to quarantine 10:42:13.0662 5956 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 10:42:13.0669 5956 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 10:42:13.0679 5956 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 10:42:13.0691 5956 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 10:42:13.0718 5956 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 10:42:13.0735 5956 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 10:42:13.0740 5956 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 10:42:13.0744 5956 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 10:42:13.0750 5956 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 10:42:13.0756 5956 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 10:42:13.0763 5956 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 10:42:13.0769 5956 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 10:42:13.0807 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 10:42:13.0871 5956 \Device\Harddisk0\DR0 - ok 10:42:17.0896 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 10:42:17.0897 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:42:17.0898 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:43:54.0138 3788 Deinitialize success Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-HP [administrator] 6/28/2012 10:53:20 AM mbam-log-2012-06-28 (10-53-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213808 Time elapsed: 15 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
- June 28, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

I am going to disinfect it, I will not be able to run TDSSkiller until tomorrow. I will post the log tomorrow as soon as I do. Thanks.
- June 26, 2012
- 16 replies
Malware problem or Software problem?

username123 replied to username123's topic in Resolved Malware Removal Logs

This PC is mainly used for Netflix/Youtube and some online shopping, no banking or other activity that contains personal info. Can you tell how likely is it based on the infection that it won't be secure after disinfection?
- June 26, 2012
- 16 replies
Malware problem or Software problem?

username123 posted a topic in Resolved Malware Removal Logs

I'm posting on behalf oy of mom who started using malwarebytes at my urging. Malware bytes keeps decting 2 trojans, but when I restart the computer to complete removal it freezes and has to be manually turned off and back on to finish restarting. I'm not sure if the trojans are causing the restart problems and are just refusing to be removed, or if there is a software problem causing the computer to freeze during restart and preventing removal. DDS and Malwarebytes logs below. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Owner at 18:15:26 on 2012-06-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1688 [GMT -4:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\DigitalPersona\Bin\DPAgent.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.foxnews.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 8.8.8.8 TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\3416D607D275966496 : DhcpNameServer = 10.128.128.128 TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\B4F4140313 : DhcpNameServer = 67.20.47.9 67.20.47.7 67.20.47.8 TCP: Interfaces\{B0391C71-D4E5-4064-B7A3-607DB673E71C} : DhcpNameServer = 8.8.8.8 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = DPPassFilter scecli BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-18 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08:09;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-3-11 245232] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-06-25 20:03:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-25 20:02:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-25 20:02:18 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-25 20:02:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 18:21:45 20480 ----a-w- C:\Windows\svchost.exe 2012-06-14 01:40:50 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d 2012-06-14 00:51:13 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 00:51:12 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 00:51:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 00:51:12 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 00:51:12 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 00:51:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-14 00:44:48 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 00:44:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 00:34:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 00:16:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 00:16:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 00:16:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 00:13:18 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 00:08:01 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 00:50:42 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys 2012-06-13 00:50:42 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys 2012-06-13 00:50:42 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys 2012-06-13 00:50:42 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys 2012-06-13 00:50:42 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys 2012-06-13 00:50:42 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys 2012-06-13 00:50:18 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003 2012-06-08 18:51:07 -------- d-----w- C:\ProgramData\Kodak 2012-06-08 18:51:00 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll . ==================== Find3M ==================== . 2012-05-19 02:13:13 900 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 18:16:51.08 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/16/2011 3:17:43 PM System Uptime: 6/25/2012 5:40:46 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 1641 Processor: AMD Phenom II P860 Triple-Core Processor | Socket S1G4 | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 674 GiB total, 608.337 GiB free. D: is FIXED (NTFS) - 24 GiB total, 3.549 GiB free. E: is CDROM () F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free. H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP185: 5/27/2012 6:22:40 PM - Windows Backup RP186: 5/27/2012 7:45:11 PM - Windows Update RP187: 5/29/2012 6:50:22 PM - Windows Update RP188: 5/30/2012 4:13:36 PM - Windows Update RP189: 5/30/2012 4:39:07 PM - Windows Update RP190: 6/1/2012 7:32:09 PM - Windows Update RP191: 6/1/2012 10:11:26 PM - Windows Update RP192: 6/3/2012 7:35:50 PM - Windows Update RP193: 6/3/2012 8:05:16 PM - Windows Update RP194: 6/4/2012 5:35:44 PM - Windows Backup RP195: 6/6/2012 10:10:59 PM - Windows Update RP196: 6/6/2012 10:37:03 PM - Windows Update RP197: 6/8/2012 2:45:00 PM - Windows Update RP198: 6/8/2012 6:48:24 PM - Windows Update RP199: 6/10/2012 11:18:30 AM - Windows Update RP200: 6/10/2012 1:01:17 PM - Windows Update RP201: 6/11/2012 8:00:24 PM - Windows Backup RP202: 6/12/2012 8:34:32 PM - Windows Update RP203: 6/13/2012 9:37:09 PM - Windows Update RP204: 6/13/2012 11:13:26 PM - Windows Update RP205: 6/17/2012 11:23:25 AM - Windows Update RP206: 6/18/2012 1:50:48 PM - Windows Backup RP207: 6/18/2012 7:21:53 PM - Windows Update RP208: 6/25/2012 4:01:35 PM - Windows Update RP209: 6/25/2012 4:49:31 PM - Windows Update RP210: 6/25/2012 5:59:53 PM - Windows Backup . ==== Installed Programs ====================== . Adobe AIR Adobe Reader 9.5.1 MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Contents Corel PaintShop Photo Pro X3 Corel VideoStudio Pro X3 CyberLink DVD Suite D3DX10 DeviceIO Diner Dash 2 Restaurant Rescue Dora's World Adventure DVD Menu Pack for HP MediaSmart Video Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 Farm Frenzy FATE Fences Pro Final Drive Nitro Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.2.0 HP CloudDrive HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP MovieStore HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP Software Framework HP Support Assistant Hulu Desktop ICA IDT Audio IPM_PSP_Pro IPM_VS_Pro ISCOM Java 6 Update 25 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Movie Theme Pack for HP MediaSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - The London Caper Norton Internet Security Norton Online Backup PdaNet for Android 2.45 Penguins! PhotoNow! PictureMover Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PSPPContent PSPPRO_DCRAW PureHD Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader Recovery Manager RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Setup Share Skype Click to Call Skype™ 5.8 Times Reader Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App VIO Virtual Families Virtual Villagers 4 - The Tree of Life VSClassic VSPro Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/25/2012 5:45:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/25/2012 4:49:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562). 6/25/2012 4:49:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715). 6/25/2012 4:49:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255). 6/25/2012 3:56:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 6/25/2012 3:47:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 6/18/2012 6:16:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 6/18/2012 3:16:35 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1. . ==== End Of File =========================== Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-HP [administrator] 6/25/2012 6:26:28 PM mbam-log-2012-06-25 (18-38-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213698 Time elapsed: 11 minute(s), 18 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 2956 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end)
- June 25, 2012
- 16 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

I ran otcleanit and uninstalled combofix. Everything is running fine. Thanks for all your help!
- June 19, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

eset log C:\FRST\Quarantine\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\80000000.@ a variant of Win32/Sirefef.FA trojan C:\FRST\Quarantine\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\hotelshopbooknow_biz[1].htm HTML/Iframe.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\mx_nan_a[1].htm HTML/Iframe.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\mx_nan_a[2].htm HTML/Iframe.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30LBSPYD\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67KTF39W\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan
- June 18, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Not having any problems. I ran Hijackthis as administrator. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:50:05 PM, on 6/15/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\httpd.exe (file missing) O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files\Workspace\offSyncService.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- End of file - 10260 bytes Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.15.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 6/15/2012 2:41:01 PM mbam-log-2012-06-15 (14-41-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200870 Time elapsed: 11 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- June 15, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Everything seems to be ok now, no problems. ComboFix 12-06-13.05 - Owner 06/13/2012 22:17:40.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1056 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))) . . 2012-06-14 02:31 . 2012-06-14 02:32 -------- d-----w- c:\users\Owner\AppData\Local\temp 2012-06-14 02:31 . 2012-06-14 02:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-14 02:31 . 2012-06-14 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 22:20 . 2012-06-13 22:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BC3FE9-7BE4-4DFC-A41E-9757832A873D}\offreg.dll 2012-06-13 22:01 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BC3FE9-7BE4-4DFC-A41E-9757832A873D}\mpengine.dll 2012-06-08 20:05 . 2012-06-08 20:06 -------- d-----w- C:\FRST 2012-06-08 16:09 . 2012-06-08 16:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-08 16:09 . 2012-06-08 16:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-08 02:25 . 2012-06-08 02:25 -------- d-----w- c:\users\Owner\SyncFolder 2012-06-08 02:24 . 2012-06-08 02:36 -------- d-----w- c:\program files\MyPC Backup 2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\programdata\HitmanPro 2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\program files\HitmanPro 2012-06-05 17:54 . 2012-06-05 17:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-01 15:02 . 2012-06-01 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-05-22 16:53 . 2012-05-22 16:55 -------- d-----w- c:\programdata\Knowledge Adventure 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\SWF Studio 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\JumpStart 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\Knowledge Adventure . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-01 14:36 . 2012-04-03 17:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 14:36 . 2011-12-13 12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 19:56 . 2011-04-18 17:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-12 06:14 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-12 06:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-12 06:15 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-08 16:09 . 2011-05-17 15:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Starfield Updater"="c:\users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe" [2012-02-01 34496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040] "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456] "Skytel"="Skytel.exe" [2007-11-21 1826816] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192] "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 71189191 *NewlyCreated* - ASWMBR *NewlyCreated* - WS2IFSL *Deregistered* - 71189191 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2012-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . 2012-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-13 22:32 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4120) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\program files\Workspace\offsyncext.dll . Completion time: 2012-06-13 22:36:25 ComboFix-quarantined-files.txt 2012-06-14 02:36 ComboFix2.txt 2012-06-12 19:54 ComboFix3.txt 2011-12-30 21:28 . Pre-Run: 11,748,519,936 bytes free Post-Run: 11,964,424,192 bytes free . - - End Of File - - 0BC4A276184C838D7A7466605A7E890A
- June 14, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

The computer seems to be acting ok. Logs below. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-13 14:13:00 ----------------------------- 14:13:00.878 OS Version: Windows 6.0.6002 Service Pack 2 14:13:00.878 Number of processors: 2 586 0xF0D 14:13:00.878 ComputerName: OWNER-PC UserName: Owner 14:13:03.452 Initialize success 14:14:38.383 AVAST engine defs: 12061300 14:16:35.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:16:35.929 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3 14:16:35.960 Disk 0 MBR read successfully 14:16:35.976 Disk 0 MBR scan 14:16:36.022 Disk 0 unknown MBR code 14:16:36.038 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 14:16:36.069 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048 14:16:36.132 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264 14:16:36.147 Disk 0 scanning sectors +312578048 14:16:36.272 Disk 0 scanning C:\Windows\system32\drivers 14:17:04.009 Service scanning 14:17:48.703 Modules scanning 14:17:56.066 Disk 0 trace - called modules: 14:17:56.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 14:17:56.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8516a9a8] 14:17:56.160 3 CLASSPNP.SYS[87fa38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f738d8] 14:17:58.125 AVAST engine scan C:\Windows 14:18:13.023 AVAST engine scan C:\Windows\system32 14:25:21.914 AVAST engine scan C:\Windows\system32\drivers 14:25:54.175 AVAST engine scan C:\Users\Owner 14:57:23.424 AVAST engine scan C:\ProgramData 15:05:50.299 Scan finished successfully 17:50:49.765 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat" 17:50:49.781 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt" 14:11:16.0905 3856 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 14:11:19.0026 3856 ============================================================ 14:11:19.0026 3856 Current date / time: 2012/06/13 14:11:19.0026 14:11:19.0027 3856 SystemInfo: 14:11:19.0027 3856 14:11:19.0027 3856 OS Version: 6.0.6002 ServicePack: 2.0 14:11:19.0027 3856 Product type: Workstation 14:11:19.0027 3856 ComputerName: OWNER-PC 14:11:19.0028 3856 UserName: Owner 14:11:19.0028 3856 Windows directory: C:\Windows 14:11:19.0028 3856 System windows directory: C:\Windows 14:11:19.0028 3856 Processor architecture: Intel x86 14:11:19.0028 3856 Number of processors: 2 14:11:19.0028 3856 Page size: 0x1000 14:11:19.0028 3856 Boot type: Normal boot 14:11:19.0028 3856 ============================================================ 14:11:28.0341 3856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:11:28.0341 3856 ============================================================ 14:11:28.0341 3856 \Device\Harddisk0\DR0: 14:11:28.0341 3856 MBR partitions: 14:11:28.0341 3856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800 14:11:28.0341 3856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000 14:11:28.0341 3856 ============================================================ 14:11:28.0794 3856 C: <-> \Device\Harddisk0\DR0\Partition0 14:11:28.0887 3856 D: <-> \Device\Harddisk0\DR0\Partition1 14:11:28.0887 3856 ============================================================ 14:11:28.0887 3856 Initialize success 14:11:28.0887 3856 ============================================================ 14:11:31.0711 5700 ============================================================ 14:11:31.0711 5700 Scan started 14:11:31.0711 5700 Mode: Manual; 14:11:31.0711 5700 ============================================================ 14:11:32.0678 5700 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 14:11:32.0694 5700 ACPI - ok 14:11:32.0756 5700 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 14:11:32.0787 5700 adp94xx - ok 14:11:32.0850 5700 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 14:11:32.0881 5700 adpahci - ok 14:11:32.0928 5700 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 14:11:32.0943 5700 adpu160m - ok 14:11:32.0990 5700 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 14:11:32.0990 5700 adpu320 - ok 14:11:33.0021 5700 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 14:11:33.0021 5700 AeLookupSvc - ok 14:11:33.0084 5700 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 14:11:33.0115 5700 AFD - ok 14:11:33.0146 5700 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe 14:11:33.0146 5700 AgereModemAudio - ok 14:11:33.0302 5700 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys 14:11:33.0349 5700 AgereSoftModem - ok 14:11:33.0380 5700 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 14:11:33.0380 5700 agp440 - ok 14:11:33.0396 5700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 14:11:33.0411 5700 aic78xx - ok 14:11:33.0427 5700 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 14:11:33.0427 5700 ALG - ok 14:11:33.0458 5700 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 14:11:33.0458 5700 aliide - ok 14:11:33.0489 5700 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 14:11:33.0489 5700 amdagp - ok 14:11:33.0505 5700 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 14:11:33.0520 5700 amdide - ok 14:11:33.0536 5700 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 14:11:33.0536 5700 AmdK7 - ok 14:11:33.0567 5700 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 14:11:33.0567 5700 AmdK8 - ok 14:11:33.0567 5700 Apache2.2 - ok 14:11:33.0598 5700 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 14:11:33.0598 5700 Appinfo - ok 14:11:33.0645 5700 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 14:11:33.0645 5700 arc - ok 14:11:33.0676 5700 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 14:11:33.0692 5700 arcsas - ok 14:11:33.0864 5700 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 14:11:33.0910 5700 aspnet_state - ok 14:11:33.0957 5700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 14:11:33.0957 5700 AsyncMac - ok 14:11:34.0035 5700 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 14:11:34.0035 5700 atapi - ok 14:11:34.0191 5700 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys 14:11:34.0238 5700 athr - ok 14:11:34.0332 5700 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 14:11:34.0332 5700 AudioEndpointBuilder - ok 14:11:34.0347 5700 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 14:11:34.0347 5700 Audiosrv - ok 14:11:34.0394 5700 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:11:34.0425 5700 b57nd60x - ok 14:11:34.0456 5700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 14:11:34.0456 5700 Beep - ok 14:11:34.0550 5700 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 14:11:34.0566 5700 BFE - ok 14:11:34.0768 5700 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 14:11:34.0815 5700 BITS - ok 14:11:34.0846 5700 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 14:11:34.0862 5700 blbdrive - ok 14:11:34.0924 5700 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 14:11:34.0924 5700 bowser - ok 14:11:34.0971 5700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 14:11:34.0971 5700 BrFiltLo - ok 14:11:34.0987 5700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 14:11:34.0987 5700 BrFiltUp - ok 14:11:35.0096 5700 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys 14:11:35.0096 5700 BridgeMP - ok 14:11:35.0143 5700 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 14:11:35.0143 5700 Browser - ok 14:11:35.0174 5700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 14:11:35.0174 5700 Brserid - ok 14:11:35.0190 5700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 14:11:35.0190 5700 BrSerWdm - ok 14:11:35.0221 5700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 14:11:35.0221 5700 BrUsbMdm - ok 14:11:35.0236 5700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 14:11:35.0236 5700 BrUsbSer - ok 14:11:35.0268 5700 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 14:11:35.0268 5700 BTHMODEM - ok 14:11:35.0377 5700 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 14:11:35.0377 5700 BUNAgentSvc - ok 14:11:35.0455 5700 catchme - ok 14:11:35.0470 5700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 14:11:35.0470 5700 cdfs - ok 14:11:35.0517 5700 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 14:11:35.0517 5700 cdrom - ok 14:11:35.0580 5700 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 14:11:35.0595 5700 CertPropSvc - ok 14:11:35.0611 5700 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 14:11:35.0611 5700 circlass - ok 14:11:35.0689 5700 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 14:11:35.0704 5700 CLFS - ok 14:11:35.0954 5700 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:11:36.0032 5700 clr_optimization_v2.0.50727_32 - ok 14:11:36.0360 5700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:11:36.0375 5700 clr_optimization_v4.0.30319_32 - ok 14:11:36.0406 5700 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 14:11:36.0406 5700 CmBatt - ok 14:11:36.0422 5700 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 14:11:36.0422 5700 cmdide - ok 14:11:36.0438 5700 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 14:11:36.0438 5700 Compbatt - ok 14:11:36.0453 5700 COMSysApp - ok 14:11:36.0469 5700 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 14:11:36.0469 5700 crcdisk - ok 14:11:36.0484 5700 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 14:11:36.0484 5700 Crusoe - ok 14:11:36.0547 5700 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 14:11:36.0562 5700 CryptSvc - ok 14:11:36.0672 5700 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 14:11:36.0687 5700 DcomLaunch - ok 14:11:36.0750 5700 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 14:11:36.0750 5700 DfsC - ok 14:11:37.0015 5700 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 14:11:37.0093 5700 DFSR - ok 14:11:37.0764 5700 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 14:11:37.0795 5700 Dhcp - ok 14:11:37.0873 5700 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 14:11:37.0873 5700 disk - ok 14:11:37.0904 5700 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 14:11:37.0920 5700 DKbFltr - ok 14:11:37.0951 5700 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 14:11:37.0982 5700 Dnscache - ok 14:11:38.0060 5700 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 14:11:38.0107 5700 dot3svc - ok 14:11:38.0169 5700 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 14:11:38.0169 5700 DPS - ok 14:11:38.0247 5700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 14:11:38.0247 5700 drmkaud - ok 14:11:38.0356 5700 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 14:11:38.0388 5700 DXGKrnl - ok 14:11:38.0419 5700 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 14:11:38.0434 5700 E1G60 - ok 14:11:38.0466 5700 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 14:11:38.0481 5700 EapHost - ok 14:11:38.0528 5700 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 14:11:38.0544 5700 Ecache - ok 14:11:38.0762 5700 eDataSecurity Service (2ce2ddcb1a41ed4488a2a8b98d286b3d) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 14:11:38.0871 5700 eDataSecurity Service - ok 14:11:39.0152 5700 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 14:11:39.0230 5700 ehRecvr - ok 14:11:39.0261 5700 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 14:11:39.0261 5700 ehSched - ok 14:11:39.0277 5700 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 14:11:39.0292 5700 ehstart - ok 14:11:39.0370 5700 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 14:11:39.0386 5700 elxstor - ok 14:11:39.0480 5700 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 14:11:39.0495 5700 EMDMgmt - ok 14:11:39.0542 5700 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 14:11:39.0542 5700 ErrDev - ok 14:11:39.0651 5700 ETService (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 14:11:39.0651 5700 ETService - ok 14:11:39.0760 5700 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 14:11:39.0807 5700 EventSystem - ok 14:11:39.0854 5700 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 14:11:39.0854 5700 exfat - ok 14:11:39.0916 5700 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 14:11:39.0948 5700 fastfat - ok 14:11:39.0963 5700 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 14:11:39.0979 5700 fdc - ok 14:11:40.0010 5700 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 14:11:40.0010 5700 fdPHost - ok 14:11:40.0026 5700 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 14:11:40.0041 5700 FDResPub - ok 14:11:40.0244 5700 File Backup (ed59ad1c8db2f26324051b035ae56cdd) C:\Program Files\Workspace\offSyncService.exe 14:11:40.0322 5700 File Backup - ok 14:11:40.0338 5700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 14:11:40.0338 5700 FileInfo - ok 14:11:40.0353 5700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 14:11:40.0353 5700 Filetrace - ok 14:11:40.0369 5700 FileZilla Server - ok 14:11:40.0400 5700 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 14:11:40.0400 5700 flpydisk - ok 14:11:40.0447 5700 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 14:11:40.0462 5700 FltMgr - ok 14:11:40.0634 5700 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 14:11:40.0696 5700 FontCache - ok 14:11:40.0946 5700 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:11:40.0977 5700 FontCache3.0.0.0 - ok 14:11:41.0024 5700 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 14:11:41.0055 5700 Fs_Rec - ok 14:11:41.0086 5700 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 14:11:41.0086 5700 gagp30kx - ok 14:11:41.0180 5700 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 14:11:41.0180 5700 GoogleDesktopManager-051210-111108 - ok 14:11:41.0320 5700 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 14:11:41.0383 5700 gpsvc - ok 14:11:41.0430 5700 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 14:11:41.0430 5700 gupdate - ok 14:11:41.0476 5700 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 14:11:41.0476 5700 gupdatem - ok 14:11:41.0539 5700 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 14:11:41.0570 5700 gusvc - ok 14:11:41.0913 5700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 14:11:41.0944 5700 HdAudAddService - ok 14:11:42.0038 5700 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:11:42.0085 5700 HDAudBus - ok 14:11:42.0116 5700 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 14:11:42.0116 5700 HidBth - ok 14:11:42.0147 5700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 14:11:42.0147 5700 HidIr - ok 14:11:42.0210 5700 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 14:11:42.0210 5700 hidserv - ok 14:11:42.0256 5700 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 14:11:42.0256 5700 HidUsb - ok 14:11:42.0303 5700 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 14:11:42.0334 5700 hkmsvc - ok 14:11:42.0350 5700 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 14:11:42.0366 5700 HpCISSs - ok 14:11:42.0459 5700 hpqcxs08 (5eaacbb733c8c360247239f6874b14b4) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 14:11:42.0506 5700 hpqcxs08 - ok 14:11:42.0537 5700 hpqddsvc (8fe93079a7c053dafe9a0e5753e3d698) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 14:11:42.0568 5700 hpqddsvc - ok 14:11:42.0600 5700 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 14:11:42.0631 5700 HSFHWAZL - ok 14:11:42.0771 5700 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 14:11:42.0834 5700 HSF_DPV - ok 14:11:42.0927 5700 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 14:11:42.0990 5700 HTTP - ok 14:11:43.0021 5700 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 14:11:43.0021 5700 i2omp - ok 14:11:43.0068 5700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 14:11:43.0130 5700 i8042prt - ok 14:11:43.0192 5700 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 14:11:43.0192 5700 iaStorV - ok 14:11:43.0458 5700 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:11:43.0582 5700 idsvc - ok 14:11:44.0690 5700 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:11:44.0940 5700 igfx - ok 14:11:45.0111 5700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 14:11:45.0111 5700 iirsp - ok 14:11:45.0205 5700 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 14:11:45.0236 5700 IKEEXT - ok 14:11:45.0267 5700 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys 14:11:45.0408 5700 int15 - ok 14:11:45.0657 5700 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys 14:11:45.0751 5700 IntcAzAudAddService - ok 14:11:46.0890 5700 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 14:11:46.0890 5700 intelide - ok 14:11:46.0921 5700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 14:11:46.0921 5700 intelppm - ok 14:11:46.0968 5700 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 14:11:46.0999 5700 IPBusEnum - ok 14:11:47.0030 5700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:11:47.0030 5700 IpFilterDriver - ok 14:11:47.0108 5700 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 14:11:47.0124 5700 iphlpsvc - ok 14:11:47.0124 5700 IpInIp - ok 14:11:47.0155 5700 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 14:11:47.0155 5700 IPMIDRV - ok 14:11:47.0186 5700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 14:11:47.0233 5700 IPNAT - ok 14:11:47.0248 5700 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 14:11:47.0248 5700 irda - ok 14:11:47.0264 5700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 14:11:47.0280 5700 IRENUM - ok 14:11:47.0311 5700 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll 14:11:47.0311 5700 Irmon - ok 14:11:47.0342 5700 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 14:11:47.0342 5700 isapnp - ok 14:11:47.0404 5700 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 14:11:47.0451 5700 iScsiPrt - ok 14:11:47.0467 5700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 14:11:47.0467 5700 iteatapi - ok 14:11:47.0498 5700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 14:11:47.0498 5700 iteraid - ok 14:11:47.0514 5700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:11:47.0514 5700 kbdclass - ok 14:11:47.0545 5700 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 14:11:47.0545 5700 kbdhid - ok 14:11:47.0576 5700 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 14:11:47.0576 5700 KeyIso - ok 14:11:47.0716 5700 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 14:11:47.0732 5700 KSecDD - ok 14:11:47.0826 5700 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 14:11:47.0826 5700 KtmRm - ok 14:11:47.0888 5700 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 14:11:47.0904 5700 LanmanServer - ok 14:11:47.0950 5700 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 14:11:47.0966 5700 LanmanWorkstation - ok 14:11:48.0075 5700 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 14:11:48.0075 5700 LightScribeService - ok 14:11:48.0138 5700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 14:11:48.0138 5700 lltdio - ok 14:11:48.0200 5700 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 14:11:48.0262 5700 lltdsvc - ok 14:11:48.0278 5700 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 14:11:48.0278 5700 lmhosts - ok 14:11:48.0325 5700 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 14:11:48.0340 5700 LSI_FC - ok 14:11:48.0372 5700 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 14:11:48.0387 5700 LSI_SAS - ok 14:11:48.0418 5700 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 14:11:48.0434 5700 LSI_SCSI - ok 14:11:48.0450 5700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 14:11:48.0465 5700 luafv - ok 14:11:48.0543 5700 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 14:11:48.0559 5700 McAfee SiteAdvisor Service - ok 14:11:48.0684 5700 mcmscsvc (cb3a8976de2f65349322da7627cea223) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 14:11:48.0699 5700 mcmscsvc - ok 14:11:49.0058 5700 McNASvc (c69e71e00b30b60556d3e096699bd423) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe 14:11:49.0136 5700 McNASvc - ok 14:11:49.0276 5700 McODS (21456f3051cbefd1f2d60d8b9ab9c6ee) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe 14:11:49.0292 5700 McODS - ok 14:11:49.0339 5700 McProxy (8cf3da0be6094c34d7c4a85493e60547) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 14:11:49.0354 5700 McProxy - ok 14:11:49.0386 5700 McShield (33734abfa52ec8d096a1254d645e9b4f) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 14:11:49.0386 5700 McShield - ok 14:11:49.0495 5700 McSysmon (fd47df2bcc3544df65b01ad6b6062430) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 14:11:49.0526 5700 McSysmon - ok 14:11:49.0666 5700 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 14:11:49.0698 5700 Mcx2Svc - ok 14:11:49.0760 5700 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 14:11:49.0760 5700 megasas - ok 14:11:49.0807 5700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 14:11:49.0822 5700 MegaSR - ok 14:11:49.0869 5700 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys 14:11:49.0869 5700 mfeavfk - ok 14:11:49.0900 5700 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys 14:11:49.0900 5700 mfebopk - ok 14:11:49.0947 5700 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys 14:11:49.0963 5700 mfehidk - ok 14:11:49.0994 5700 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys 14:11:49.0994 5700 mferkdk - ok 14:11:50.0025 5700 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys 14:11:50.0025 5700 mfesmfk - ok 14:11:50.0072 5700 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 14:11:50.0072 5700 MMCSS - ok 14:11:50.0103 5700 MobilityService - ok 14:11:50.0119 5700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 14:11:50.0134 5700 Modem - ok 14:11:50.0150 5700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 14:11:50.0150 5700 monitor - ok 14:11:50.0197 5700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 14:11:50.0197 5700 mouclass - ok 14:11:50.0228 5700 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 14:11:50.0228 5700 mouhid - ok 14:11:50.0244 5700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 14:11:50.0259 5700 MountMgr - ok 14:11:50.0353 5700 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:11:50.0431 5700 MozillaMaintenance - ok 14:11:50.0478 5700 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys 14:11:50.0493 5700 MPFP - ok 14:11:50.0634 5700 MpfService (346f30f1ff73553aa466f4ae7948da00) C:\Program Files\McAfee\MPF\MPFSrv.exe 14:11:50.0634 5700 MpfService - ok 14:11:50.0680 5700 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 14:11:50.0680 5700 mpio - ok 14:11:50.0727 5700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 14:11:50.0727 5700 mpsdrv - ok 14:11:50.0836 5700 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 14:11:50.0883 5700 MpsSvc - ok 14:11:50.0899 5700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 14:11:50.0899 5700 Mraid35x - ok 14:11:50.0961 5700 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 14:11:51.0086 5700 MRxDAV - ok 14:11:51.0164 5700 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:11:51.0180 5700 mrxsmb - ok 14:11:51.0242 5700 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:11:51.0258 5700 mrxsmb10 - ok 14:11:51.0304 5700 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:11:51.0304 5700 mrxsmb20 - ok 14:11:51.0351 5700 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 14:11:51.0351 5700 msahci - ok 14:11:51.0398 5700 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 14:11:51.0414 5700 msdsm - ok 14:11:51.0460 5700 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 14:11:51.0507 5700 MSDTC - ok 14:11:51.0538 5700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 14:11:51.0538 5700 Msfs - ok 14:11:51.0601 5700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 14:11:51.0601 5700 msisadrv - ok 14:11:51.0663 5700 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 14:11:51.0679 5700 MSiSCSI - ok 14:11:51.0694 5700 msiserver - ok 14:11:52.0116 5700 MSK80Service (a05de3535884270b8d292dcbdd6ded20) C:\Program Files\McAfee\MSK\MskSrver.exe 14:11:52.0131 5700 MSK80Service - ok 14:11:52.0225 5700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 14:11:52.0225 5700 MSKSSRV - ok 14:11:52.0240 5700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 14:11:52.0240 5700 MSPCLOCK - ok 14:11:52.0256 5700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 14:11:52.0256 5700 MSPQM - ok 14:11:52.0318 5700 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 14:11:52.0334 5700 MsRPC - ok 14:11:52.0365 5700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 14:11:52.0365 5700 mssmbios - ok 14:11:52.0381 5700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 14:11:52.0381 5700 MSTEE - ok 14:11:52.0412 5700 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 14:11:52.0443 5700 Mup - ok 14:11:52.0459 5700 mysql - ok 14:11:53.0582 5700 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 14:11:53.0660 5700 napagent - ok 14:11:53.0738 5700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 14:11:53.0785 5700 NativeWifiP - ok 14:11:53.0894 5700 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 14:11:53.0910 5700 NDIS - ok 14:11:53.0941 5700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 14:11:53.0956 5700 NdisTapi - ok 14:11:53.0972 5700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 14:11:53.0972 5700 Ndisuio - ok 14:11:54.0019 5700 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:11:54.0034 5700 NdisWan - ok 14:11:54.0066 5700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 14:11:54.0066 5700 NDProxy - ok 14:11:54.0097 5700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 14:11:54.0112 5700 NetBIOS - ok 14:11:54.0175 5700 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 14:11:54.0175 5700 netbt - ok 14:11:54.0222 5700 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 14:11:54.0237 5700 Netlogon - ok 14:11:54.0300 5700 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 14:11:54.0331 5700 Netman - ok 14:11:55.0080 5700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:11:55.0173 5700 NetMsmqActivator - ok 14:11:55.0189 5700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:11:55.0189 5700 NetPipeActivator - ok 14:11:55.0766 5700 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 14:11:55.0813 5700 netprofm - ok 14:11:55.0828 5700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:11:55.0828 5700 NetTcpActivator - ok 14:11:55.0844 5700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:11:55.0844 5700 NetTcpPortSharing - ok 14:11:56.0140 5700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 14:11:56.0218 5700 nfrd960 - ok 14:11:56.0265 5700 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 14:11:56.0296 5700 NlaSvc - ok 14:11:56.0359 5700 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 14:11:56.0359 5700 Npfs - ok 14:11:56.0390 5700 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 14:11:56.0390 5700 NSCIRDA - ok 14:11:56.0421 5700 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 14:11:56.0421 5700 nsi - ok 14:11:56.0437 5700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 14:11:56.0437 5700 nsiproxy - ok 14:11:56.0920 5700 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 14:11:57.0045 5700 Ntfs - ok 14:11:57.0108 5700 NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 14:11:57.0108 5700 NTIBackupSvc - ok 14:11:57.0170 5700 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 14:11:57.0170 5700 NTIDrvr - ok 14:11:57.0404 5700 NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 14:11:57.0498 5700 NTISchedulerSvc - ok 14:11:57.0529 5700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 14:11:57.0529 5700 ntrigdigi - ok 14:11:58.0184 5700 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 14:11:58.0215 5700 NuidFltr - ok 14:11:58.0246 5700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 14:11:58.0246 5700 Null - ok 14:11:58.0309 5700 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 14:11:58.0324 5700 nvraid - ok 14:11:58.0371 5700 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 14:11:58.0371 5700 nvstor - ok 14:11:58.0434 5700 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 14:11:58.0434 5700 nv_agp - ok 14:11:58.0449 5700 NwlnkFlt - ok 14:11:58.0465 5700 NwlnkFwd - ok 14:11:58.0980 5700 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:11:59.0058 5700 odserv - ok 14:11:59.0104 5700 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 14:11:59.0104 5700 ohci1394 - ok 14:11:59.0198 5700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:11:59.0276 5700 ose - ok 14:12:00.0290 5700 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 14:12:00.0368 5700 p2pimsvc - ok 14:12:00.0384 5700 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 14:12:00.0399 5700 p2psvc - ok 14:12:01.0257 5700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 14:12:01.0257 5700 Parport - ok 14:12:01.0304 5700 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 14:12:01.0304 5700 partmgr - ok 14:12:01.0320 5700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 14:12:01.0320 5700 Parvdm - ok 14:12:01.0366 5700 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 14:12:01.0366 5700 PcaSvc - ok 14:12:01.0429 5700 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 14:12:01.0476 5700 pci - ok 14:12:01.0522 5700 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 14:12:01.0522 5700 pciide - ok 14:12:01.0569 5700 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 14:12:01.0616 5700 pcmcia - ok 14:12:02.0287 5700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 14:12:02.0334 5700 PEAUTH - ok 14:12:02.0630 5700 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 14:12:02.0755 5700 pla - ok 14:12:03.0301 5700 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 14:12:03.0332 5700 PlugPlay - ok 14:12:03.0441 5700 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 14:12:03.0457 5700 PNRPAutoReg - ok 14:12:03.0472 5700 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 14:12:03.0488 5700 PNRPsvc - ok 14:12:04.0018 5700 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 14:12:04.0096 5700 PolicyAgent - ok 14:12:04.0174 5700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 14:12:04.0174 5700 PptpMiniport - ok 14:12:04.0237 5700 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 14:12:04.0237 5700 Processor - ok 14:12:04.0315 5700 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 14:12:04.0362 5700 ProfSvc - ok 14:12:04.0393 5700 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 14:12:04.0408 5700 ProtectedStorage - ok 14:12:05.0376 5700 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 14:12:05.0376 5700 PSched - ok 14:12:05.0422 5700 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys 14:12:05.0422 5700 PSDFilter - ok 14:12:05.0454 5700 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys 14:12:05.0454 5700 PSDNServ - ok 14:12:05.0485 5700 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys 14:12:05.0485 5700 psdvdisk - ok 14:12:06.0390 5700 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 14:12:06.0452 5700 ql2300 - ok 14:12:06.0499 5700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 14:12:06.0546 5700 ql40xx - ok 14:12:06.0608 5700 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 14:12:06.0655 5700 QWAVE - ok 14:12:06.0670 5700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 14:12:06.0670 5700 QWAVEdrv - ok 14:12:06.0686 5700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 14:12:06.0702 5700 RasAcd - ok 14:12:06.0748 5700 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 14:12:06.0764 5700 RasAuto - ok 14:12:06.0795 5700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:12:06.0795 5700 Rasl2tp - ok 14:12:06.0858 5700 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 14:12:06.0904 5700 RasMan - ok 14:12:06.0951 5700 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 14:12:06.0951 5700 RasPppoe - ok 14:12:07.0014 5700 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 14:12:07.0029 5700 RasSstp - ok 14:12:07.0092 5700 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 14:12:07.0123 5700 rdbss - ok 14:12:07.0170 5700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:12:07.0170 5700 RDPCDD - ok 14:12:07.0216 5700 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 14:12:07.0232 5700 rdpdr - ok 14:12:07.0248 5700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 14:12:07.0248 5700 RDPENCDD - ok 14:12:07.0326 5700 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 14:12:07.0341 5700 RDPWD - ok 14:12:07.0404 5700 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 14:12:07.0419 5700 RemoteAccess - ok 14:12:07.0482 5700 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 14:12:07.0497 5700 RemoteRegistry - ok 14:12:07.0528 5700 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 14:12:07.0528 5700 RpcLocator - ok 14:12:07.0653 5700 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll 14:12:07.0669 5700 RpcSs - ok 14:12:07.0716 5700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 14:12:07.0716 5700 rspndr - ok 14:12:07.0762 5700 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS 14:12:07.0809 5700 RTSTOR - ok 14:12:07.0872 5700 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 14:12:07.0872 5700 SamSs - ok 14:12:07.0918 5700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 14:12:07.0918 5700 sbp2port - ok 14:12:07.0981 5700 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 14:12:07.0996 5700 SCardSvr - ok 14:12:08.0090 5700 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 14:12:08.0121 5700 Schedule - ok 14:12:08.0184 5700 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 14:12:08.0199 5700 SCPolicySvc - ok 14:12:08.0230 5700 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 14:12:08.0230 5700 sdbus - ok 14:12:08.0293 5700 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 14:12:08.0308 5700 SDRSVC - ok 14:12:08.0340 5700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:12:08.0340 5700 secdrv - ok 14:12:08.0355 5700 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 14:12:08.0371 5700 seclogon - ok 14:12:08.0386 5700 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 14:12:08.0402 5700 SENS - ok 14:12:08.0433 5700 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 14:12:08.0433 5700 Serenum - ok 14:12:08.0464 5700 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 14:12:08.0480 5700 Serial - ok 14:12:08.0511 5700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 14:12:08.0511 5700 sermouse - ok 14:12:08.0574 5700 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 14:12:08.0589 5700 SessionEnv - ok 14:12:08.0605 5700 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 14:12:08.0605 5700 sffdisk - ok 14:12:08.0636 5700 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 14:12:08.0636 5700 sffp_mmc - ok 14:12:08.0667 5700 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 14:12:08.0667 5700 sffp_sd - ok 14:12:08.0683 5700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 14:12:08.0698 5700 sfloppy - ok 14:12:08.0761 5700 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 14:12:08.0776 5700 SharedAccess - ok 14:12:08.0839 5700 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 14:12:08.0870 5700 ShellHWDetection - ok 14:12:08.0886 5700 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 14:12:08.0901 5700 sisagp - ok 14:12:08.0964 5700 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 14:12:08.0964 5700 SiSRaid2 - ok 14:12:08.0995 5700 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 14:12:09.0057 5700 SiSRaid4 - ok 14:12:09.0463 5700 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 14:12:09.0572 5700 slsvc - ok 14:12:09.0728 5700 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 14:12:09.0744 5700 SLUINotify - ok 14:12:09.0868 5700 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 14:12:09.0868 5700 Smb - ok 14:12:09.0931 5700 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 14:12:09.0931 5700 SNMPTRAP - ok 14:12:09.0993 5700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 14:12:09.0993 5700 spldr - ok 14:12:10.0056 5700 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 14:12:10.0071 5700 Spooler - ok 14:12:10.0165 5700 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 14:12:10.0165 5700 srv - ok 14:12:10.0227 5700 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 14:12:10.0274 5700 srv2 - ok 14:12:10.0321 5700 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 14:12:10.0336 5700 srvnet - ok 14:12:10.0383 5700 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 14:12:10.0399 5700 SSDPSRV - ok 14:12:10.0430 5700 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 14:12:10.0430 5700 SstpSvc - ok 14:12:10.0539 5700 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 14:12:10.0555 5700 stisvc - ok 14:12:10.0602 5700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 14:12:10.0602 5700 swenum - ok 14:12:10.0680 5700 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 14:12:10.0695 5700 swprv - ok 14:12:10.0726 5700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 14:12:10.0742 5700 Symc8xx - ok 14:12:10.0773 5700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 14:12:10.0773 5700 Sym_hi - ok 14:12:10.0789 5700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 14:12:10.0789 5700 Sym_u3 - ok 14:12:10.0851 5700 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys 14:12:10.0867 5700 SynTP - ok 14:12:10.0960 5700 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 14:12:10.0992 5700 SysMain - ok 14:12:11.0038 5700 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 14:12:11.0070 5700 TabletInputService - ok 14:12:11.0132 5700 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 14:12:11.0194 5700 TapiSrv - ok 14:12:11.0226 5700 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 14:12:11.0241 5700 TBS - ok 14:12:11.0428 5700 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 14:12:11.0460 5700 Tcpip - ok 14:12:11.0491 5700 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 14:12:11.0506 5700 Tcpip6 - ok 14:12:11.0569 5700 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 14:12:11.0631 5700 tcpipreg - ok 14:12:11.0662 5700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 14:12:11.0678 5700 TDPIPE - ok 14:12:11.0725 5700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 14:12:11.0725 5700 TDTCP - ok 14:12:11.0787 5700 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 14:12:11.0787 5700 tdx - ok 14:12:11.0850 5700 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 14:12:11.0865 5700 TermDD - ok 14:12:11.0974 5700 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 14:12:11.0990 5700 TermService - ok 14:12:12.0255 5700 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 14:12:12.0271 5700 Themes - ok 14:12:12.0552 5700 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 14:12:12.0567 5700 THREADORDER - ok 14:12:13.0082 5700 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 14:12:13.0129 5700 TrkWks - ok 14:12:13.0207 5700 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys 14:12:13.0254 5700 TrueSight - ok 14:12:13.0675 5700 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 14:12:13.0675 5700 TrustedInstaller - ok 14:12:13.0815 5700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:12:13.0815 5700 tssecsrv - ok 14:12:13.0862 5700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 14:12:13.0862 5700 tunmp - ok 14:12:13.0924 5700 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 14:12:13.0924 5700 tunnel - ok 14:12:13.0971 5700 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 14:12:13.0971 5700 uagp35 - ok 14:12:14.0002 5700 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 14:12:14.0002 5700 UBHelper - ok 14:12:14.0080 5700 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 14:12:14.0096 5700 udfs - ok 14:12:14.0158 5700 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 14:12:14.0158 5700 UI0Detect - ok 14:12:14.0236 5700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 14:12:14.0236 5700 uliagpkx - ok 14:12:14.0299 5700 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 14:12:14.0424 5700 uliahci - ok 14:12:14.0548 5700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 14:12:14.0595 5700 UlSata - ok 14:12:14.0626 5700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 14:12:14.0720 5700 ulsata2 - ok 14:12:15.0328 5700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 14:12:15.0344 5700 umbus - ok 14:12:15.0438 5700 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 14:12:15.0469 5700 upnphost - ok 14:12:15.0531 5700 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 14:12:15.0594 5700 usbaudio - ok 14:12:15.0625 5700 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 14:12:15.0640 5700 usbccgp - ok 14:12:15.0672 5700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 14:12:15.0703 5700 usbcir - ok 14:12:15.0750 5700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 14:12:15.0750 5700 usbehci - ok 14:12:15.0921 5700 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 14:12:15.0984 5700 usbhub - ok 14:12:16.0015 5700 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 14:12:16.0030 5700 usbohci - ok 14:12:16.0062 5700 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 14:12:16.0062 5700 usbprint - ok 14:12:16.0124 5700 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 14:12:16.0124 5700 usbscan - ok 14:12:16.0171 5700 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:12:16.0171 5700 USBSTOR - ok 14:12:16.0202 5700 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 14:12:16.0218 5700 usbuhci - ok 14:12:16.0249 5700 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 14:12:16.0264 5700 usbvideo - ok 14:12:16.0311 5700 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 14:12:16.0327 5700 UxSms - ok 14:12:16.0420 5700 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 14:12:16.0452 5700 vds - ok 14:12:16.0483 5700 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 14:12:16.0483 5700 vga - ok 14:12:16.0514 5700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 14:12:16.0514 5700 VgaSave - ok 14:12:16.0545 5700 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 14:12:16.0545 5700 viaagp - ok 14:12:16.0592 5700 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 14:12:16.0592 5700 ViaC7 - ok 14:12:16.0623 5700 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 14:12:16.0623 5700 viaide - ok 14:12:16.0654 5700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 14:12:16.0654 5700 volmgr - ok 14:12:17.0247 5700 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 14:12:17.0263 5700 volmgrx - ok 14:12:17.0325 5700 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 14:12:17.0341 5700 volsnap - ok 14:12:17.0403 5700 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 14:12:17.0419 5700 vsmraid - ok 14:12:17.0575 5700 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 14:12:17.0606 5700 VSS - ok 14:12:17.0668 5700 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 14:12:17.0684 5700 W32Time - ok 14:12:17.0746 5700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 14:12:17.0746 5700 WacomPen - ok 14:12:17.0793 5700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:12:17.0793 5700 Wanarp - ok 14:12:17.0809 5700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 14:12:17.0809 5700 Wanarpv6 - ok 14:12:17.0871 5700 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 14:12:17.0887 5700 wcncsvc - ok 14:12:17.0934 5700 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 14:12:17.0934 5700 WcsPlugInService - ok 14:12:17.0965 5700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 14:12:17.0965 5700 Wd - ok 14:12:18.0027 5700 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 14:12:18.0058 5700 Wdf01000 - ok 14:12:18.0090 5700 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 14:12:18.0105 5700 WdiServiceHost - ok 14:12:18.0121 5700 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 14:12:18.0121 5700 WdiSystemHost - ok 14:12:18.0199 5700 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 14:12:18.0214 5700 WebClient - ok 14:12:18.0308 5700 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 14:12:18.0339 5700 Wecsvc - ok 14:12:18.0370 5700 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 14:12:18.0386 5700 wercplsupport - ok 14:12:18.0448 5700 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 14:12:18.0464 5700 WerSvc - ok 14:12:18.0542 5700 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 14:12:18.0573 5700 winachsf - ok 14:12:18.0667 5700 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 14:12:18.0698 5700 WinDefend - ok 14:12:18.0745 5700 WinHttpAutoProxySvc - ok 14:12:18.0838 5700 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 14:12:18.0854 5700 Winmgmt - ok 14:12:19.0026 5700 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 14:12:19.0072 5700 WinRM - ok 14:12:19.0197 5700 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 14:12:19.0213 5700 Wlansvc - ok 14:12:19.0291 5700 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:12:19.0291 5700 WmiAcpi - ok 14:12:19.0431 5700 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 14:12:19.0447 5700 wmiApSrv - ok 14:12:19.0618 5700 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 14:12:19.0650 5700 WMPNetworkSvc - ok 14:12:19.0681 5700 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 14:12:19.0696 5700 WPCSvc - ok 14:12:19.0743 5700 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 14:12:19.0759 5700 WPDBusEnum - ok 14:12:19.0837 5700 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 14:12:19.0899 5700 WpdUsb - ok 14:12:20.0133 5700 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:12:20.0164 5700 WPFFontCache_v0400 - ok 14:12:20.0196 5700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 14:12:20.0196 5700 ws2ifsl - ok 14:12:20.0242 5700 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 14:12:20.0274 5700 wscsvc - ok 14:12:20.0274 5700 WSearch - ok 14:12:20.0554 5700 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 14:12:20.0632 5700 wuauserv - ok 14:12:20.0820 5700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:12:20.0820 5700 WUDFRd - ok 14:12:20.0898 5700 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 14:12:20.0913 5700 wudfsvc - ok 14:12:20.0991 5700 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys 14:12:21.0054 5700 yukonwlh - ok 14:12:21.0085 5700 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0 14:12:26.0077 5700 \Device\Harddisk0\DR0 - ok 14:12:26.0592 5700 Boot (0x1200) (dd7135c8c40ba84eeecd3600268e932e) \Device\Harddisk0\DR0\Partition0 14:12:26.0592 5700 \Device\Harddisk0\DR0\Partition0 - ok 14:12:26.0623 5700 Boot (0x1200) (44cc9adfe5beddbea61922cfb7321598) \Device\Harddisk0\DR0\Partition1 14:12:26.0638 5700 \Device\Harddisk0\DR0\Partition1 - ok 14:12:26.0638 5700 ============================================================ 14:12:26.0638 5700 Scan finished 14:12:26.0638 5700 ============================================================ 14:12:26.0654 5328 Detected object count: 0 14:12:26.0654 5328 Actual detected object count: 0 14:12:57.0058 4596 Deinitialize success
- June 13, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Wow i just realized I attached the log and didn't paste it, that's strike two I guess..... ComboFix 12-06-12.01 - Owner 06/12/2012 15:26:07.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1194 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))) . . 2012-06-12 19:41 . 2012-06-12 19:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-06-12 19:41 . 2012-06-12 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-08 20:05 . 2012-06-08 20:06 -------- d-----w- C:\FRST 2012-06-08 16:09 . 2012-06-08 16:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-08 16:09 . 2012-06-08 16:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-08 02:25 . 2012-06-08 02:25 -------- d-----w- c:\users\Owner\SyncFolder 2012-06-08 02:24 . 2012-06-08 02:36 -------- d-----w- c:\program files\MyPC Backup 2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\programdata\HitmanPro 2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\program files\HitmanPro 2012-06-05 17:54 . 2012-06-05 17:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-01 15:02 . 2012-06-01 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-05-22 16:53 . 2012-05-22 16:55 -------- d-----w- c:\programdata\Knowledge Adventure 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\SWF Studio 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\JumpStart 2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\Knowledge Adventure . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-01 14:36 . 2012-04-03 17:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 14:36 . 2011-12-13 12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-08 16:40 . 2012-06-01 11:32 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{156AFE6E-1D28-499A-89B7-FAC1497F2106}\mpengine.dll 2012-04-04 19:56 . 2011-04-18 17:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-12 06:14 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-12 06:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 23:28 . 2012-05-12 06:15 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-08 16:09 . 2011-05-17 15:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Starfield Updater"="c:\users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe" [2012-02-01 34496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040] "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456] "Skytel"="Skytel.exe" [2007-11-21 1826816] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192] "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47] . 2012-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . 2012-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-12 15:46 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3684) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\program files\Workspace\offsyncext.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\agrsmsvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Workspace\offSyncService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\windows\system32\rundll32.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\windows\system32\wbem\unsecapp.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\system32\WerCon.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\mcafee\msc\mcuimgr.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-06-12 15:54:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-12 19:53 ComboFix2.txt 2011-12-30 21:28 . Pre-Run: 11,382,685,696 bytes free Post-Run: 11,222,568,960 bytes free . - - End Of File - - 403BC589AD9C32F11833E9D5803BB957
- June 13, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Sorry I did not reply sooner, I was gone all weekend. I ran combo fix the log is attached. Malwarebytes scans come up clean and my computer is running fine. It looks like combofix detected and repaired one file. I forgot to disable macafee and it popped up with a registery change warning which I allowed. Thanks for all your help thus far! combofixlog.txt
- June 12, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Fix log below. Just ran malwarebytes and it came up clean. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-06-2012 04 Ran by SYSTEM at 2012-06-08 15:07:27 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} moved successfully. C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} moved successfully. ==== End of Fixlog ====
- June 8, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 replied to username123's topic in Resolved Malware Removal Logs

Here is the farbar log. Malwarebytes is still detecting the same three infections today. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-06-2012 04 Ran by SYSTEM at 08-06-2012 12:05:50 Running from H:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet003 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-03-08] (Adobe Systems Incorporated) HKLM\...\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [582992 2007-08-03] (McAfee, Inc.) HKLM\...\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] () HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [skytel] Skytel.exe [x] HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-09-10] (Dritek System Inc.) HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated) HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [409600 2008-06-11] (Acer Inc.) HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-06-17] (Google) HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] () HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup [3387392 2007-11-26] (Leader Technologies) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-09-04] (Apple Inc.) HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1626112 2009-07-31] (Eastman Kodak Company) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x] HKU\Owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-12-21] (Google Inc.) HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-04] (Google Inc.) HKU\Owner\...\Run: [starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe" [34496 2012-02-01] () HKU\Owner\...\Policies\system: [LogonHoursAction] 2 HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ================================ Services (Whitelisted) ================== 2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.) 2 eDataSecurity Service; "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-05-14] (Egis Incorporated) 2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1188624 2012-02-21] (Starfield Technologies) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-06-17] (Google) 2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation) 2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95200 2012-01-13] (McAfee, Inc.) 2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.) 3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-11-07] (McAfee, Inc.) 2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704 2007-07-24] (McAfee, Inc.) 3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.) 2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] () 3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-04-28] (Mozilla Foundation) 2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [856864 2007-07-18] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [23880 2007-11-26] (McAfee, Inc.) 4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation) 4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) 2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [50424 2008-04-06] (NewTech InfoSystems, Inc.) 2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () 2 Apache2.2; "c:\xampp\apache\bin\httpd.exe" -k runservice [x] 2 FileZilla Server; "c:\xampp\filezillaftp\filezillaserver.exe" [x] 2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x] 2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x] 2 mysql; c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql [x] ========================== Drivers (Whitelisted) ============= 3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1202560 2008-02-29] (Agere Systems) 3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2006-11-02] (Dritek System Inc.) 2 int15; \??\C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.) 2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-20] (Microsoft Corporation) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-22] (McAfee, Inc.) 1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-22] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-22] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.) 1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.) 3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-20] (National Semiconductor Corporation) 3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [14848 2008-01-30] (NewTech Infosystems, Inc.) 3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation) 0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [18992 2008-05-14] (Egis Incorporated) 2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [16944 2008-05-14] (Egis Incorporated) 2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60464 2008-05-14] (Egis Incorporated) 3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [61440 2008-08-12] (Realtek Semiconductor Corp.) 3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [111872 2012-06-05] () 0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13824 2008-01-30] (NewTech Infosystems Corporation) 3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-08 12:05 - 2012-06-08 12:05 - 00000000 ____D C:\FRST 2012-06-08 08:01 - 2012-06-08 08:01 - 00008212 ____A C:\Windows\mfebcdata 2012-06-08 06:02 - 2012-06-08 06:02 - 00870790 ____A C:\Users\Owner\Desktop\FRST.exe 2012-06-07 20:02 - 2012-06-07 20:02 - 00015873 ____A C:\Users\Owner\Desktop\Attach.txt 2012-06-07 20:02 - 2012-06-07 20:02 - 00012311 ____A C:\Users\Owner\Desktop\DDS.txt 2012-06-07 18:25 - 2012-06-07 18:25 - 00000000 ____D C:\Users\Owner\SyncFolder 2012-06-07 18:24 - 2012-06-07 18:36 - 00000000 ____D C:\Program Files\MyPC Backup 2012-06-07 14:32 - 2012-06-06 12:29 - 00965222 ____A C:\Windows\ntbtlog.txt 2012-06-07 04:56 - 2012-06-07 04:56 - 00002592 ____A C:\Users\Owner\Desktop\mbam-log-2012-06-07 (08-42-52).txt 2012-06-06 16:16 - 2012-06-06 16:16 - 00017957 ____A C:\Users\Owner\Desktop\virusus.jpg 2012-06-06 15:03 - 2012-06-07 16:25 - 2072891392 __ASH C:\hiberfil.sys 2012-06-06 07:14 - 2012-06-06 15:58 - 00000000 ___SD C:\32788R22FWJFW 2012-06-06 06:58 - 2012-06-06 07:01 - 00119126 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_10.58.46_log.txt 2012-06-06 06:57 - 2012-06-06 06:58 - 00000348 ____A C:\TDSSKiller.2.6.25.0_06.06.2012_10.57.57_log.txt 2012-06-05 10:25 - 2012-06-05 10:26 - 00119126 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_14.25.27_log.txt 2012-06-05 10:23 - 2012-06-05 10:24 - 00000348 ____A C:\TDSSKiller.2.6.25.0_05.06.2012_14.23.33_log.txt 2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Program Files\HitmanPro 2012-06-05 09:54 - 2012-06-05 09:54 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys 2012-06-05 09:54 - 2012-06-05 09:54 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine 2012-06-05 09:36 - 2012-06-05 09:36 - 02804712 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE(1).exe 2012-06-01 07:02 - 2012-06-01 07:02 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-25 19:08 - 2012-05-25 19:09 - 00145544 ____A C:\Windows\Minidump\Mini052512-01.dmp 2012-05-25 10:55 - 2012-05-25 10:55 - 00000000 ____D C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang 2012-05-25 10:54 - 2012-05-25 10:54 - 20481575 ____A C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang.zip 2012-05-24 05:19 - 2012-05-24 05:19 - 00173214 ____A C:\Users\Owner\Documents\hatching info charts.pdf 2012-05-22 08:53 - 2012-05-22 08:55 - 00000000 ____D C:\Users\All Users\Knowledge Adventure 2012-05-22 08:53 - 2012-05-22 08:53 - 00001880 ____A C:\Users\Public\Desktop\JumpStart Advanced Preschool.lnk 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\JumpStart 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\SWF Studio 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\Knowledge Adventure 2012-05-16 10:25 - 2012-05-16 10:26 - 00013399 ____A C:\Users\Owner\Documents\Lollipops and Rainbows.docx 2012-05-11 22:15 - 2012-03-30 04:39 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-05-11 22:15 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-11 22:15 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-11 22:15 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-11 22:15 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-11 22:15 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-11 22:15 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-11 22:14 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-05-11 22:14 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-11 22:14 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-10 07:21 - 2012-05-10 10:48 - 00011495 ____A C:\Users\Owner\Documents\rent notice may.docx ============ 3 Months Modified Files and Folders =============== 2012-06-08 08:02 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-08 08:02 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-08 08:01 - 2012-06-08 08:01 - 00008212 ____A C:\Windows\mfebcdata 2012-06-08 08:01 - 2008-10-22 20:01 - 01468445 ____A C:\Windows\WindowsUpdate.log 2012-06-08 08:01 - 2008-04-30 01:37 - 00029068 ____A C:\Windows\System32\Config.MPF 2012-06-08 08:01 - 2006-11-02 05:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-08 08:01 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-08 07:34 - 2010-02-09 08:55 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-08 07:13 - 2011-08-04 18:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job 2012-06-08 06:03 - 2006-11-02 02:33 - 00791000 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-08 06:02 - 2012-06-08 06:02 - 00870790 ____A C:\Users\Owner\Desktop\FRST.exe 2012-06-08 04:34 - 2010-02-09 08:55 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-08 02:13 - 2011-08-04 18:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job 2012-06-07 20:14 - 2011-09-03 07:51 - 00002663 ____A C:\Users\Owner\Desktop\Microsoft Office OneNote 2007.lnk 2012-06-07 20:02 - 2012-06-07 20:02 - 00015873 ____A C:\Users\Owner\Desktop\Attach.txt 2012-06-07 20:02 - 2012-06-07 20:02 - 00012311 ____A C:\Users\Owner\Desktop\DDS.txt 2012-06-07 18:36 - 2012-06-07 18:24 - 00000000 ____D C:\Program Files\MyPC Backup 2012-06-07 18:36 - 2011-12-27 06:46 - 00000000 ___RD C:\Users\Owner\AppData\Local\MicrosoftNT 2012-06-07 18:25 - 2012-06-07 18:25 - 00000000 ____D C:\Users\Owner\SyncFolder 2012-06-07 18:25 - 2008-12-21 06:02 - 00000000 ____D C:\users\Owner 2012-06-07 16:26 - 2012-02-01 07:58 - 00056892 ____A C:\Users\Owner\Documents\WorkspaceUpdate.log 2012-06-07 16:25 - 2012-06-06 15:03 - 2072891392 __ASH C:\hiberfil.sys 2012-06-07 16:25 - 2012-02-01 07:58 - 00013766 ____A C:\Windows\offSyncService.log 2012-06-07 16:25 - 2008-10-22 20:14 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2012-06-07 16:25 - 2008-04-30 01:54 - 00000147 ____A C:\Windows\System32\agent.log 2012-06-07 16:25 - 2008-01-20 18:47 - 09774182 ____A C:\Windows\PFRO.log 2012-06-07 16:23 - 2011-12-20 10:29 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE 2012-06-07 14:51 - 2012-02-01 07:55 - 00446446 ____A C:\Users\Owner\Documents\workspaceinstall.log 2012-06-07 05:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\schemas 2012-06-07 04:56 - 2012-06-07 04:56 - 00002592 ____A C:\Users\Owner\Desktop\mbam-log-2012-06-07 (08-42-52).txt 2012-06-07 04:42 - 2011-12-20 19:04 - 00000594 ____A C:\rkill.log 2012-06-06 16:16 - 2012-06-06 16:16 - 00017957 ____A C:\Users\Owner\Desktop\virusus.jpg 2012-06-06 15:58 - 2012-06-06 07:14 - 00000000 ___SD C:\32788R22FWJFW 2012-06-06 12:29 - 2012-06-07 14:32 - 00965222 ____A C:\Windows\ntbtlog.txt 2012-06-06 07:01 - 2012-06-06 06:58 - 00119126 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_10.58.46_log.txt 2012-06-06 06:58 - 2012-06-06 06:57 - 00000348 ____A C:\TDSSKiller.2.6.25.0_06.06.2012_10.57.57_log.txt 2012-06-06 06:51 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\Performance 2012-06-05 18:58 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent 2012-06-05 18:18 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors 2012-06-05 16:51 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Globalization 2012-06-05 13:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Branding 2012-06-05 13:13 - 2011-02-08 21:26 - 00000000 __SHD C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} 2012-06-05 10:26 - 2012-06-05 10:25 - 00119126 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_14.25.27_log.txt 2012-06-05 10:24 - 2012-06-05 10:23 - 00000348 ____A C:\TDSSKiller.2.6.25.0_05.06.2012_14.23.33_log.txt 2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Program Files\HitmanPro 2012-06-05 09:57 - 2011-12-20 10:32 - 07245976 ____A (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro35.exe 2012-06-05 09:54 - 2012-06-05 09:54 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys 2012-06-05 09:54 - 2012-06-05 09:54 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine 2012-06-05 09:47 - 2010-01-22 04:56 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-06-05 09:36 - 2012-06-05 09:36 - 02804712 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE(1).exe 2012-06-05 09:06 - 2010-03-23 09:55 - 00000000 ____D C:\Users\Owner\.gimp-2.6 2012-06-02 06:09 - 2008-12-31 09:49 - 00052736 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-01 16:30 - 2011-12-22 20:01 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2012-06-01 09:25 - 2011-02-09 05:07 - 00007680 ____A C:\Users\Owner\Desktop\mortgage.xls 2012-06-01 07:02 - 2012-06-01 07:02 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-01 06:41 - 2008-04-29 23:25 - 00000000 ____D C:\Users\All Users\Adobe 2012-06-01 06:36 - 2012-04-03 09:43 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-01 06:36 - 2011-12-13 04:26 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-06-01 03:27 - 2008-04-30 01:36 - 00000348 ____A C:\Windows\Tasks\McQcTask.job 2012-05-31 19:07 - 2010-03-23 10:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\gtk-2.0 2012-05-25 19:09 - 2012-05-25 19:08 - 00145544 ____A C:\Windows\Minidump\Mini052512-01.dmp 2012-05-25 19:08 - 2011-04-21 05:16 - 170400765 ____A C:\Windows\MEMORY.DMP 2012-05-25 19:08 - 2009-07-21 21:01 - 00000000 ____D C:\Windows\Minidump 2012-05-25 10:55 - 2012-05-25 10:55 - 00000000 ____D C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang 2012-05-25 10:54 - 2012-05-25 10:54 - 20481575 ____A C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang.zip 2012-05-24 19:22 - 2012-02-01 07:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Workspace 2012-05-24 05:19 - 2012-05-24 05:19 - 00173214 ____A C:\Users\Owner\Documents\hatching info charts.pdf 2012-05-23 16:59 - 2011-06-21 09:20 - 00010752 ____A C:\Users\Owner\Desktop\Birthdays.xls 2012-05-22 08:55 - 2012-05-22 08:53 - 00000000 ____D C:\Users\All Users\Knowledge Adventure 2012-05-22 08:53 - 2012-05-22 08:53 - 00001880 ____A C:\Users\Public\Desktop\JumpStart Advanced Preschool.lnk 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\JumpStart 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\SWF Studio 2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\Knowledge Adventure 2012-05-18 03:54 - 2012-02-01 07:58 - 00000150 ____A C:\Users\Owner\Documents\offSyncService.log 2012-05-18 03:54 - 2012-02-01 07:58 - 00000000 ____D C:\Program Files\Workspace 2012-05-18 03:54 - 2012-02-01 07:58 - 00000000 ____D C:\Program Files\Starfield 2012-05-16 10:43 - 2008-12-21 06:02 - 00000000 ____D C:\Program Files\Google 2012-05-16 10:26 - 2012-05-16 10:25 - 00013399 ____A C:\Users\Owner\Documents\Lollipops and Rainbows.docx 2012-05-16 10:08 - 2011-09-03 07:37 - 00002733 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk 2012-05-14 21:00 - 2008-04-30 01:36 - 00000356 ____A C:\Windows\Tasks\McDefragTask.job 2012-05-12 00:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2012-05-11 23:47 - 2006-11-02 04:47 - 00413616 ____N C:\Windows\System32\FNTCACHE.DAT 2012-05-11 23:45 - 2011-04-18 09:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-11 23:43 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-11 23:19 - 2006-11-02 02:24 - 55656824 ____N (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-05-11 23:01 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2012-05-10 10:48 - 2012-05-10 07:21 - 00011495 ____A C:\Users\Owner\Documents\rent notice may.docx 2012-05-08 06:02 - 2010-05-24 04:04 - 00000000 ____D C:\Users\Owner\Documents\New House 2012-05-07 09:10 - 2011-07-18 05:18 - 00000000 ____D C:\Users\Owner\.bluefish 2012-05-01 03:31 - 2011-12-31 05:37 - 00000870 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-04-28 04:05 - 2012-04-28 04:05 - 00000000 ____D C:\Users\All Users\Mozilla 2012-04-28 04:05 - 2012-04-28 04:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-04-27 16:44 - 2012-04-27 16:44 - 00033755 ____A C:\Users\Owner\Documents\hatching calender.png 2012-04-27 16:43 - 2012-04-27 16:43 - 00141111 ____A C:\Users\Owner\Documents\hatching calendar back.png 2012-04-27 16:42 - 2012-04-27 16:42 - 00341452 ____A C:\Users\Owner\Documents\hatching calendar back.xcf 2012-04-27 13:22 - 2012-04-27 13:22 - 00144851 ____A C:\Users\Owner\Documents\hatching calender.xcf 2012-04-27 07:45 - 2012-04-27 07:45 - 00011410 ____A C:\Users\Owner\Documents\incubator plan.ods 2012-04-22 16:23 - 2012-04-19 06:15 - 00006885 ____A C:\Users\Owner\Desktop\chickens and vworker template.txt 2012-04-09 08:28 - 2012-04-09 08:28 - 00123693 ____A C:\Users\Owner\Downloads\20120404154416.pdf 2012-04-05 12:49 - 2012-04-05 12:49 - 00011240 ____A C:\Users\Owner\Documents\PO Box 249.docx 2012-04-05 05:26 - 2011-03-05 10:39 - 00000000 ___SD C:\Users\Owner\Documents\My Web Sites 2012-04-04 16:13 - 2011-06-08 12:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileZilla 2012-04-04 11:56 - 2011-04-18 09:33 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 00:16 - 2012-05-11 22:14 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-11 22:14 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-02 05:36 - 2012-05-11 22:14 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-31 14:53 - 2012-03-31 14:53 - 00000000 ____D C:\Users\Owner\Documents\riley 2012-03-31 14:52 - 2012-03-29 06:18 - 00000000 ____D C:\Users\Owner\Documents\99 designs 2012-03-30 04:39 - 2012-05-11 22:15 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 09:11 - 2012-03-29 09:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\inkscape 2012-03-29 09:11 - 2012-03-29 08:55 - 00000000 ____D C:\Program Files\Inkscape 2012-03-29 09:09 - 2012-03-29 09:09 - 00000768 ____A C:\Users\Public\Desktop\Inkscape.lnk 2012-03-23 05:59 - 2011-04-22 10:59 - 00001867 ____A C:\InstallHelper.log 2012-03-23 05:54 - 2012-03-23 05:54 - 00001874 ____A C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk 2012-03-23 05:54 - 2011-04-22 10:57 - 00000000 ____D C:\Users\All Users\eBay 2012-03-22 05:51 - 2009-09-23 06:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM 2012-03-22 05:51 - 2009-09-23 06:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype 2012-03-20 15:28 - 2012-05-11 22:15 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-18 07:03 - 2012-03-18 07:03 - 02482604 ____A C:\Users\Owner\Documents\zombie2target.xcf 2012-03-18 07:02 - 2012-03-18 07:02 - 02179002 ____A C:\Users\Owner\Documents\zombietarget.xcf 2012-03-16 04:31 - 2011-08-07 11:00 - 00009216 ____A C:\Users\Owner\Desktop\Gale invoice.xls 2012-03-15 07:01 - 2009-03-31 04:55 - 00000000 ____D C:\Users\Owner\Documents\other stuff 2012-03-12 07:34 - 2009-02-26 17:55 - 00000000 ____D C:\Users\Owner\Documents\LOGAN C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\@ C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\00000001.@ C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\80000000.@ C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\800000cb.@ C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\@ C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-08-20 11:54] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 22% Total physical RAM: 1976.12 MB Available physical RAM: 1540.35 MB Total Pagefile: 1734.46 MB Available Pagefile: 1603.98 MB Total Virtual: 2047.88 MB Available Virtual: 1974.32 MB ======================= Partitions ========================= 1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:9.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:69.55 GB) NTFS 4 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.62 GB) FAT32 6 Drive h: () (Removable) (Total:3.73 GB) (Free:2.9 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 10 GB 1024 KB Partition 2 Primary 70 GB 10 GB Partition 3 Primary 70 GB 79 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 F PQSERVICE FAT32 Partition 10 GB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C ACER NTFS Partition 70 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 70 GB Healthy ====================================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3820 MB 4032 KB ====================================================================================================== Disk: 2 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 H FAT32 Removable 3820 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-08 04:34 ======================= End Of Log ==========================
- June 8, 2012
- 21 replies
Trojan.Small Trojan.Sirefef Rootkit.0Access Won't Go Away

username123 posted a topic in Resolved Malware Removal Logs

Malwarebytes keeps detecting three infections: Trojan.Small, Trojan.Sirefef and Rootkit.0Access but after I click remove, restart the computer, and scan again, they keep coming back. I'm at a loss. Norton Power eraser says services.exe in infected and I have to reinstall WIndows. God I hope not..... DDS, Attach and Malwarebytes log attached Attach.txt DDS.txt mbam-log-2012-06-07 (08-42-52).txt
- June 8, 2012
- 21 replies

Events

Profiles

Forums

Everything posted by username123

Important Information