username123
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by username123
-
-
I ran the kaspersky virus removal tool and it did detect and remove a couple things, but I accidentally closed the window before I copied the log. I could not find a copy of the log anywhere on the c: drive, is there a way to recover it?
-
It found and rremoved 2 things, thswas all that was in the log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Combofix log
ComboFix 12-07-02.01 - Owner 07/02/2012 13:51:27.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1859 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\libsqlitejdbc-1097905350671404327.lib
c:\users\Owner\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Owner\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Owner\AppData\Local\Temp\WindowsAPI.dll3028653110324797918.lib
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-06-28 14:42 . 2012-06-28 14:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 20:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 20:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 20:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 20:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 20:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 20:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 20:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 20:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 20:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:40 . 2012-06-14 01:40 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d
2012-06-14 00:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 00:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 00:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 00:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 00:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:08 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 00:50 . 2012-06-13 23:13 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003
2012-06-08 18:51 . 2012-06-08 18:51 -------- d-----w- c:\programdata\Kodak
2012-06-08 18:51 . 2010-09-02 19:31 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 02:13 . 2011-08-16 20:43 900 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-04 19:56 . 2012-03-21 20:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-5-18 473616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-16 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120627.001\IDSvia64.sys [2012-06-18 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-04-20 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 279040]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\HPCeeScheduleForOWNER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-10 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\atibtmon.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-02 14:18:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 18:18
.
Pre-Run: 653,102,952,448 bytes free
Post-Run: 655,518,060,544 bytes free
.
- - End Of File - - EBA19477B837EFD9FF6DDAA469BF4C13
-
Logs:
10:38:00.0834 0912 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:38:02.0831 0912 ============================================================
10:38:02.0831 0912 Current date / time: 2012/06/28 10:38:02.0831
10:38:02.0831 0912 SystemInfo:
10:38:02.0831 0912
10:38:02.0831 0912 OS Version: 6.1.7601 ServicePack: 1.0
10:38:02.0831 0912 Product type: Workstation
10:38:02.0831 0912 ComputerName: OWNER-HP
10:38:02.0831 0912 UserName: Owner
10:38:02.0831 0912 Windows directory: C:\Windows
10:38:02.0831 0912 System windows directory: C:\Windows
10:38:02.0831 0912 Running under WOW64
10:38:02.0831 0912 Processor architecture: Intel x64
10:38:02.0831 0912 Number of processors: 3
10:38:02.0831 0912 Page size: 0x1000
10:38:02.0831 0912 Boot type: Normal boot
10:38:02.0831 0912 ============================================================
10:38:05.0655 0912 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:38:05.0670 0912 ============================================================
10:38:05.0670 0912 \Device\Harddisk0\DR0:
10:38:05.0670 0912 MBR partitions:
10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x5441F000
10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54483000, BlocksNum 0x308F800
10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
10:38:05.0670 0912 ============================================================
10:38:05.0795 0912 C: <-> \Device\Harddisk0\DR0\Partition1
10:38:06.0201 0912 D: <-> \Device\Harddisk0\DR0\Partition2
10:38:06.0357 0912 F: <-> \Device\Harddisk0\DR0\Partition3
10:38:06.0357 0912 ============================================================
10:38:06.0357 0912 Initialize success
10:38:06.0357 0912 ============================================================
10:38:48.0335 1412 ============================================================
10:38:48.0335 1412 Scan started
10:38:48.0335 1412 Mode: Manual; SigCheck; TDLFS;
10:38:48.0335 1412 ============================================================
10:38:53.0869 1412 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:38:54.0112 1412 1394ohci - ok
10:38:54.0207 1412 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:38:54.0278 1412 Accelerometer - ok
10:38:54.0707 1412 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:38:54.0757 1412 ACPI - ok
10:38:54.0820 1412 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:38:54.0913 1412 AcpiPmi - ok
10:38:55.0092 1412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:38:55.0189 1412 adp94xx - ok
10:38:55.0349 1412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:38:55.0457 1412 adpahci - ok
10:38:55.0588 1412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:38:55.0652 1412 adpu320 - ok
10:38:55.0721 1412 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:38:55.0839 1412 AeLookupSvc - ok
10:38:56.0097 1412 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:38:56.0161 1412 AESTFilters - ok
10:38:56.0448 1412 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:38:56.0630 1412 AFD - ok
10:38:56.0737 1412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:38:56.0793 1412 agp440 - ok
10:38:56.0877 1412 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:38:56.0999 1412 ALG - ok
10:38:57.0091 1412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:38:57.0137 1412 aliide - ok
10:38:57.0278 1412 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
10:38:57.0347 1412 AMD External Events Utility - ok
10:38:57.0437 1412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:38:57.0471 1412 amdide - ok
10:38:57.0647 1412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:38:57.0735 1412 AmdK8 - ok
10:39:02.0477 1412 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
10:39:03.0384 1412 amdkmdag - ok
10:39:05.0014 1412 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
10:39:05.0207 1412 amdkmdap - ok
10:39:05.0320 1412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:39:05.0417 1412 AmdPPM - ok
10:39:05.0572 1412 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:39:05.0679 1412 amdsata - ok
10:39:05.0943 1412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:39:06.0009 1412 amdsbs - ok
10:39:06.0309 1412 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:39:06.0504 1412 amdxata - ok
10:39:06.0655 1412 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:39:06.0816 1412 AppID - ok
10:39:06.0892 1412 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:39:07.0053 1412 AppIDSvc - ok
10:39:07.0142 1412 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:39:07.0249 1412 Appinfo - ok
10:39:07.0338 1412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:39:07.0374 1412 arc - ok
10:39:07.0533 1412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:39:07.0603 1412 arcsas - ok
10:39:07.0711 1412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:39:07.0835 1412 AsyncMac - ok
10:39:07.0893 1412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:39:07.0921 1412 atapi - ok
10:39:08.0803 1412 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
10:39:09.0021 1412 athr - ok
10:39:10.0593 1412 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
10:39:10.0644 1412 AtiHdmiService - ok
10:39:10.0714 1412 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
10:39:10.0763 1412 AtiPcie - ok
10:39:11.0135 1412 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:39:11.0285 1412 AudioEndpointBuilder - ok
10:39:11.0303 1412 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:39:11.0412 1412 AudioSrv - ok
10:39:11.0623 1412 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:39:11.0800 1412 AxInstSV - ok
10:39:11.0972 1412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:39:12.0118 1412 b06bdrv - ok
10:39:12.0330 1412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:39:12.0483 1412 b57nd60a - ok
10:39:12.0716 1412 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:39:12.0788 1412 BBSvc - ok
10:39:12.0849 1412 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:39:12.0891 1412 BBUpdate - ok
10:39:13.0721 1412 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:39:13.0925 1412 BCM43XX - ok
10:39:14.0454 1412 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:39:14.0563 1412 BDESVC - ok
10:39:14.0762 1412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:39:14.0902 1412 Beep - ok
10:39:15.0253 1412 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:39:15.0383 1412 BFE - ok
10:39:18.0356 1412 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
10:39:18.0433 1412 BHDrvx64 - ok
10:39:20.0236 1412 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:39:20.0465 1412 BITS - ok
10:39:20.0724 1412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:39:20.0790 1412 blbdrive - ok
10:39:21.0090 1412 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:39:21.0159 1412 bowser - ok
10:39:21.0245 1412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:39:21.0376 1412 BrFiltLo - ok
10:39:21.0434 1412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:39:21.0499 1412 BrFiltUp - ok
10:39:22.0001 1412 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:39:22.0171 1412 Browser - ok
10:39:23.0125 1412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:39:23.0311 1412 Brserid - ok
10:39:23.0404 1412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:39:23.0560 1412 BrSerWdm - ok
10:39:23.0671 1412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:23.0753 1412 BrUsbMdm - ok
10:39:23.0814 1412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:39:23.0901 1412 BrUsbSer - ok
10:39:24.0106 1412 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:39:24.0237 1412 BthEnum - ok
10:39:24.0498 1412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:39:24.0608 1412 BTHMODEM - ok
10:39:25.0059 1412 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:39:25.0188 1412 BthPan - ok
10:39:27.0017 1412 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:39:27.0195 1412 BTHPORT - ok
10:39:27.0405 1412 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:39:27.0611 1412 bthserv - ok
10:39:28.0080 1412 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:39:28.0328 1412 BTHUSB - ok
10:39:28.0755 1412 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
10:39:28.0869 1412 btwampfl - ok
10:39:28.0995 1412 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
10:39:29.0102 1412 btwaudio - ok
10:39:29.0219 1412 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
10:39:29.0313 1412 btwavdt - ok
10:39:30.0037 1412 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:39:30.0143 1412 btwdins - ok
10:39:30.0299 1412 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:39:30.0389 1412 btwl2cap - ok
10:39:30.0495 1412 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
10:39:30.0528 1412 btwrchid - ok
10:39:30.0818 1412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:39:31.0013 1412 cdfs - ok
10:39:31.0362 1412 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:39:31.0468 1412 cdrom - ok
10:39:31.0768 1412 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:39:32.0020 1412 CertPropSvc - ok
10:39:32.0387 1412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:39:32.0579 1412 circlass - ok
10:39:33.0817 1412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:39:33.0988 1412 CLFS - ok
10:39:34.0989 1412 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
10:39:35.0164 1412 CLKMSVC10_C6F09094 - ok
10:39:35.0670 1412 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:35.0904 1412 clr_optimization_v2.0.50727_32 - ok
10:39:36.0399 1412 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:39:36.0564 1412 clr_optimization_v2.0.50727_64 - ok
10:39:38.0165 1412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:38.0581 1412 clr_optimization_v4.0.30319_32 - ok
10:39:39.0054 1412 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:39:39.0162 1412 clr_optimization_v4.0.30319_64 - ok
10:39:39.0403 1412 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
10:39:39.0485 1412 clwvd - ok
10:39:39.0604 1412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:39:39.0671 1412 CmBatt - ok
10:39:39.0738 1412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:39:39.0779 1412 cmdide - ok
10:39:40.0964 1412 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:39:41.0073 1412 CNG - ok
10:39:41.0210 1412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:39:41.0329 1412 Compbatt - ok
10:39:41.0473 1412 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:39:41.0633 1412 CompositeBus - ok
10:39:41.0719 1412 COMSysApp - ok
10:39:41.0792 1412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:39:41.0910 1412 crcdisk - ok
10:39:42.0453 1412 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:39:42.0558 1412 CryptSvc - ok
10:39:46.0390 1412 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:39:46.0452 1412 cvhsvc - ok
10:39:47.0284 1412 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:39:47.0451 1412 DcomLaunch - ok
10:39:48.0225 1412 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:39:48.0486 1412 defragsvc - ok
10:39:48.0967 1412 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:39:49.0080 1412 DfsC - ok
10:39:49.0901 1412 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:39:50.0054 1412 Dhcp - ok
10:39:50.0204 1412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:39:50.0482 1412 discache - ok
10:39:50.0653 1412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:39:50.0985 1412 Disk - ok
10:39:51.0460 1412 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:39:51.0759 1412 Dnscache - ok
10:39:52.0111 1412 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:39:52.0348 1412 dot3svc - ok
10:39:53.0437 1412 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
10:39:53.0559 1412 DpHost - ok
10:39:54.0065 1412 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:39:54.0188 1412 DPS - ok
10:39:54.0322 1412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:39:54.0920 1412 drmkaud - ok
10:39:56.0359 1412 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:39:56.0517 1412 DXGKrnl - ok
10:39:56.0820 1412 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:39:56.0939 1412 EapHost - ok
10:40:04.0546 1412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:40:04.0897 1412 ebdrv - ok
10:40:05.0789 1412 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:40:06.0029 1412 eeCtrl - ok
10:40:07.0694 1412 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:40:07.0778 1412 EFS - ok
10:40:08.0413 1412 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:40:08.0584 1412 ehRecvr - ok
10:40:08.0774 1412 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:40:08.0951 1412 ehSched - ok
10:40:09.0434 1412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:40:09.0517 1412 elxstor - ok
10:40:09.0768 1412 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:40:09.0818 1412 EraserUtilRebootDrv - ok
10:40:09.0878 1412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:40:09.0937 1412 ErrDev - ok
10:40:10.0427 1412 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:40:10.0578 1412 EventSystem - ok
10:40:10.0752 1412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:40:10.0886 1412 exfat - ok
10:40:11.0051 1412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:40:11.0189 1412 fastfat - ok
10:40:11.0757 1412 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:40:11.0914 1412 Fax - ok
10:40:11.0976 1412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:40:12.0030 1412 fdc - ok
10:40:12.0129 1412 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:40:12.0278 1412 fdPHost - ok
10:40:12.0410 1412 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:40:12.0543 1412 FDResPub - ok
10:40:12.0711 1412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:40:12.0850 1412 FileInfo - ok
10:40:12.0937 1412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:40:13.0068 1412 Filetrace - ok
10:40:13.0112 1412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:13.0135 1412 flpydisk - ok
10:40:13.0335 1412 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:40:13.0418 1412 FltMgr - ok
10:40:13.0961 1412 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:40:14.0080 1412 FontCache - ok
10:40:14.0238 1412 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:40:14.0264 1412 FontCache3.0.0.0 - ok
10:40:14.0371 1412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:40:14.0444 1412 FsDepends - ok
10:40:14.0521 1412 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:40:14.0566 1412 Fs_Rec - ok
10:40:14.0682 1412 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:40:14.0713 1412 fvevol - ok
10:40:14.0772 1412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:14.0807 1412 gagp30kx - ok
10:40:15.0058 1412 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:40:15.0123 1412 GameConsoleService - ok
10:40:15.0540 1412 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:40:15.0635 1412 GamesAppService - ok
10:40:16.0109 1412 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:40:16.0243 1412 gpsvc - ok
10:40:16.0450 1412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:40:16.0566 1412 hcw85cir - ok
10:40:16.0768 1412 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:40:16.0830 1412 HdAudAddService - ok
10:40:16.0889 1412 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:40:16.0936 1412 HDAudBus - ok
10:40:16.0978 1412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:17.0023 1412 HidBatt - ok
10:40:17.0258 1412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:40:17.0333 1412 HidBth - ok
10:40:17.0393 1412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:40:17.0468 1412 HidIr - ok
10:40:17.0558 1412 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:40:17.0679 1412 hidserv - ok
10:40:17.0761 1412 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:40:17.0816 1412 HidUsb - ok
10:40:18.0129 1412 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:40:18.0315 1412 hkmsvc - ok
10:40:18.0584 1412 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:40:18.0676 1412 HomeGroupListener - ok
10:40:18.0747 1412 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:40:18.0789 1412 HomeGroupProvider - ok
10:40:18.0948 1412 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:40:18.0968 1412 HP Support Assistant Service - ok
10:40:19.0231 1412 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:40:19.0264 1412 HP Wireless Assistant Service - ok
10:40:19.0644 1412 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:40:19.0707 1412 HPClientSvc - ok
10:40:19.0914 1412 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:40:19.0939 1412 HPDrvMntSvc.exe - ok
10:40:19.0965 1412 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:40:19.0987 1412 hpdskflt - ok
10:40:20.0627 1412 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:40:20.0716 1412 hpqwmiex - ok
10:40:20.0840 1412 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:40:20.0916 1412 HpSAMD - ok
10:40:21.0041 1412 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe
10:40:21.0091 1412 hpsrv - ok
10:40:21.0226 1412 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:40:21.0253 1412 HPWMISVC - ok
10:40:21.0845 1412 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:40:21.0989 1412 HTTP - ok
10:40:22.0057 1412 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:40:22.0089 1412 hwpolicy - ok
10:40:22.0169 1412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:40:22.0205 1412 i8042prt - ok
10:40:22.0333 1412 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:40:22.0402 1412 iaStorV - ok
10:40:23.0204 1412 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:40:23.0341 1412 idsvc - ok
10:40:24.0393 1412 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSvia64.sys
10:40:24.0451 1412 IDSVia64 - ok
10:40:27.0418 1412 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:40:27.0751 1412 igfx - ok
10:40:28.0005 1412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:40:28.0039 1412 iirsp - ok
10:40:28.0281 1412 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:40:28.0421 1412 IKEEXT - ok
10:40:28.0464 1412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:40:28.0498 1412 intelide - ok
10:40:28.0617 1412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:40:28.0724 1412 intelppm - ok
10:40:28.0818 1412 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:40:28.0957 1412 IPBusEnum - ok
10:40:29.0064 1412 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:29.0202 1412 IpFilterDriver - ok
10:40:29.0535 1412 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:40:29.0677 1412 iphlpsvc - ok
10:40:29.0762 1412 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:40:29.0860 1412 IPMIDRV - ok
10:40:29.0959 1412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:40:30.0062 1412 IPNAT - ok
10:40:30.0103 1412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:40:30.0125 1412 IRENUM - ok
10:40:30.0198 1412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:40:30.0231 1412 isapnp - ok
10:40:30.0329 1412 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:40:30.0409 1412 iScsiPrt - ok
10:40:30.0438 1412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:40:30.0463 1412 kbdclass - ok
10:40:30.0554 1412 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:40:30.0633 1412 kbdhid - ok
10:40:30.0735 1412 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:30.0771 1412 KeyIso - ok
10:40:30.0940 1412 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:40:30.0998 1412 KSecDD - ok
10:40:31.0075 1412 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:40:31.0113 1412 KSecPkg - ok
10:40:31.0157 1412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:40:31.0274 1412 ksthunk - ok
10:40:32.0214 1412 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:40:32.0351 1412 KtmRm - ok
10:40:32.0771 1412 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:40:32.0895 1412 LanmanServer - ok
10:40:33.0031 1412 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:40:33.0162 1412 LanmanWorkstation - ok
10:40:33.0233 1412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:40:33.0336 1412 lltdio - ok
10:40:34.0202 1412 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:40:34.0342 1412 lltdsvc - ok
10:40:34.0376 1412 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:40:34.0460 1412 lmhosts - ok
10:40:34.0593 1412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:34.0639 1412 LSI_FC - ok
10:40:34.0781 1412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:34.0888 1412 LSI_SAS - ok
10:40:35.0076 1412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:35.0173 1412 LSI_SAS2 - ok
10:40:35.0224 1412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:35.0261 1412 LSI_SCSI - ok
10:40:35.0331 1412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:40:35.0431 1412 luafv - ok
10:40:35.0559 1412 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:40:35.0611 1412 Mcx2Svc - ok
10:40:35.0704 1412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:40:35.0764 1412 megasas - ok
10:40:36.0157 1412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:36.0227 1412 MegaSR - ok
10:40:36.0283 1412 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:40:36.0393 1412 MMCSS - ok
10:40:36.0418 1412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:40:36.0491 1412 Modem - ok
10:40:36.0536 1412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:40:36.0615 1412 monitor - ok
10:40:36.0720 1412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:40:36.0762 1412 mouclass - ok
10:40:36.0828 1412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:40:36.0887 1412 mouhid - ok
10:40:37.0135 1412 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:40:37.0170 1412 mountmgr - ok
10:40:37.0459 1412 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:40:37.0539 1412 mpio - ok
10:40:37.0645 1412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:40:37.0764 1412 mpsdrv - ok
10:40:38.0997 1412 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:40:39.0164 1412 MpsSvc - ok
10:40:39.0357 1412 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:40:39.0427 1412 MRxDAV - ok
10:40:39.0713 1412 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:39.0808 1412 mrxsmb - ok
10:40:40.0377 1412 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:40.0467 1412 mrxsmb10 - ok
10:40:40.0632 1412 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:40.0667 1412 mrxsmb20 - ok
10:40:40.0737 1412 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:40:40.0778 1412 msahci - ok
10:40:41.0012 1412 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:40:41.0058 1412 msdsm - ok
10:40:41.0364 1412 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:40:41.0437 1412 MSDTC - ok
10:40:41.0525 1412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:40:41.0610 1412 Msfs - ok
10:40:41.0637 1412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:40:41.0741 1412 mshidkmdf - ok
10:40:41.0799 1412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:40:41.0831 1412 msisadrv - ok
10:40:42.0054 1412 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:40:42.0196 1412 MSiSCSI - ok
10:40:42.0204 1412 msiserver - ok
10:40:42.0272 1412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:40:42.0383 1412 MSKSSRV - ok
10:40:42.0430 1412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:42.0547 1412 MSPCLOCK - ok
10:40:42.0568 1412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:40:42.0667 1412 MSPQM - ok
10:40:43.0006 1412 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:40:43.0054 1412 MsRPC - ok
10:40:43.0167 1412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:40:43.0200 1412 mssmbios - ok
10:40:43.0270 1412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:40:43.0384 1412 MSTEE - ok
10:40:43.0451 1412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:43.0512 1412 MTConfig - ok
10:40:43.0573 1412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:40:43.0606 1412 Mup - ok
10:40:44.0203 1412 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:40:44.0349 1412 napagent - ok
10:40:44.0797 1412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:40:44.0882 1412 NativeWifiP - ok
10:40:45.0532 1412 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\ENG64.SYS
10:40:45.0595 1412 NAVENG - ok
10:40:48.0318 1412 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\EX64.SYS
10:40:48.0435 1412 NAVEX15 - ok
10:40:49.0503 1412 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:40:49.0562 1412 NDIS - ok
10:40:49.0614 1412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:49.0724 1412 NdisCap - ok
10:40:49.0768 1412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:49.0850 1412 NdisTapi - ok
10:40:49.0931 1412 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:50.0039 1412 Ndisuio - ok
10:40:50.0338 1412 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:50.0472 1412 NdisWan - ok
10:40:50.0614 1412 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:40:50.0718 1412 NDProxy - ok
10:40:50.0846 1412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:40:50.0975 1412 NetBIOS - ok
10:40:51.0246 1412 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:40:51.0366 1412 NetBT - ok
10:40:51.0430 1412 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:51.0480 1412 Netlogon - ok
10:40:52.0493 1412 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:40:52.0642 1412 Netman - ok
10:40:53.0688 1412 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:40:53.0806 1412 netprofm - ok
10:40:54.0144 1412 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:54.0220 1412 NetTcpPortSharing - ok
10:40:58.0587 1412 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:40:58.0853 1412 netw5v64 - ok
10:40:59.0032 1412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:59.0066 1412 nfrd960 - ok
10:40:59.0339 1412 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
10:40:59.0371 1412 NIS - ok
10:40:59.0470 1412 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:40:59.0594 1412 NlaSvc - ok
10:40:59.0954 1412 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:41:00.0133 1412 NOBU - ok
10:41:00.0347 1412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:41:00.0427 1412 Npfs - ok
10:41:00.0454 1412 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:41:00.0581 1412 nsi - ok
10:41:00.0603 1412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:41:00.0715 1412 nsiproxy - ok
10:41:01.0009 1412 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:41:01.0096 1412 Ntfs - ok
10:41:01.0250 1412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:41:01.0353 1412 Null - ok
10:41:01.0422 1412 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:41:01.0471 1412 nvraid - ok
10:41:01.0555 1412 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:41:01.0594 1412 nvstor - ok
10:41:01.0655 1412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:41:01.0692 1412 nv_agp - ok
10:41:01.0722 1412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:41:01.0776 1412 ohci1394 - ok
10:41:01.0905 1412 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:41:01.0951 1412 ose - ok
10:41:02.0635 1412 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:41:02.0851 1412 osppsvc - ok
10:41:03.0061 1412 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:41:03.0156 1412 p2pimsvc - ok
10:41:03.0227 1412 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:41:03.0276 1412 p2psvc - ok
10:41:03.0372 1412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:41:03.0409 1412 Parport - ok
10:41:03.0446 1412 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:41:03.0495 1412 partmgr - ok
10:41:03.0563 1412 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:41:03.0636 1412 PcaSvc - ok
10:41:03.0692 1412 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:41:03.0736 1412 pci - ok
10:41:03.0776 1412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:41:03.0809 1412 pciide - ok
10:41:03.0853 1412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:03.0895 1412 pcmcia - ok
10:41:03.0925 1412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:41:03.0973 1412 pcw - ok
10:41:04.0101 1412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:41:04.0223 1412 PEAUTH - ok
10:41:04.0358 1412 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:41:04.0434 1412 PerfHost - ok
10:41:04.0694 1412 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:41:04.0830 1412 pla - ok
10:41:04.0916 1412 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:41:05.0006 1412 PlugPlay - ok
10:41:05.0107 1412 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
10:41:05.0177 1412 pneteth - ok
10:41:05.0239 1412 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:41:05.0290 1412 PNRPAutoReg - ok
10:41:05.0348 1412 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:41:05.0390 1412 PNRPsvc - ok
10:41:05.0489 1412 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:41:05.0619 1412 PolicyAgent - ok
10:41:05.0669 1412 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:41:05.0772 1412 Power - ok
10:41:05.0838 1412 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:41:05.0955 1412 PptpMiniport - ok
10:41:05.0993 1412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:41:06.0046 1412 Processor - ok
10:41:06.0115 1412 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:41:06.0191 1412 ProfSvc - ok
10:41:06.0239 1412 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:06.0272 1412 ProtectedStorage - ok
10:41:06.0423 1412 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:41:06.0516 1412 Psched - ok
10:41:06.0684 1412 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:41:06.0717 1412 PSI_SVC_2 - ok
10:41:07.0091 1412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:41:07.0224 1412 ql2300 - ok
10:41:08.0109 1412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:08.0148 1412 ql40xx - ok
10:41:08.0337 1412 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:41:08.0409 1412 QWAVE - ok
10:41:08.0458 1412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:41:08.0506 1412 QWAVEdrv - ok
10:41:08.0542 1412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:41:08.0646 1412 RasAcd - ok
10:41:08.0794 1412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:08.0906 1412 RasAgileVpn - ok
10:41:09.0051 1412 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:41:09.0191 1412 RasAuto - ok
10:41:09.0491 1412 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:09.0606 1412 Rasl2tp - ok
10:41:09.0736 1412 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:41:09.0852 1412 RasMan - ok
10:41:10.0022 1412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:10.0135 1412 RasPppoe - ok
10:41:10.0221 1412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:41:10.0326 1412 RasSstp - ok
10:41:10.0561 1412 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:41:10.0689 1412 rdbss - ok
10:41:10.0776 1412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:10.0841 1412 rdpbus - ok
10:41:10.0912 1412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:11.0028 1412 RDPCDD - ok
10:41:11.0072 1412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:41:11.0188 1412 RDPENCDD - ok
10:41:11.0225 1412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:41:11.0308 1412 RDPREFMP - ok
10:41:11.0364 1412 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:41:11.0446 1412 RDPWD - ok
10:41:11.0689 1412 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:41:11.0732 1412 rdyboost - ok
10:41:11.0822 1412 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:41:11.0919 1412 RemoteAccess - ok
10:41:11.0973 1412 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:41:12.0058 1412 RemoteRegistry - ok
10:41:12.0142 1412 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:41:12.0201 1412 RFCOMM - ok
10:41:12.0394 1412 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:41:12.0446 1412 RoxioNow Service - ok
10:41:12.0510 1412 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:41:12.0635 1412 RpcEptMapper - ok
10:41:12.0712 1412 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:41:12.0790 1412 RpcLocator - ok
10:41:12.0902 1412 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:41:12.0980 1412 RpcSs - ok
10:41:13.0192 1412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:41:13.0310 1412 rspndr - ok
10:41:13.0464 1412 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
10:41:13.0512 1412 RSUSBSTOR - ok
10:41:13.0651 1412 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:41:13.0735 1412 RTL8167 - ok
10:41:13.0840 1412 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:13.0893 1412 SamSs - ok
10:41:13.0966 1412 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:41:14.0003 1412 sbp2port - ok
10:41:14.0056 1412 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:41:14.0146 1412 SCardSvr - ok
10:41:14.0206 1412 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:41:14.0305 1412 scfilter - ok
10:41:14.0511 1412 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:41:14.0676 1412 Schedule - ok
10:41:14.0775 1412 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:41:14.0842 1412 SCPolicySvc - ok
10:41:14.0906 1412 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:41:14.0958 1412 sdbus - ok
10:41:15.0113 1412 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:41:15.0239 1412 SDRSVC - ok
10:41:15.0322 1412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:41:15.0399 1412 secdrv - ok
10:41:15.0454 1412 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:41:15.0578 1412 seclogon - ok
10:41:15.0637 1412 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:41:15.0759 1412 SENS - ok
10:41:15.0822 1412 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:41:15.0894 1412 SensrSvc - ok
10:41:15.0942 1412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:41:15.0996 1412 Serenum - ok
10:41:16.0053 1412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:41:16.0091 1412 Serial - ok
10:41:16.0137 1412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:41:16.0188 1412 sermouse - ok
10:41:16.0259 1412 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:41:16.0389 1412 SessionEnv - ok
10:41:16.0451 1412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:41:16.0541 1412 sffdisk - ok
10:41:16.0605 1412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:41:16.0729 1412 sffp_mmc - ok
10:41:16.0771 1412 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:41:16.0826 1412 sffp_sd - ok
10:41:16.0875 1412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:16.0910 1412 sfloppy - ok
10:41:17.0051 1412 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:41:17.0098 1412 Sftfs - ok
10:41:17.0318 1412 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:41:17.0362 1412 sftlist - ok
10:41:17.0602 1412 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:41:17.0665 1412 Sftplay - ok
10:41:17.0723 1412 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:41:17.0752 1412 Sftredir - ok
10:41:17.0778 1412 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:41:17.0807 1412 Sftvol - ok
10:41:17.0984 1412 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:41:18.0019 1412 sftvsa - ok
10:41:18.0111 1412 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:41:18.0220 1412 SharedAccess - ok
10:41:18.0325 1412 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:41:18.0456 1412 ShellHWDetection - ok
10:41:18.0679 1412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:18.0717 1412 SiSRaid2 - ok
10:41:18.0777 1412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:18.0814 1412 SiSRaid4 - ok
10:41:19.0122 1412 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:41:19.0191 1412 SkypeUpdate - ok
10:41:19.0252 1412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:41:19.0371 1412 Smb - ok
10:41:19.0432 1412 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:41:19.0506 1412 SNMPTRAP - ok
10:41:19.0546 1412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:41:19.0579 1412 spldr - ok
10:41:19.0713 1412 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:41:19.0814 1412 Spooler - ok
10:41:20.0597 1412 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:41:20.0896 1412 sppsvc - ok
10:41:21.0186 1412 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:41:21.0270 1412 sppuinotify - ok
10:41:21.0555 1412 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
10:41:21.0597 1412 SRTSP - ok
10:41:21.0619 1412 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
10:41:21.0634 1412 SRTSPX - ok
10:41:21.0738 1412 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:41:21.0829 1412 srv - ok
10:41:22.0079 1412 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:41:22.0162 1412 srv2 - ok
10:41:22.0279 1412 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:41:22.0353 1412 SrvHsfHDA - ok
10:41:22.0696 1412 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:41:22.0815 1412 SrvHsfV92 - ok
10:41:23.0230 1412 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:41:23.0281 1412 SrvHsfWinac - ok
10:41:23.0364 1412 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:41:23.0460 1412 srvnet - ok
10:41:23.0606 1412 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:41:23.0734 1412 SSDPSRV - ok
10:41:23.0860 1412 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:41:23.0935 1412 SstpSvc - ok
10:41:24.0230 1412 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
10:41:24.0298 1412 STacSV - ok
10:41:24.0347 1412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:41:24.0396 1412 stexstor - ok
10:41:24.0840 1412 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
10:41:24.0940 1412 STHDA - ok
10:41:25.0087 1412 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:41:25.0188 1412 stisvc - ok
10:41:25.0220 1412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:41:25.0252 1412 swenum - ok
10:41:25.0408 1412 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:41:25.0532 1412 swprv - ok
10:41:25.0712 1412 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
10:41:25.0754 1412 SymDS - ok
10:41:25.0915 1412 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
10:41:25.0979 1412 SymEFA - ok
10:41:26.0086 1412 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:41:26.0123 1412 SymEvent - ok
10:41:26.0181 1412 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
10:41:26.0214 1412 SymIRON - ok
10:41:26.0363 1412 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
10:41:26.0405 1412 SymNetS - ok
10:41:26.0712 1412 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
10:41:26.0839 1412 SynTP - ok
10:41:27.0254 1412 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:41:27.0363 1412 SysMain - ok
10:41:27.0562 1412 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:41:27.0616 1412 TabletInputService - ok
10:41:27.0667 1412 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:41:27.0772 1412 TapiSrv - ok
10:41:27.0804 1412 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:41:27.0907 1412 TBS - ok
10:41:28.0238 1412 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:41:28.0340 1412 Tcpip - ok
10:41:29.0248 1412 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:41:29.0327 1412 TCPIP6 - ok
10:41:29.0520 1412 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:41:29.0624 1412 tcpipreg - ok
10:41:29.0660 1412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:41:29.0753 1412 TDPIPE - ok
10:41:29.0824 1412 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:41:29.0883 1412 TDTCP - ok
10:41:29.0954 1412 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:41:30.0047 1412 tdx - ok
10:41:30.0118 1412 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:41:30.0153 1412 TermDD - ok
10:41:30.0292 1412 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:41:30.0444 1412 TermService - ok
10:41:30.0486 1412 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:41:30.0550 1412 Themes - ok
10:41:30.0598 1412 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:41:30.0687 1412 THREADORDER - ok
10:41:30.0746 1412 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:41:30.0833 1412 TrkWks - ok
10:41:31.0056 1412 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:41:31.0168 1412 TrustedInstaller - ok
10:41:31.0219 1412 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:31.0319 1412 tssecsrv - ok
10:41:31.0391 1412 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:41:31.0432 1412 TsUsbFlt - ok
10:41:31.0529 1412 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:41:31.0625 1412 tunnel - ok
10:41:31.0727 1412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:41:31.0770 1412 uagp35 - ok
10:41:31.0996 1412 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:41:32.0118 1412 udfs - ok
10:41:32.0199 1412 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:41:32.0256 1412 UI0Detect - ok
10:41:32.0344 1412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:41:32.0379 1412 uliagpkx - ok
10:41:32.0434 1412 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:41:32.0510 1412 umbus - ok
10:41:32.0589 1412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:41:32.0647 1412 UmPass - ok
10:41:32.0991 1412 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:41:33.0117 1412 upnphost - ok
10:41:33.0225 1412 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:33.0313 1412 usbccgp - ok
10:41:33.0397 1412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:41:33.0489 1412 usbcir - ok
10:41:33.0513 1412 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:41:33.0562 1412 usbehci - ok
10:41:33.0639 1412 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
10:41:33.0699 1412 usbfilter - ok
10:41:33.0788 1412 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:41:33.0847 1412 usbhub - ok
10:41:33.0900 1412 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:41:33.0963 1412 usbohci - ok
10:41:34.0028 1412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:41:34.0103 1412 usbprint - ok
10:41:34.0148 1412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:41:34.0246 1412 usbscan - ok
10:41:34.0371 1412 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:41:34.0487 1412 USBSTOR - ok
10:41:34.0514 1412 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:41:34.0570 1412 usbuhci - ok
10:41:34.0744 1412 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:41:34.0793 1412 usbvideo - ok
10:41:34.0880 1412 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:41:34.0929 1412 usb_rndisx - ok
10:41:34.0972 1412 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:41:35.0083 1412 UxSms - ok
10:41:35.0130 1412 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:35.0163 1412 VaultSvc - ok
10:41:36.0521 1412 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
10:41:36.0670 1412 vcsFPService - ok
10:41:37.0548 1412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:41:37.0580 1412 vdrvroot - ok
10:41:37.0820 1412 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:41:37.0950 1412 vds - ok
10:41:38.0171 1412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:38.0241 1412 vga - ok
10:41:38.0260 1412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:41:38.0383 1412 VgaSave - ok
10:41:38.0597 1412 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:41:38.0666 1412 vhdmp - ok
10:41:38.0733 1412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:41:38.0776 1412 viaide - ok
10:41:38.0845 1412 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:41:38.0892 1412 volmgr - ok
10:41:39.0049 1412 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:41:39.0095 1412 volmgrx - ok
10:41:39.0239 1412 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:41:39.0285 1412 volsnap - ok
10:41:39.0485 1412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:39.0525 1412 vsmraid - ok
10:41:40.0471 1412 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:41:40.0647 1412 VSS - ok
10:41:41.0129 1412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:41.0189 1412 vwifibus - ok
10:41:41.0244 1412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:41.0297 1412 vwififlt - ok
10:41:41.0554 1412 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:41:41.0683 1412 W32Time - ok
10:41:41.0740 1412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:41:41.0805 1412 WacomPen - ok
10:41:41.0854 1412 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:41.0954 1412 WANARP - ok
10:41:41.0982 1412 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:42.0061 1412 Wanarpv6 - ok
10:41:42.0567 1412 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:41:42.0750 1412 WatAdminSvc - ok
10:41:43.0267 1412 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:41:43.0386 1412 wbengine - ok
10:41:44.0326 1412 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:41:44.0404 1412 WbioSrvc - ok
10:41:44.0713 1412 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:41:44.0796 1412 wcncsvc - ok
10:41:44.0964 1412 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:41:45.0323 1412 WcsPlugInService - ok
10:41:45.0662 1412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:41:45.0700 1412 Wd - ok
10:41:46.0555 1412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:41:46.0680 1412 Wdf01000 - ok
10:41:46.0866 1412 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:41:46.0994 1412 WdiServiceHost - ok
10:41:47.0001 1412 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:41:47.0035 1412 WdiSystemHost - ok
10:41:47.0129 1412 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:41:47.0207 1412 WebClient - ok
10:41:47.0271 1412 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:41:47.0380 1412 Wecsvc - ok
10:41:47.0417 1412 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:41:47.0571 1412 wercplsupport - ok
10:41:47.0655 1412 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:41:47.0756 1412 WerSvc - ok
10:41:47.0909 1412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:48.0000 1412 WfpLwf - ok
10:41:48.0102 1412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:41:48.0135 1412 WIMMount - ok
10:41:48.0176 1412 WinDefend - ok
10:41:48.0193 1412 WinHttpAutoProxySvc - ok
10:41:48.0400 1412 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:41:48.0575 1412 Winmgmt - ok
10:41:49.0422 1412 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:41:49.0632 1412 WinRM - ok
10:41:49.0963 1412 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:41:50.0021 1412 WinUSB - ok
10:41:50.0169 1412 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:41:50.0244 1412 Wlansvc - ok
10:41:51.0748 1412 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:41:51.0870 1412 wlidsvc - ok
10:41:52.0466 1412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:41:52.0588 1412 WmiAcpi - ok
10:41:52.0717 1412 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:41:52.0803 1412 wmiApSrv - ok
10:41:52.0866 1412 WMPNetworkSvc - ok
10:41:52.0892 1412 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:41:52.0950 1412 WPCSvc - ok
10:41:53.0011 1412 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:41:53.0084 1412 WPDBusEnum - ok
10:41:53.0112 1412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:41:53.0205 1412 ws2ifsl - ok
10:41:53.0255 1412 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:41:53.0322 1412 wscsvc - ok
10:41:53.0330 1412 WSearch - ok
10:41:53.0626 1412 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:41:53.0731 1412 wuauserv - ok
10:41:54.0128 1412 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:41:54.0267 1412 WudfPf - ok
10:41:54.0343 1412 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:54.0468 1412 WUDFRd - ok
10:41:54.0539 1412 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:41:54.0624 1412 wudfsvc - ok
10:41:54.0690 1412 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:41:54.0793 1412 WwanSvc - ok
10:41:54.0966 1412 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:41:55.0082 1412 yukonw7 - ok
10:41:55.0151 1412 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
10:41:55.0195 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:41:55.0195 1412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:41:55.0326 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:41:55.0326 1412 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:41:55.0348 1412 Boot (0x1200) (59289c2b48e375dded0bbbd04edd3b99) \Device\Harddisk0\DR0\Partition0
10:41:55.0358 1412 \Device\Harddisk0\DR0\Partition0 - ok
10:41:55.0457 1412 Boot (0x1200) (31b7528e894dd44a2d13f1fbb17edbf6) \Device\Harddisk0\DR0\Partition1
10:41:55.0627 1412 \Device\Harddisk0\DR0\Partition1 - ok
10:41:55.0693 1412 Boot (0x1200) (ece4f927bcdb5482a95bfaf7384b3603) \Device\Harddisk0\DR0\Partition2
10:41:55.0729 1412 \Device\Harddisk0\DR0\Partition2 - ok
10:41:55.0820 1412 Boot (0x1200) (f22c95416878215ea58f71b74cca52c4) \Device\Harddisk0\DR0\Partition3
10:41:55.0822 1412 \Device\Harddisk0\DR0\Partition3 - ok
10:41:55.0823 1412 ============================================================
10:41:55.0823 1412 Scan finished
10:41:55.0823 1412 ============================================================
10:41:55.0854 5956 Detected object count: 2
10:41:55.0854 5956 Actual detected object count: 2
10:42:13.0562 5956 \Device\Harddisk0\DR0\# - copied to quarantine
10:42:13.0563 5956 \Device\Harddisk0\DR0 - copied to quarantine
10:42:13.0662 5956 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:42:13.0669 5956 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:42:13.0679 5956 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:42:13.0691 5956 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:42:13.0718 5956 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:42:13.0735 5956 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:42:13.0740 5956 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:42:13.0744 5956 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:42:13.0750 5956 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:42:13.0756 5956 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:42:13.0763 5956 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:42:13.0769 5956 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:42:13.0807 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:42:13.0871 5956 \Device\Harddisk0\DR0 - ok
10:42:17.0896 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:42:17.0897 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:42:17.0898 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:43:54.0138 3788 Deinitialize success
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.28.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-HP [administrator]
6/28/2012 10:53:20 AM
mbam-log-2012-06-28 (10-53-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213808
Time elapsed: 15 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
I am going to disinfect it, I will not be able to run TDSSkiller until tomorrow. I will post the log tomorrow as soon as I do. Thanks.
-
This PC is mainly used for Netflix/Youtube and some online shopping, no banking or other activity that contains personal info. Can you tell how likely is it based on the infection that it won't be secure after disinfection?
-
I'm posting on behalf oy of mom who started using malwarebytes at my urging.
Malware bytes keeps decting 2 trojans, but when I restart the computer to complete removal it freezes and has to be manually turned off and back on to finish restarting.
I'm not sure if the trojans are causing the restart problems and are just refusing to be removed, or if there is a software problem causing the computer to freeze during restart and preventing removal. DDS and Malwarebytes logs below.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 18:15:26 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1688 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8
TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\3416D607D275966496 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\B4F4140313 : DhcpNameServer = 67.20.47.9 67.20.47.7 67.20.47.8
TCP: Interfaces\{B0391C71-D4E5-4064-B7A3-607DB673E71C} : DhcpNameServer = 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-18 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08:09;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-3-11 245232]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 20:03:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 20:02:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 20:02:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 20:02:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 18:21:45 20480 ----a-w- C:\Windows\svchost.exe
2012-06-14 01:40:50 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d
2012-06-14 00:51:13 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 00:51:12 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 00:51:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 00:51:12 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 00:51:12 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 00:51:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 00:44:48 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 00:44:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 00:34:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 00:16:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:16:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 00:16:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:13:18 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 00:08:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 00:50:42 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2012-06-13 00:50:42 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2012-06-13 00:50:42 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
2012-06-13 00:50:42 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2012-06-13 00:50:42 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
2012-06-13 00:50:42 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2012-06-13 00:50:18 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
2012-06-08 18:51:07 -------- d-----w- C:\ProgramData\Kodak
2012-06-08 18:51:00 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
.
==================== Find3M ====================
.
2012-05-19 02:13:13 900 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 18:16:51.08 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2011 3:17:43 PM
System Uptime: 6/25/2012 5:40:46 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1641
Processor: AMD Phenom II P860 Triple-Core Processor | Socket S1G4 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 674 GiB total, 608.337 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 3.549 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP185: 5/27/2012 6:22:40 PM - Windows Backup
RP186: 5/27/2012 7:45:11 PM - Windows Update
RP187: 5/29/2012 6:50:22 PM - Windows Update
RP188: 5/30/2012 4:13:36 PM - Windows Update
RP189: 5/30/2012 4:39:07 PM - Windows Update
RP190: 6/1/2012 7:32:09 PM - Windows Update
RP191: 6/1/2012 10:11:26 PM - Windows Update
RP192: 6/3/2012 7:35:50 PM - Windows Update
RP193: 6/3/2012 8:05:16 PM - Windows Update
RP194: 6/4/2012 5:35:44 PM - Windows Backup
RP195: 6/6/2012 10:10:59 PM - Windows Update
RP196: 6/6/2012 10:37:03 PM - Windows Update
RP197: 6/8/2012 2:45:00 PM - Windows Update
RP198: 6/8/2012 6:48:24 PM - Windows Update
RP199: 6/10/2012 11:18:30 AM - Windows Update
RP200: 6/10/2012 1:01:17 PM - Windows Update
RP201: 6/11/2012 8:00:24 PM - Windows Backup
RP202: 6/12/2012 8:34:32 PM - Windows Update
RP203: 6/13/2012 9:37:09 PM - Windows Update
RP204: 6/13/2012 11:13:26 PM - Windows Update
RP205: 6/17/2012 11:23:25 AM - Windows Update
RP206: 6/18/2012 1:50:48 PM - Windows Backup
RP207: 6/18/2012 7:21:53 PM - Windows Update
RP208: 6/25/2012 4:01:35 PM - Windows Update
RP209: 6/25/2012 4:49:31 PM - Windows Update
RP210: 6/25/2012 5:59:53 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
CyberLink DVD Suite
D3DX10
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Fences Pro
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Hulu Desktop
ICA
IDT Audio
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java 6 Update 25
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Norton Online Backup
PdaNet for Android 2.45
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PSPPContent
PSPPRO_DCRAW
PureHD
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Setup
Share
Skype Click to Call
Skype™ 5.8
Times Reader
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VIO
Virtual Families
Virtual Villagers 4 - The Tree of Life
VSClassic
VSPro
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 5:45:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/25/2012 4:49:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
6/25/2012 4:49:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
6/25/2012 4:49:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
6/25/2012 3:56:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/25/2012 3:47:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
6/18/2012 6:16:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
6/18/2012 3:16:35 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.
.
==== End Of File ===========================
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.25.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-HP [administrator]
6/25/2012 6:26:28 PM
mbam-log-2012-06-25 (18-38-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213698
Time elapsed: 11 minute(s), 18 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2956 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)
-
I ran otcleanit and uninstalled combofix. Everything is running fine. Thanks for all your help!
-
eset log
C:\FRST\Quarantine\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{0ee7986d-1ae1-49ff-a47e-ede12a1cdc41}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{739e5045-3e93-44f7-95bf-81a18c6f6715}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\extensions\{d25b6369-9c10-4b75-b820-d5f1a6a17408}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\hotelshopbooknow_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\mx_nan_a[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X60AT7H\mx_nan_a[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30LBSPYD\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67KTF39W\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan
-
Not having any problems. I ran Hijackthis as administrator.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:05 PM, on 6/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\httpd.exe (file missing)
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files\Workspace\offSyncService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
--
End of file - 10260 bytes
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.15.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
6/15/2012 2:41:01 PM
mbam-log-2012-06-15 (14-41-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200870
Time elapsed: 11 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Everything seems to be ok now, no problems.
ComboFix 12-06-13.05 - Owner 06/13/2012 22:17:40.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1056 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 02:31 . 2012-06-14 02:32 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-06-14 02:31 . 2012-06-14 02:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-14 02:31 . 2012-06-14 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 22:20 . 2012-06-13 22:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BC3FE9-7BE4-4DFC-A41E-9757832A873D}\offreg.dll
2012-06-13 22:01 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BC3FE9-7BE4-4DFC-A41E-9757832A873D}\mpengine.dll
2012-06-08 20:05 . 2012-06-08 20:06 -------- d-----w- C:\FRST
2012-06-08 16:09 . 2012-06-08 16:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 16:09 . 2012-06-08 16:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 02:25 . 2012-06-08 02:25 -------- d-----w- c:\users\Owner\SyncFolder
2012-06-08 02:24 . 2012-06-08 02:36 -------- d-----w- c:\program files\MyPC Backup
2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\programdata\HitmanPro
2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\program files\HitmanPro
2012-06-05 17:54 . 2012-06-05 17:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-01 15:02 . 2012-06-01 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-22 16:53 . 2012-05-22 16:55 -------- d-----w- c:\programdata\Knowledge Adventure
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\SWF Studio
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\JumpStart
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:36 . 2012-04-03 17:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 14:36 . 2011-12-13 12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-04-18 17:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-12 06:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 06:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-12 06:14 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-12 06:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-12 06:15 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-08 16:09 . 2011-05-17 15:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Starfield Updater"="c:\users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe" [2012-02-01 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 71189191
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 71189191
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]
.
2012-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]
.
2012-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 22:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4120)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Workspace\offsyncext.dll
.
Completion time: 2012-06-13 22:36:25
ComboFix-quarantined-files.txt 2012-06-14 02:36
ComboFix2.txt 2012-06-12 19:54
ComboFix3.txt 2011-12-30 21:28
.
Pre-Run: 11,748,519,936 bytes free
Post-Run: 11,964,424,192 bytes free
.
- - End Of File - - 0BC4A276184C838D7A7466605A7E890A
-
The computer seems to be acting ok. Logs below.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 14:13:00
-----------------------------
14:13:00.878 OS Version: Windows 6.0.6002 Service Pack 2
14:13:00.878 Number of processors: 2 586 0xF0D
14:13:00.878 ComputerName: OWNER-PC UserName: Owner
14:13:03.452 Initialize success
14:14:38.383 AVAST engine defs: 12061300
14:16:35.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:16:35.929 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
14:16:35.960 Disk 0 MBR read successfully
14:16:35.976 Disk 0 MBR scan
14:16:36.022 Disk 0 unknown MBR code
14:16:36.038 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
14:16:36.069 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
14:16:36.132 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
14:16:36.147 Disk 0 scanning sectors +312578048
14:16:36.272 Disk 0 scanning C:\Windows\system32\drivers
14:17:04.009 Service scanning
14:17:48.703 Modules scanning
14:17:56.066 Disk 0 trace - called modules:
14:17:56.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
14:17:56.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8516a9a8]
14:17:56.160 3 CLASSPNP.SYS[87fa38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f738d8]
14:17:58.125 AVAST engine scan C:\Windows
14:18:13.023 AVAST engine scan C:\Windows\system32
14:25:21.914 AVAST engine scan C:\Windows\system32\drivers
14:25:54.175 AVAST engine scan C:\Users\Owner
14:57:23.424 AVAST engine scan C:\ProgramData
15:05:50.299 Scan finished successfully
17:50:49.765 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:50:49.781 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
14:11:16.0905 3856 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:11:19.0026 3856 ============================================================
14:11:19.0026 3856 Current date / time: 2012/06/13 14:11:19.0026
14:11:19.0027 3856 SystemInfo:
14:11:19.0027 3856
14:11:19.0027 3856 OS Version: 6.0.6002 ServicePack: 2.0
14:11:19.0027 3856 Product type: Workstation
14:11:19.0027 3856 ComputerName: OWNER-PC
14:11:19.0028 3856 UserName: Owner
14:11:19.0028 3856 Windows directory: C:\Windows
14:11:19.0028 3856 System windows directory: C:\Windows
14:11:19.0028 3856 Processor architecture: Intel x86
14:11:19.0028 3856 Number of processors: 2
14:11:19.0028 3856 Page size: 0x1000
14:11:19.0028 3856 Boot type: Normal boot
14:11:19.0028 3856 ============================================================
14:11:28.0341 3856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:11:28.0341 3856 ============================================================
14:11:28.0341 3856 \Device\Harddisk0\DR0:
14:11:28.0341 3856 MBR partitions:
14:11:28.0341 3856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
14:11:28.0341 3856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
14:11:28.0341 3856 ============================================================
14:11:28.0794 3856 C: <-> \Device\Harddisk0\DR0\Partition0
14:11:28.0887 3856 D: <-> \Device\Harddisk0\DR0\Partition1
14:11:28.0887 3856 ============================================================
14:11:28.0887 3856 Initialize success
14:11:28.0887 3856 ============================================================
14:11:31.0711 5700 ============================================================
14:11:31.0711 5700 Scan started
14:11:31.0711 5700 Mode: Manual;
14:11:31.0711 5700 ============================================================
14:11:32.0678 5700 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:11:32.0694 5700 ACPI - ok
14:11:32.0756 5700 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:11:32.0787 5700 adp94xx - ok
14:11:32.0850 5700 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:11:32.0881 5700 adpahci - ok
14:11:32.0928 5700 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:11:32.0943 5700 adpu160m - ok
14:11:32.0990 5700 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:11:32.0990 5700 adpu320 - ok
14:11:33.0021 5700 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:11:33.0021 5700 AeLookupSvc - ok
14:11:33.0084 5700 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:11:33.0115 5700 AFD - ok
14:11:33.0146 5700 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
14:11:33.0146 5700 AgereModemAudio - ok
14:11:33.0302 5700 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
14:11:33.0349 5700 AgereSoftModem - ok
14:11:33.0380 5700 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:11:33.0380 5700 agp440 - ok
14:11:33.0396 5700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:11:33.0411 5700 aic78xx - ok
14:11:33.0427 5700 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:11:33.0427 5700 ALG - ok
14:11:33.0458 5700 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:11:33.0458 5700 aliide - ok
14:11:33.0489 5700 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:11:33.0489 5700 amdagp - ok
14:11:33.0505 5700 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:11:33.0520 5700 amdide - ok
14:11:33.0536 5700 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:11:33.0536 5700 AmdK7 - ok
14:11:33.0567 5700 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:11:33.0567 5700 AmdK8 - ok
14:11:33.0567 5700 Apache2.2 - ok
14:11:33.0598 5700 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:11:33.0598 5700 Appinfo - ok
14:11:33.0645 5700 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:11:33.0645 5700 arc - ok
14:11:33.0676 5700 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:11:33.0692 5700 arcsas - ok
14:11:33.0864 5700 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:11:33.0910 5700 aspnet_state - ok
14:11:33.0957 5700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:33.0957 5700 AsyncMac - ok
14:11:34.0035 5700 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:11:34.0035 5700 atapi - ok
14:11:34.0191 5700 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
14:11:34.0238 5700 athr - ok
14:11:34.0332 5700 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:11:34.0332 5700 AudioEndpointBuilder - ok
14:11:34.0347 5700 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:11:34.0347 5700 Audiosrv - ok
14:11:34.0394 5700 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:11:34.0425 5700 b57nd60x - ok
14:11:34.0456 5700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:11:34.0456 5700 Beep - ok
14:11:34.0550 5700 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:11:34.0566 5700 BFE - ok
14:11:34.0768 5700 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:11:34.0815 5700 BITS - ok
14:11:34.0846 5700 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:11:34.0862 5700 blbdrive - ok
14:11:34.0924 5700 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:11:34.0924 5700 bowser - ok
14:11:34.0971 5700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:11:34.0971 5700 BrFiltLo - ok
14:11:34.0987 5700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:11:34.0987 5700 BrFiltUp - ok
14:11:35.0096 5700 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
14:11:35.0096 5700 BridgeMP - ok
14:11:35.0143 5700 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:11:35.0143 5700 Browser - ok
14:11:35.0174 5700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:11:35.0174 5700 Brserid - ok
14:11:35.0190 5700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:11:35.0190 5700 BrSerWdm - ok
14:11:35.0221 5700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:11:35.0221 5700 BrUsbMdm - ok
14:11:35.0236 5700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:11:35.0236 5700 BrUsbSer - ok
14:11:35.0268 5700 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:11:35.0268 5700 BTHMODEM - ok
14:11:35.0377 5700 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
14:11:35.0377 5700 BUNAgentSvc - ok
14:11:35.0455 5700 catchme - ok
14:11:35.0470 5700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:35.0470 5700 cdfs - ok
14:11:35.0517 5700 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:11:35.0517 5700 cdrom - ok
14:11:35.0580 5700 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:11:35.0595 5700 CertPropSvc - ok
14:11:35.0611 5700 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:11:35.0611 5700 circlass - ok
14:11:35.0689 5700 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:11:35.0704 5700 CLFS - ok
14:11:35.0954 5700 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:36.0032 5700 clr_optimization_v2.0.50727_32 - ok
14:11:36.0360 5700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:36.0375 5700 clr_optimization_v4.0.30319_32 - ok
14:11:36.0406 5700 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:36.0406 5700 CmBatt - ok
14:11:36.0422 5700 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:11:36.0422 5700 cmdide - ok
14:11:36.0438 5700 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:36.0438 5700 Compbatt - ok
14:11:36.0453 5700 COMSysApp - ok
14:11:36.0469 5700 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:11:36.0469 5700 crcdisk - ok
14:11:36.0484 5700 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:11:36.0484 5700 Crusoe - ok
14:11:36.0547 5700 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:11:36.0562 5700 CryptSvc - ok
14:11:36.0672 5700 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:11:36.0687 5700 DcomLaunch - ok
14:11:36.0750 5700 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:11:36.0750 5700 DfsC - ok
14:11:37.0015 5700 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:11:37.0093 5700 DFSR - ok
14:11:37.0764 5700 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:11:37.0795 5700 Dhcp - ok
14:11:37.0873 5700 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:11:37.0873 5700 disk - ok
14:11:37.0904 5700 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
14:11:37.0920 5700 DKbFltr - ok
14:11:37.0951 5700 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:11:37.0982 5700 Dnscache - ok
14:11:38.0060 5700 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:11:38.0107 5700 dot3svc - ok
14:11:38.0169 5700 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:11:38.0169 5700 DPS - ok
14:11:38.0247 5700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:11:38.0247 5700 drmkaud - ok
14:11:38.0356 5700 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:38.0388 5700 DXGKrnl - ok
14:11:38.0419 5700 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:11:38.0434 5700 E1G60 - ok
14:11:38.0466 5700 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:11:38.0481 5700 EapHost - ok
14:11:38.0528 5700 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:11:38.0544 5700 Ecache - ok
14:11:38.0762 5700 eDataSecurity Service (2ce2ddcb1a41ed4488a2a8b98d286b3d) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
14:11:38.0871 5700 eDataSecurity Service - ok
14:11:39.0152 5700 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:11:39.0230 5700 ehRecvr - ok
14:11:39.0261 5700 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:11:39.0261 5700 ehSched - ok
14:11:39.0277 5700 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:11:39.0292 5700 ehstart - ok
14:11:39.0370 5700 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:11:39.0386 5700 elxstor - ok
14:11:39.0480 5700 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:11:39.0495 5700 EMDMgmt - ok
14:11:39.0542 5700 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:11:39.0542 5700 ErrDev - ok
14:11:39.0651 5700 ETService (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
14:11:39.0651 5700 ETService - ok
14:11:39.0760 5700 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:11:39.0807 5700 EventSystem - ok
14:11:39.0854 5700 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:11:39.0854 5700 exfat - ok
14:11:39.0916 5700 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:11:39.0948 5700 fastfat - ok
14:11:39.0963 5700 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:11:39.0979 5700 fdc - ok
14:11:40.0010 5700 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:11:40.0010 5700 fdPHost - ok
14:11:40.0026 5700 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:11:40.0041 5700 FDResPub - ok
14:11:40.0244 5700 File Backup (ed59ad1c8db2f26324051b035ae56cdd) C:\Program Files\Workspace\offSyncService.exe
14:11:40.0322 5700 File Backup - ok
14:11:40.0338 5700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:11:40.0338 5700 FileInfo - ok
14:11:40.0353 5700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:11:40.0353 5700 Filetrace - ok
14:11:40.0369 5700 FileZilla Server - ok
14:11:40.0400 5700 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:40.0400 5700 flpydisk - ok
14:11:40.0447 5700 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:11:40.0462 5700 FltMgr - ok
14:11:40.0634 5700 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:11:40.0696 5700 FontCache - ok
14:11:40.0946 5700 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:11:40.0977 5700 FontCache3.0.0.0 - ok
14:11:41.0024 5700 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:41.0055 5700 Fs_Rec - ok
14:11:41.0086 5700 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:11:41.0086 5700 gagp30kx - ok
14:11:41.0180 5700 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:11:41.0180 5700 GoogleDesktopManager-051210-111108 - ok
14:11:41.0320 5700 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:11:41.0383 5700 gpsvc - ok
14:11:41.0430 5700 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:11:41.0430 5700 gupdate - ok
14:11:41.0476 5700 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:11:41.0476 5700 gupdatem - ok
14:11:41.0539 5700 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:11:41.0570 5700 gusvc - ok
14:11:41.0913 5700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:11:41.0944 5700 HdAudAddService - ok
14:11:42.0038 5700 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:11:42.0085 5700 HDAudBus - ok
14:11:42.0116 5700 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:11:42.0116 5700 HidBth - ok
14:11:42.0147 5700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:11:42.0147 5700 HidIr - ok
14:11:42.0210 5700 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:11:42.0210 5700 hidserv - ok
14:11:42.0256 5700 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:42.0256 5700 HidUsb - ok
14:11:42.0303 5700 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:11:42.0334 5700 hkmsvc - ok
14:11:42.0350 5700 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:11:42.0366 5700 HpCISSs - ok
14:11:42.0459 5700 hpqcxs08 (5eaacbb733c8c360247239f6874b14b4) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:11:42.0506 5700 hpqcxs08 - ok
14:11:42.0537 5700 hpqddsvc (8fe93079a7c053dafe9a0e5753e3d698) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:11:42.0568 5700 hpqddsvc - ok
14:11:42.0600 5700 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:11:42.0631 5700 HSFHWAZL - ok
14:11:42.0771 5700 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:11:42.0834 5700 HSF_DPV - ok
14:11:42.0927 5700 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:11:42.0990 5700 HTTP - ok
14:11:43.0021 5700 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:11:43.0021 5700 i2omp - ok
14:11:43.0068 5700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:11:43.0130 5700 i8042prt - ok
14:11:43.0192 5700 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:11:43.0192 5700 iaStorV - ok
14:11:43.0458 5700 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:11:43.0582 5700 idsvc - ok
14:11:44.0690 5700 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:11:44.0940 5700 igfx - ok
14:11:45.0111 5700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:11:45.0111 5700 iirsp - ok
14:11:45.0205 5700 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:11:45.0236 5700 IKEEXT - ok
14:11:45.0267 5700 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
14:11:45.0408 5700 int15 - ok
14:11:45.0657 5700 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
14:11:45.0751 5700 IntcAzAudAddService - ok
14:11:46.0890 5700 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:11:46.0890 5700 intelide - ok
14:11:46.0921 5700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:46.0921 5700 intelppm - ok
14:11:46.0968 5700 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:11:46.0999 5700 IPBusEnum - ok
14:11:47.0030 5700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:47.0030 5700 IpFilterDriver - ok
14:11:47.0108 5700 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:11:47.0124 5700 iphlpsvc - ok
14:11:47.0124 5700 IpInIp - ok
14:11:47.0155 5700 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:11:47.0155 5700 IPMIDRV - ok
14:11:47.0186 5700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:11:47.0233 5700 IPNAT - ok
14:11:47.0248 5700 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
14:11:47.0248 5700 irda - ok
14:11:47.0264 5700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:11:47.0280 5700 IRENUM - ok
14:11:47.0311 5700 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
14:11:47.0311 5700 Irmon - ok
14:11:47.0342 5700 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:11:47.0342 5700 isapnp - ok
14:11:47.0404 5700 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:11:47.0451 5700 iScsiPrt - ok
14:11:47.0467 5700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:11:47.0467 5700 iteatapi - ok
14:11:47.0498 5700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:11:47.0498 5700 iteraid - ok
14:11:47.0514 5700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:47.0514 5700 kbdclass - ok
14:11:47.0545 5700 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:47.0545 5700 kbdhid - ok
14:11:47.0576 5700 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:11:47.0576 5700 KeyIso - ok
14:11:47.0716 5700 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:11:47.0732 5700 KSecDD - ok
14:11:47.0826 5700 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:11:47.0826 5700 KtmRm - ok
14:11:47.0888 5700 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:11:47.0904 5700 LanmanServer - ok
14:11:47.0950 5700 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:11:47.0966 5700 LanmanWorkstation - ok
14:11:48.0075 5700 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:11:48.0075 5700 LightScribeService - ok
14:11:48.0138 5700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:48.0138 5700 lltdio - ok
14:11:48.0200 5700 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:11:48.0262 5700 lltdsvc - ok
14:11:48.0278 5700 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:11:48.0278 5700 lmhosts - ok
14:11:48.0325 5700 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:11:48.0340 5700 LSI_FC - ok
14:11:48.0372 5700 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:11:48.0387 5700 LSI_SAS - ok
14:11:48.0418 5700 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:11:48.0434 5700 LSI_SCSI - ok
14:11:48.0450 5700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:11:48.0465 5700 luafv - ok
14:11:48.0543 5700 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
14:11:48.0559 5700 McAfee SiteAdvisor Service - ok
14:11:48.0684 5700 mcmscsvc (cb3a8976de2f65349322da7627cea223) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
14:11:48.0699 5700 mcmscsvc - ok
14:11:49.0058 5700 McNASvc (c69e71e00b30b60556d3e096699bd423) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
14:11:49.0136 5700 McNASvc - ok
14:11:49.0276 5700 McODS (21456f3051cbefd1f2d60d8b9ab9c6ee) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
14:11:49.0292 5700 McODS - ok
14:11:49.0339 5700 McProxy (8cf3da0be6094c34d7c4a85493e60547) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
14:11:49.0354 5700 McProxy - ok
14:11:49.0386 5700 McShield (33734abfa52ec8d096a1254d645e9b4f) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
14:11:49.0386 5700 McShield - ok
14:11:49.0495 5700 McSysmon (fd47df2bcc3544df65b01ad6b6062430) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
14:11:49.0526 5700 McSysmon - ok
14:11:49.0666 5700 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:11:49.0698 5700 Mcx2Svc - ok
14:11:49.0760 5700 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:11:49.0760 5700 megasas - ok
14:11:49.0807 5700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:11:49.0822 5700 MegaSR - ok
14:11:49.0869 5700 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
14:11:49.0869 5700 mfeavfk - ok
14:11:49.0900 5700 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
14:11:49.0900 5700 mfebopk - ok
14:11:49.0947 5700 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
14:11:49.0963 5700 mfehidk - ok
14:11:49.0994 5700 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
14:11:49.0994 5700 mferkdk - ok
14:11:50.0025 5700 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
14:11:50.0025 5700 mfesmfk - ok
14:11:50.0072 5700 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:11:50.0072 5700 MMCSS - ok
14:11:50.0103 5700 MobilityService - ok
14:11:50.0119 5700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:11:50.0134 5700 Modem - ok
14:11:50.0150 5700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:11:50.0150 5700 monitor - ok
14:11:50.0197 5700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:50.0197 5700 mouclass - ok
14:11:50.0228 5700 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:50.0228 5700 mouhid - ok
14:11:50.0244 5700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:11:50.0259 5700 MountMgr - ok
14:11:50.0353 5700 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:11:50.0431 5700 MozillaMaintenance - ok
14:11:50.0478 5700 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
14:11:50.0493 5700 MPFP - ok
14:11:50.0634 5700 MpfService (346f30f1ff73553aa466f4ae7948da00) C:\Program Files\McAfee\MPF\MPFSrv.exe
14:11:50.0634 5700 MpfService - ok
14:11:50.0680 5700 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:11:50.0680 5700 mpio - ok
14:11:50.0727 5700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:11:50.0727 5700 mpsdrv - ok
14:11:50.0836 5700 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:11:50.0883 5700 MpsSvc - ok
14:11:50.0899 5700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:11:50.0899 5700 Mraid35x - ok
14:11:50.0961 5700 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:11:51.0086 5700 MRxDAV - ok
14:11:51.0164 5700 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:51.0180 5700 mrxsmb - ok
14:11:51.0242 5700 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:51.0258 5700 mrxsmb10 - ok
14:11:51.0304 5700 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:51.0304 5700 mrxsmb20 - ok
14:11:51.0351 5700 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:11:51.0351 5700 msahci - ok
14:11:51.0398 5700 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:11:51.0414 5700 msdsm - ok
14:11:51.0460 5700 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:11:51.0507 5700 MSDTC - ok
14:11:51.0538 5700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:11:51.0538 5700 Msfs - ok
14:11:51.0601 5700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:11:51.0601 5700 msisadrv - ok
14:11:51.0663 5700 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:11:51.0679 5700 MSiSCSI - ok
14:11:51.0694 5700 msiserver - ok
14:11:52.0116 5700 MSK80Service (a05de3535884270b8d292dcbdd6ded20) C:\Program Files\McAfee\MSK\MskSrver.exe
14:11:52.0131 5700 MSK80Service - ok
14:11:52.0225 5700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:52.0225 5700 MSKSSRV - ok
14:11:52.0240 5700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:52.0240 5700 MSPCLOCK - ok
14:11:52.0256 5700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:11:52.0256 5700 MSPQM - ok
14:11:52.0318 5700 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:11:52.0334 5700 MsRPC - ok
14:11:52.0365 5700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:11:52.0365 5700 mssmbios - ok
14:11:52.0381 5700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:11:52.0381 5700 MSTEE - ok
14:11:52.0412 5700 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:11:52.0443 5700 Mup - ok
14:11:52.0459 5700 mysql - ok
14:11:53.0582 5700 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:11:53.0660 5700 napagent - ok
14:11:53.0738 5700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:53.0785 5700 NativeWifiP - ok
14:11:53.0894 5700 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:11:53.0910 5700 NDIS - ok
14:11:53.0941 5700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:53.0956 5700 NdisTapi - ok
14:11:53.0972 5700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:53.0972 5700 Ndisuio - ok
14:11:54.0019 5700 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:54.0034 5700 NdisWan - ok
14:11:54.0066 5700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:11:54.0066 5700 NDProxy - ok
14:11:54.0097 5700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:11:54.0112 5700 NetBIOS - ok
14:11:54.0175 5700 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:11:54.0175 5700 netbt - ok
14:11:54.0222 5700 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:11:54.0237 5700 Netlogon - ok
14:11:54.0300 5700 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:11:54.0331 5700 Netman - ok
14:11:55.0080 5700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:11:55.0173 5700 NetMsmqActivator - ok
14:11:55.0189 5700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:11:55.0189 5700 NetPipeActivator - ok
14:11:55.0766 5700 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:11:55.0813 5700 netprofm - ok
14:11:55.0828 5700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:11:55.0828 5700 NetTcpActivator - ok
14:11:55.0844 5700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:11:55.0844 5700 NetTcpPortSharing - ok
14:11:56.0140 5700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:11:56.0218 5700 nfrd960 - ok
14:11:56.0265 5700 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:11:56.0296 5700 NlaSvc - ok
14:11:56.0359 5700 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:11:56.0359 5700 Npfs - ok
14:11:56.0390 5700 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
14:11:56.0390 5700 NSCIRDA - ok
14:11:56.0421 5700 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:11:56.0421 5700 nsi - ok
14:11:56.0437 5700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:11:56.0437 5700 nsiproxy - ok
14:11:56.0920 5700 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:11:57.0045 5700 Ntfs - ok
14:11:57.0108 5700 NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:11:57.0108 5700 NTIBackupSvc - ok
14:11:57.0170 5700 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:11:57.0170 5700 NTIDrvr - ok
14:11:57.0404 5700 NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:11:57.0498 5700 NTISchedulerSvc - ok
14:11:57.0529 5700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:11:57.0529 5700 ntrigdigi - ok
14:11:58.0184 5700 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:11:58.0215 5700 NuidFltr - ok
14:11:58.0246 5700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:11:58.0246 5700 Null - ok
14:11:58.0309 5700 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:11:58.0324 5700 nvraid - ok
14:11:58.0371 5700 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:11:58.0371 5700 nvstor - ok
14:11:58.0434 5700 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:11:58.0434 5700 nv_agp - ok
14:11:58.0449 5700 NwlnkFlt - ok
14:11:58.0465 5700 NwlnkFwd - ok
14:11:58.0980 5700 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:11:59.0058 5700 odserv - ok
14:11:59.0104 5700 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:11:59.0104 5700 ohci1394 - ok
14:11:59.0198 5700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:59.0276 5700 ose - ok
14:12:00.0290 5700 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:12:00.0368 5700 p2pimsvc - ok
14:12:00.0384 5700 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:12:00.0399 5700 p2psvc - ok
14:12:01.0257 5700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:12:01.0257 5700 Parport - ok
14:12:01.0304 5700 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:12:01.0304 5700 partmgr - ok
14:12:01.0320 5700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:12:01.0320 5700 Parvdm - ok
14:12:01.0366 5700 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:12:01.0366 5700 PcaSvc - ok
14:12:01.0429 5700 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:12:01.0476 5700 pci - ok
14:12:01.0522 5700 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:12:01.0522 5700 pciide - ok
14:12:01.0569 5700 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
14:12:01.0616 5700 pcmcia - ok
14:12:02.0287 5700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:12:02.0334 5700 PEAUTH - ok
14:12:02.0630 5700 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:12:02.0755 5700 pla - ok
14:12:03.0301 5700 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:12:03.0332 5700 PlugPlay - ok
14:12:03.0441 5700 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:12:03.0457 5700 PNRPAutoReg - ok
14:12:03.0472 5700 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:12:03.0488 5700 PNRPsvc - ok
14:12:04.0018 5700 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:12:04.0096 5700 PolicyAgent - ok
14:12:04.0174 5700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:12:04.0174 5700 PptpMiniport - ok
14:12:04.0237 5700 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:12:04.0237 5700 Processor - ok
14:12:04.0315 5700 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:12:04.0362 5700 ProfSvc - ok
14:12:04.0393 5700 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:12:04.0408 5700 ProtectedStorage - ok
14:12:05.0376 5700 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:12:05.0376 5700 PSched - ok
14:12:05.0422 5700 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
14:12:05.0422 5700 PSDFilter - ok
14:12:05.0454 5700 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
14:12:05.0454 5700 PSDNServ - ok
14:12:05.0485 5700 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
14:12:05.0485 5700 psdvdisk - ok
14:12:06.0390 5700 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:12:06.0452 5700 ql2300 - ok
14:12:06.0499 5700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:12:06.0546 5700 ql40xx - ok
14:12:06.0608 5700 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:12:06.0655 5700 QWAVE - ok
14:12:06.0670 5700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:12:06.0670 5700 QWAVEdrv - ok
14:12:06.0686 5700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:12:06.0702 5700 RasAcd - ok
14:12:06.0748 5700 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:12:06.0764 5700 RasAuto - ok
14:12:06.0795 5700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:12:06.0795 5700 Rasl2tp - ok
14:12:06.0858 5700 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:12:06.0904 5700 RasMan - ok
14:12:06.0951 5700 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:12:06.0951 5700 RasPppoe - ok
14:12:07.0014 5700 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:12:07.0029 5700 RasSstp - ok
14:12:07.0092 5700 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:12:07.0123 5700 rdbss - ok
14:12:07.0170 5700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:12:07.0170 5700 RDPCDD - ok
14:12:07.0216 5700 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:12:07.0232 5700 rdpdr - ok
14:12:07.0248 5700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:12:07.0248 5700 RDPENCDD - ok
14:12:07.0326 5700 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:12:07.0341 5700 RDPWD - ok
14:12:07.0404 5700 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:12:07.0419 5700 RemoteAccess - ok
14:12:07.0482 5700 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:12:07.0497 5700 RemoteRegistry - ok
14:12:07.0528 5700 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:12:07.0528 5700 RpcLocator - ok
14:12:07.0653 5700 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
14:12:07.0669 5700 RpcSs - ok
14:12:07.0716 5700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:12:07.0716 5700 rspndr - ok
14:12:07.0762 5700 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
14:12:07.0809 5700 RTSTOR - ok
14:12:07.0872 5700 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:12:07.0872 5700 SamSs - ok
14:12:07.0918 5700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:12:07.0918 5700 sbp2port - ok
14:12:07.0981 5700 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:12:07.0996 5700 SCardSvr - ok
14:12:08.0090 5700 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:12:08.0121 5700 Schedule - ok
14:12:08.0184 5700 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:12:08.0199 5700 SCPolicySvc - ok
14:12:08.0230 5700 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:12:08.0230 5700 sdbus - ok
14:12:08.0293 5700 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:12:08.0308 5700 SDRSVC - ok
14:12:08.0340 5700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:12:08.0340 5700 secdrv - ok
14:12:08.0355 5700 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:12:08.0371 5700 seclogon - ok
14:12:08.0386 5700 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:12:08.0402 5700 SENS - ok
14:12:08.0433 5700 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:12:08.0433 5700 Serenum - ok
14:12:08.0464 5700 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:12:08.0480 5700 Serial - ok
14:12:08.0511 5700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:12:08.0511 5700 sermouse - ok
14:12:08.0574 5700 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:12:08.0589 5700 SessionEnv - ok
14:12:08.0605 5700 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:12:08.0605 5700 sffdisk - ok
14:12:08.0636 5700 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:12:08.0636 5700 sffp_mmc - ok
14:12:08.0667 5700 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:12:08.0667 5700 sffp_sd - ok
14:12:08.0683 5700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:12:08.0698 5700 sfloppy - ok
14:12:08.0761 5700 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:12:08.0776 5700 SharedAccess - ok
14:12:08.0839 5700 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:12:08.0870 5700 ShellHWDetection - ok
14:12:08.0886 5700 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:12:08.0901 5700 sisagp - ok
14:12:08.0964 5700 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:12:08.0964 5700 SiSRaid2 - ok
14:12:08.0995 5700 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:12:09.0057 5700 SiSRaid4 - ok
14:12:09.0463 5700 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:12:09.0572 5700 slsvc - ok
14:12:09.0728 5700 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:12:09.0744 5700 SLUINotify - ok
14:12:09.0868 5700 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:12:09.0868 5700 Smb - ok
14:12:09.0931 5700 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:12:09.0931 5700 SNMPTRAP - ok
14:12:09.0993 5700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:12:09.0993 5700 spldr - ok
14:12:10.0056 5700 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:12:10.0071 5700 Spooler - ok
14:12:10.0165 5700 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:12:10.0165 5700 srv - ok
14:12:10.0227 5700 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:12:10.0274 5700 srv2 - ok
14:12:10.0321 5700 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:12:10.0336 5700 srvnet - ok
14:12:10.0383 5700 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:12:10.0399 5700 SSDPSRV - ok
14:12:10.0430 5700 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:12:10.0430 5700 SstpSvc - ok
14:12:10.0539 5700 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:12:10.0555 5700 stisvc - ok
14:12:10.0602 5700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:12:10.0602 5700 swenum - ok
14:12:10.0680 5700 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:12:10.0695 5700 swprv - ok
14:12:10.0726 5700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:12:10.0742 5700 Symc8xx - ok
14:12:10.0773 5700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:12:10.0773 5700 Sym_hi - ok
14:12:10.0789 5700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:12:10.0789 5700 Sym_u3 - ok
14:12:10.0851 5700 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
14:12:10.0867 5700 SynTP - ok
14:12:10.0960 5700 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:12:10.0992 5700 SysMain - ok
14:12:11.0038 5700 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:12:11.0070 5700 TabletInputService - ok
14:12:11.0132 5700 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:12:11.0194 5700 TapiSrv - ok
14:12:11.0226 5700 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:12:11.0241 5700 TBS - ok
14:12:11.0428 5700 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:12:11.0460 5700 Tcpip - ok
14:12:11.0491 5700 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:12:11.0506 5700 Tcpip6 - ok
14:12:11.0569 5700 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:12:11.0631 5700 tcpipreg - ok
14:12:11.0662 5700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:12:11.0678 5700 TDPIPE - ok
14:12:11.0725 5700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:12:11.0725 5700 TDTCP - ok
14:12:11.0787 5700 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:12:11.0787 5700 tdx - ok
14:12:11.0850 5700 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:12:11.0865 5700 TermDD - ok
14:12:11.0974 5700 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:12:11.0990 5700 TermService - ok
14:12:12.0255 5700 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:12:12.0271 5700 Themes - ok
14:12:12.0552 5700 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:12:12.0567 5700 THREADORDER - ok
14:12:13.0082 5700 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:12:13.0129 5700 TrkWks - ok
14:12:13.0207 5700 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
14:12:13.0254 5700 TrueSight - ok
14:12:13.0675 5700 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:12:13.0675 5700 TrustedInstaller - ok
14:12:13.0815 5700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:12:13.0815 5700 tssecsrv - ok
14:12:13.0862 5700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:12:13.0862 5700 tunmp - ok
14:12:13.0924 5700 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:12:13.0924 5700 tunnel - ok
14:12:13.0971 5700 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:12:13.0971 5700 uagp35 - ok
14:12:14.0002 5700 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
14:12:14.0002 5700 UBHelper - ok
14:12:14.0080 5700 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:12:14.0096 5700 udfs - ok
14:12:14.0158 5700 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:12:14.0158 5700 UI0Detect - ok
14:12:14.0236 5700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:12:14.0236 5700 uliagpkx - ok
14:12:14.0299 5700 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:12:14.0424 5700 uliahci - ok
14:12:14.0548 5700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:12:14.0595 5700 UlSata - ok
14:12:14.0626 5700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:12:14.0720 5700 ulsata2 - ok
14:12:15.0328 5700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:12:15.0344 5700 umbus - ok
14:12:15.0438 5700 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:12:15.0469 5700 upnphost - ok
14:12:15.0531 5700 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:12:15.0594 5700 usbaudio - ok
14:12:15.0625 5700 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:12:15.0640 5700 usbccgp - ok
14:12:15.0672 5700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:12:15.0703 5700 usbcir - ok
14:12:15.0750 5700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:12:15.0750 5700 usbehci - ok
14:12:15.0921 5700 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:12:15.0984 5700 usbhub - ok
14:12:16.0015 5700 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:12:16.0030 5700 usbohci - ok
14:12:16.0062 5700 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:12:16.0062 5700 usbprint - ok
14:12:16.0124 5700 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:12:16.0124 5700 usbscan - ok
14:12:16.0171 5700 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:12:16.0171 5700 USBSTOR - ok
14:12:16.0202 5700 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:12:16.0218 5700 usbuhci - ok
14:12:16.0249 5700 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:12:16.0264 5700 usbvideo - ok
14:12:16.0311 5700 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:12:16.0327 5700 UxSms - ok
14:12:16.0420 5700 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:12:16.0452 5700 vds - ok
14:12:16.0483 5700 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:12:16.0483 5700 vga - ok
14:12:16.0514 5700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:12:16.0514 5700 VgaSave - ok
14:12:16.0545 5700 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:12:16.0545 5700 viaagp - ok
14:12:16.0592 5700 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:12:16.0592 5700 ViaC7 - ok
14:12:16.0623 5700 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:12:16.0623 5700 viaide - ok
14:12:16.0654 5700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:12:16.0654 5700 volmgr - ok
14:12:17.0247 5700 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:12:17.0263 5700 volmgrx - ok
14:12:17.0325 5700 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:12:17.0341 5700 volsnap - ok
14:12:17.0403 5700 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:12:17.0419 5700 vsmraid - ok
14:12:17.0575 5700 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:12:17.0606 5700 VSS - ok
14:12:17.0668 5700 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:12:17.0684 5700 W32Time - ok
14:12:17.0746 5700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:12:17.0746 5700 WacomPen - ok
14:12:17.0793 5700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:12:17.0793 5700 Wanarp - ok
14:12:17.0809 5700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:12:17.0809 5700 Wanarpv6 - ok
14:12:17.0871 5700 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:12:17.0887 5700 wcncsvc - ok
14:12:17.0934 5700 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:12:17.0934 5700 WcsPlugInService - ok
14:12:17.0965 5700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:12:17.0965 5700 Wd - ok
14:12:18.0027 5700 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:12:18.0058 5700 Wdf01000 - ok
14:12:18.0090 5700 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:12:18.0105 5700 WdiServiceHost - ok
14:12:18.0121 5700 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:12:18.0121 5700 WdiSystemHost - ok
14:12:18.0199 5700 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:12:18.0214 5700 WebClient - ok
14:12:18.0308 5700 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:12:18.0339 5700 Wecsvc - ok
14:12:18.0370 5700 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:12:18.0386 5700 wercplsupport - ok
14:12:18.0448 5700 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:12:18.0464 5700 WerSvc - ok
14:12:18.0542 5700 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:12:18.0573 5700 winachsf - ok
14:12:18.0667 5700 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:12:18.0698 5700 WinDefend - ok
14:12:18.0745 5700 WinHttpAutoProxySvc - ok
14:12:18.0838 5700 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:12:18.0854 5700 Winmgmt - ok
14:12:19.0026 5700 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:12:19.0072 5700 WinRM - ok
14:12:19.0197 5700 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:12:19.0213 5700 Wlansvc - ok
14:12:19.0291 5700 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:12:19.0291 5700 WmiAcpi - ok
14:12:19.0431 5700 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:12:19.0447 5700 wmiApSrv - ok
14:12:19.0618 5700 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:12:19.0650 5700 WMPNetworkSvc - ok
14:12:19.0681 5700 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:12:19.0696 5700 WPCSvc - ok
14:12:19.0743 5700 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:12:19.0759 5700 WPDBusEnum - ok
14:12:19.0837 5700 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:12:19.0899 5700 WpdUsb - ok
14:12:20.0133 5700 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:12:20.0164 5700 WPFFontCache_v0400 - ok
14:12:20.0196 5700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:12:20.0196 5700 ws2ifsl - ok
14:12:20.0242 5700 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:12:20.0274 5700 wscsvc - ok
14:12:20.0274 5700 WSearch - ok
14:12:20.0554 5700 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:12:20.0632 5700 wuauserv - ok
14:12:20.0820 5700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:12:20.0820 5700 WUDFRd - ok
14:12:20.0898 5700 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:12:20.0913 5700 wudfsvc - ok
14:12:20.0991 5700 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
14:12:21.0054 5700 yukonwlh - ok
14:12:21.0085 5700 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
14:12:26.0077 5700 \Device\Harddisk0\DR0 - ok
14:12:26.0592 5700 Boot (0x1200) (dd7135c8c40ba84eeecd3600268e932e) \Device\Harddisk0\DR0\Partition0
14:12:26.0592 5700 \Device\Harddisk0\DR0\Partition0 - ok
14:12:26.0623 5700 Boot (0x1200) (44cc9adfe5beddbea61922cfb7321598) \Device\Harddisk0\DR0\Partition1
14:12:26.0638 5700 \Device\Harddisk0\DR0\Partition1 - ok
14:12:26.0638 5700 ============================================================
14:12:26.0638 5700 Scan finished
14:12:26.0638 5700 ============================================================
14:12:26.0654 5328 Detected object count: 0
14:12:26.0654 5328 Actual detected object count: 0
14:12:57.0058 4596 Deinitialize success
-
Wow i just realized I attached the log and didn't paste it, that's strike two I guess.....
ComboFix 12-06-12.01 - Owner 06/12/2012 15:26:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.1194 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 19:41 . 2012-06-12 19:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-12 19:41 . 2012-06-12 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 20:05 . 2012-06-08 20:06 -------- d-----w- C:\FRST
2012-06-08 16:09 . 2012-06-08 16:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 16:09 . 2012-06-08 16:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 02:25 . 2012-06-08 02:25 -------- d-----w- c:\users\Owner\SyncFolder
2012-06-08 02:24 . 2012-06-08 02:36 -------- d-----w- c:\program files\MyPC Backup
2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\programdata\HitmanPro
2012-06-05 17:57 . 2012-06-05 17:57 -------- d-----w- c:\program files\HitmanPro
2012-06-05 17:54 . 2012-06-05 17:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-01 15:02 . 2012-06-01 15:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-22 16:53 . 2012-05-22 16:55 -------- d-----w- c:\programdata\Knowledge Adventure
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\SWF Studio
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\JumpStart
2012-05-22 16:53 . 2012-05-22 16:53 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:36 . 2012-04-03 17:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 14:36 . 2011-12-13 12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2012-06-01 11:32 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{156AFE6E-1D28-499A-89B7-FAC1497F2106}\mpengine.dll
2012-04-04 19:56 . 2011-04-18 17:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-12 06:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 06:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-12 06:14 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-12 06:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-12 06:15 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-08 16:09 . 2011-05-17 15:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-17 16:40 . 2011-06-17 16:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-18 11:54 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Starfield Updater"="c:\users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe" [2012-02-01 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-17 30192]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 16:55]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 02:47]
.
2012-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]
.
2012-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-22 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_5735
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y66jd7st.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mail.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 15:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3684)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Workspace\offsyncext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Workspace\offSyncService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\WerCon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-12 15:54:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 19:53
ComboFix2.txt 2011-12-30 21:28
.
Pre-Run: 11,382,685,696 bytes free
Post-Run: 11,222,568,960 bytes free
.
- - End Of File - - 403BC589AD9C32F11833E9D5803BB957
-
Sorry I did not reply sooner, I was gone all weekend. I ran combo fix the log is attached. Malwarebytes scans come up clean and my computer is running fine. It looks like combofix detected and repaired one file. I forgot to disable macafee
and it popped up with a registery change warning which I allowed. Thanks for all your help thus far! -
Fix log below. Just ran malwarebytes and it came up clean.
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-06-2012 04
Ran by SYSTEM at 2012-06-08 15:07:27 Run:1
Running from H:\
==============================================
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} moved successfully.
C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f} moved successfully.
==== End of Fixlog ====
-
Here is the farbar log. Malwarebytes is still detecting the same three infections today.
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-06-2012 04
Ran by SYSTEM at 08-06-2012 12:05:50
Running from H:\
Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-03-08] (Adobe Systems Incorporated)
HKLM\...\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [582992 2007-08-03] (McAfee, Inc.)
HKLM\...\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [skytel] Skytel.exe [x]
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-09-10] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [409600 2008-06-11] (Acer Inc.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-06-17] (Google)
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup [3387392 2007-11-26] (Leader Technologies)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-09-04] (Apple Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1626112 2009-07-31] (Eastman Kodak Company)
HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKU\Owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-12-21] (Google Inc.)
HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-04] (Google Inc.)
HKU\Owner\...\Run: [starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe" [34496 2012-02-01] ()
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
================================ Services (Whitelisted) ==================
2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)
2 eDataSecurity Service; "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-05-14] (Egis Incorporated)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1188624 2012-02-21] (Starfield Technologies)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-06-17] (Google)
2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [95200 2012-01-13] (McAfee, Inc.)
2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.)
3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-11-07] (McAfee, Inc.)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-04-28] (Mozilla Foundation)
2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [856864 2007-07-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [23880 2007-11-26] (McAfee, Inc.)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [50424 2008-04-06] (NewTech InfoSystems, Inc.)
2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] ()
2 Apache2.2; "c:\xampp\apache\bin\httpd.exe" -k runservice [x]
2 FileZilla Server; "c:\xampp\filezillaftp\filezillaserver.exe" [x]
2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]
2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]
2 mysql; c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql [x]
========================== Drivers (Whitelisted) =============
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1202560 2008-02-29] (Agere Systems)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2006-11-02] (Dritek System Inc.)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.)
2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-20] (Microsoft Corporation)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-22] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-22] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-22] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-20] (National Semiconductor Corporation)
3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [14848 2008-01-30] (NewTech Infosystems, Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [18992 2008-05-14] (Egis Incorporated)
2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [16944 2008-05-14] (Egis Incorporated)
2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60464 2008-05-14] (Egis Incorporated)
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [61440 2008-08-12] (Realtek Semiconductor Corp.)
3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [111872 2012-06-05] ()
0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13824 2008-01-30] (NewTech Infosystems Corporation)
3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-08 12:05 - 2012-06-08 12:05 - 00000000 ____D C:\FRST
2012-06-08 08:01 - 2012-06-08 08:01 - 00008212 ____A C:\Windows\mfebcdata
2012-06-08 06:02 - 2012-06-08 06:02 - 00870790 ____A C:\Users\Owner\Desktop\FRST.exe
2012-06-07 20:02 - 2012-06-07 20:02 - 00015873 ____A C:\Users\Owner\Desktop\Attach.txt
2012-06-07 20:02 - 2012-06-07 20:02 - 00012311 ____A C:\Users\Owner\Desktop\DDS.txt
2012-06-07 18:25 - 2012-06-07 18:25 - 00000000 ____D C:\Users\Owner\SyncFolder
2012-06-07 18:24 - 2012-06-07 18:36 - 00000000 ____D C:\Program Files\MyPC Backup
2012-06-07 14:32 - 2012-06-06 12:29 - 00965222 ____A C:\Windows\ntbtlog.txt
2012-06-07 04:56 - 2012-06-07 04:56 - 00002592 ____A C:\Users\Owner\Desktop\mbam-log-2012-06-07 (08-42-52).txt
2012-06-06 16:16 - 2012-06-06 16:16 - 00017957 ____A C:\Users\Owner\Desktop\virusus.jpg
2012-06-06 15:03 - 2012-06-07 16:25 - 2072891392 __ASH C:\hiberfil.sys
2012-06-06 07:14 - 2012-06-06 15:58 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 06:58 - 2012-06-06 07:01 - 00119126 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_10.58.46_log.txt
2012-06-06 06:57 - 2012-06-06 06:58 - 00000348 ____A C:\TDSSKiller.2.6.25.0_06.06.2012_10.57.57_log.txt
2012-06-05 10:25 - 2012-06-05 10:26 - 00119126 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_14.25.27_log.txt
2012-06-05 10:23 - 2012-06-05 10:24 - 00000348 ____A C:\TDSSKiller.2.6.25.0_05.06.2012_14.23.33_log.txt
2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-05 09:54 - 2012-06-05 09:54 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-06-05 09:54 - 2012-06-05 09:54 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-06-05 09:36 - 2012-06-05 09:36 - 02804712 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE(1).exe
2012-06-01 07:02 - 2012-06-01 07:02 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-25 19:08 - 2012-05-25 19:09 - 00145544 ____A C:\Windows\Minidump\Mini052512-01.dmp
2012-05-25 10:55 - 2012-05-25 10:55 - 00000000 ____D C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang
2012-05-25 10:54 - 2012-05-25 10:54 - 20481575 ____A C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang.zip
2012-05-24 05:19 - 2012-05-24 05:19 - 00173214 ____A C:\Users\Owner\Documents\hatching info charts.pdf
2012-05-22 08:53 - 2012-05-22 08:55 - 00000000 ____D C:\Users\All Users\Knowledge Adventure
2012-05-22 08:53 - 2012-05-22 08:53 - 00001880 ____A C:\Users\Public\Desktop\JumpStart Advanced Preschool.lnk
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\JumpStart
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\Knowledge Adventure
2012-05-16 10:25 - 2012-05-16 10:26 - 00013399 ____A C:\Users\Owner\Documents\Lollipops and Rainbows.docx
2012-05-11 22:15 - 2012-03-30 04:39 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 22:15 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 22:15 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-11 22:15 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-11 22:15 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-11 22:15 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-11 22:15 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 22:14 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-11 22:14 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 22:14 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 07:21 - 2012-05-10 10:48 - 00011495 ____A C:\Users\Owner\Documents\rent notice may.docx
============ 3 Months Modified Files and Folders ===============
2012-06-08 08:02 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-08 08:02 - 2006-11-02 04:47 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-08 08:01 - 2012-06-08 08:01 - 00008212 ____A C:\Windows\mfebcdata
2012-06-08 08:01 - 2008-10-22 20:01 - 01468445 ____A C:\Windows\WindowsUpdate.log
2012-06-08 08:01 - 2008-04-30 01:37 - 00029068 ____A C:\Windows\System32\Config.MPF
2012-06-08 08:01 - 2006-11-02 05:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-08 08:01 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-08 07:34 - 2010-02-09 08:55 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 07:13 - 2011-08-04 18:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000UA.job
2012-06-08 06:03 - 2006-11-02 02:33 - 00791000 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 06:02 - 2012-06-08 06:02 - 00870790 ____A C:\Users\Owner\Desktop\FRST.exe
2012-06-08 04:34 - 2010-02-09 08:55 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-08 02:13 - 2011-08-04 18:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782296849-3073254760-3789230479-1000Core.job
2012-06-07 20:14 - 2011-09-03 07:51 - 00002663 ____A C:\Users\Owner\Desktop\Microsoft Office OneNote 2007.lnk
2012-06-07 20:02 - 2012-06-07 20:02 - 00015873 ____A C:\Users\Owner\Desktop\Attach.txt
2012-06-07 20:02 - 2012-06-07 20:02 - 00012311 ____A C:\Users\Owner\Desktop\DDS.txt
2012-06-07 18:36 - 2012-06-07 18:24 - 00000000 ____D C:\Program Files\MyPC Backup
2012-06-07 18:36 - 2011-12-27 06:46 - 00000000 ___RD C:\Users\Owner\AppData\Local\MicrosoftNT
2012-06-07 18:25 - 2012-06-07 18:25 - 00000000 ____D C:\Users\Owner\SyncFolder
2012-06-07 18:25 - 2008-12-21 06:02 - 00000000 ____D C:\users\Owner
2012-06-07 16:26 - 2012-02-01 07:58 - 00056892 ____A C:\Users\Owner\Documents\WorkspaceUpdate.log
2012-06-07 16:25 - 2012-06-06 15:03 - 2072891392 __ASH C:\hiberfil.sys
2012-06-07 16:25 - 2012-02-01 07:58 - 00013766 ____A C:\Windows\offSyncService.log
2012-06-07 16:25 - 2008-10-22 20:14 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-06-07 16:25 - 2008-04-30 01:54 - 00000147 ____A C:\Windows\System32\agent.log
2012-06-07 16:25 - 2008-01-20 18:47 - 09774182 ____A C:\Windows\PFRO.log
2012-06-07 16:23 - 2011-12-20 10:29 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE
2012-06-07 14:51 - 2012-02-01 07:55 - 00446446 ____A C:\Users\Owner\Documents\workspaceinstall.log
2012-06-07 05:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\schemas
2012-06-07 04:56 - 2012-06-07 04:56 - 00002592 ____A C:\Users\Owner\Desktop\mbam-log-2012-06-07 (08-42-52).txt
2012-06-07 04:42 - 2011-12-20 19:04 - 00000594 ____A C:\rkill.log
2012-06-06 16:16 - 2012-06-06 16:16 - 00017957 ____A C:\Users\Owner\Desktop\virusus.jpg
2012-06-06 15:58 - 2012-06-06 07:14 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 12:29 - 2012-06-07 14:32 - 00965222 ____A C:\Windows\ntbtlog.txt
2012-06-06 07:01 - 2012-06-06 06:58 - 00119126 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_10.58.46_log.txt
2012-06-06 06:58 - 2012-06-06 06:57 - 00000348 ____A C:\TDSSKiller.2.6.25.0_06.06.2012_10.57.57_log.txt
2012-06-06 06:51 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\Performance
2012-06-05 18:58 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2012-06-05 18:18 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors
2012-06-05 16:51 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Globalization
2012-06-05 13:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Branding
2012-06-05 13:13 - 2011-02-08 21:26 - 00000000 __SHD C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}
2012-06-05 10:26 - 2012-06-05 10:25 - 00119126 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_14.25.27_log.txt
2012-06-05 10:24 - 2012-06-05 10:23 - 00000348 ____A C:\TDSSKiller.2.6.25.0_05.06.2012_14.23.33_log.txt
2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-05 09:57 - 2012-06-05 09:57 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-05 09:57 - 2011-12-20 10:32 - 07245976 ____A (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro35.exe
2012-06-05 09:54 - 2012-06-05 09:54 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-06-05 09:54 - 2012-06-05 09:54 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-06-05 09:47 - 2010-01-22 04:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-05 09:36 - 2012-06-05 09:36 - 02804712 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE(1).exe
2012-06-05 09:06 - 2010-03-23 09:55 - 00000000 ____D C:\Users\Owner\.gimp-2.6
2012-06-02 06:09 - 2008-12-31 09:49 - 00052736 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 16:30 - 2011-12-22 20:01 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2012-06-01 09:25 - 2011-02-09 05:07 - 00007680 ____A C:\Users\Owner\Desktop\mortgage.xls
2012-06-01 07:02 - 2012-06-01 07:02 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-01 06:41 - 2008-04-29 23:25 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-01 06:36 - 2012-04-03 09:43 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-01 06:36 - 2011-12-13 04:26 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-01 03:27 - 2008-04-30 01:36 - 00000348 ____A C:\Windows\Tasks\McQcTask.job
2012-05-31 19:07 - 2010-03-23 10:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\gtk-2.0
2012-05-25 19:09 - 2012-05-25 19:08 - 00145544 ____A C:\Windows\Minidump\Mini052512-01.dmp
2012-05-25 19:08 - 2011-04-21 05:16 - 170400765 ____A C:\Windows\MEMORY.DMP
2012-05-25 19:08 - 2009-07-21 21:01 - 00000000 ____D C:\Windows\Minidump
2012-05-25 10:55 - 2012-05-25 10:55 - 00000000 ____D C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang
2012-05-25 10:54 - 2012-05-25 10:54 - 20481575 ____A C:\Users\Owner\Desktop\web-design-marketing-for-small-business-4kq4l1jn3ang.zip
2012-05-24 19:22 - 2012-02-01 07:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Workspace
2012-05-24 05:19 - 2012-05-24 05:19 - 00173214 ____A C:\Users\Owner\Documents\hatching info charts.pdf
2012-05-23 16:59 - 2011-06-21 09:20 - 00010752 ____A C:\Users\Owner\Desktop\Birthdays.xls
2012-05-22 08:55 - 2012-05-22 08:53 - 00000000 ____D C:\Users\All Users\Knowledge Adventure
2012-05-22 08:53 - 2012-05-22 08:53 - 00001880 ____A C:\Users\Public\Desktop\JumpStart Advanced Preschool.lnk
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\JumpStart
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\SWF Studio
2012-05-22 08:53 - 2012-05-22 08:53 - 00000000 ____D C:\Program Files\Common Files\Knowledge Adventure
2012-05-18 03:54 - 2012-02-01 07:58 - 00000150 ____A C:\Users\Owner\Documents\offSyncService.log
2012-05-18 03:54 - 2012-02-01 07:58 - 00000000 ____D C:\Program Files\Workspace
2012-05-18 03:54 - 2012-02-01 07:58 - 00000000 ____D C:\Program Files\Starfield
2012-05-16 10:43 - 2008-12-21 06:02 - 00000000 ____D C:\Program Files\Google
2012-05-16 10:26 - 2012-05-16 10:25 - 00013399 ____A C:\Users\Owner\Documents\Lollipops and Rainbows.docx
2012-05-16 10:08 - 2011-09-03 07:37 - 00002733 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2012-05-14 21:00 - 2008-04-30 01:36 - 00000356 ____A C:\Windows\Tasks\McDefragTask.job
2012-05-12 00:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-11 23:47 - 2006-11-02 04:47 - 00413616 ____N C:\Windows\System32\FNTCACHE.DAT
2012-05-11 23:45 - 2011-04-18 09:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-11 23:43 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 23:19 - 2006-11-02 02:24 - 55656824 ____N (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-11 23:01 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-10 10:48 - 2012-05-10 07:21 - 00011495 ____A C:\Users\Owner\Documents\rent notice may.docx
2012-05-08 06:02 - 2010-05-24 04:04 - 00000000 ____D C:\Users\Owner\Documents\New House
2012-05-07 09:10 - 2011-07-18 05:18 - 00000000 ____D C:\Users\Owner\.bluefish
2012-05-01 03:31 - 2011-12-31 05:37 - 00000870 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-28 04:05 - 2012-04-28 04:05 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-28 04:05 - 2012-04-28 04:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-04-27 16:44 - 2012-04-27 16:44 - 00033755 ____A C:\Users\Owner\Documents\hatching calender.png
2012-04-27 16:43 - 2012-04-27 16:43 - 00141111 ____A C:\Users\Owner\Documents\hatching calendar back.png
2012-04-27 16:42 - 2012-04-27 16:42 - 00341452 ____A C:\Users\Owner\Documents\hatching calendar back.xcf
2012-04-27 13:22 - 2012-04-27 13:22 - 00144851 ____A C:\Users\Owner\Documents\hatching calender.xcf
2012-04-27 07:45 - 2012-04-27 07:45 - 00011410 ____A C:\Users\Owner\Documents\incubator plan.ods
2012-04-22 16:23 - 2012-04-19 06:15 - 00006885 ____A C:\Users\Owner\Desktop\chickens and vworker template.txt
2012-04-09 08:28 - 2012-04-09 08:28 - 00123693 ____A C:\Users\Owner\Downloads\20120404154416.pdf
2012-04-05 12:49 - 2012-04-05 12:49 - 00011240 ____A C:\Users\Owner\Documents\PO Box 249.docx
2012-04-05 05:26 - 2011-03-05 10:39 - 00000000 ___SD C:\Users\Owner\Documents\My Web Sites
2012-04-04 16:13 - 2011-06-08 12:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileZilla
2012-04-04 11:56 - 2011-04-18 09:33 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:16 - 2012-05-11 22:14 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-11 22:14 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:36 - 2012-05-11 22:14 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-31 14:53 - 2012-03-31 14:53 - 00000000 ____D C:\Users\Owner\Documents\riley
2012-03-31 14:52 - 2012-03-29 06:18 - 00000000 ____D C:\Users\Owner\Documents\99 designs
2012-03-30 04:39 - 2012-05-11 22:15 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 09:11 - 2012-03-29 09:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\inkscape
2012-03-29 09:11 - 2012-03-29 08:55 - 00000000 ____D C:\Program Files\Inkscape
2012-03-29 09:09 - 2012-03-29 09:09 - 00000768 ____A C:\Users\Public\Desktop\Inkscape.lnk
2012-03-23 05:59 - 2011-04-22 10:59 - 00001867 ____A C:\InstallHelper.log
2012-03-23 05:54 - 2012-03-23 05:54 - 00001874 ____A C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2012-03-23 05:54 - 2011-04-22 10:57 - 00000000 ____D C:\Users\All Users\eBay
2012-03-22 05:51 - 2009-09-23 06:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM
2012-03-22 05:51 - 2009-09-23 06:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2012-03-20 15:28 - 2012-05-11 22:15 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-18 07:03 - 2012-03-18 07:03 - 02482604 ____A C:\Users\Owner\Documents\zombie2target.xcf
2012-03-18 07:02 - 2012-03-18 07:02 - 02179002 ____A C:\Users\Owner\Documents\zombietarget.xcf
2012-03-16 04:31 - 2011-08-07 11:00 - 00009216 ____A C:\Users\Owner\Desktop\Gale invoice.xls
2012-03-15 07:01 - 2009-03-31 04:55 - 00000000 ____D C:\Users\Owner\Documents\other stuff
2012-03-12 07:34 - 2009-02-26 17:55 - 00000000 ____D C:\Users\Owner\Documents\LOGAN
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\@
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\00000001.@
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\80000000.@
C:\Windows\Installer\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U\800000cb.@
C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}
C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\@
C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\L
C:\Users\Owner\AppData\Local\{cced714b-348e-29ba-f6a1-1cacf2a4ea0f}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-08-20 11:54] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 22%
Total physical RAM: 1976.12 MB
Available physical RAM: 1540.35 MB
Total Pagefile: 1734.46 MB
Available Pagefile: 1603.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.32 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:9.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:69.55 GB) NTFS
4 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.62 GB) FAT32
6 Drive h: () (Removable) (Total:3.73 GB) (Free:2.9 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 70 GB 79 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F PQSERVICE FAT32 Partition 10 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 70 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 70 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB
======================================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FAT32 Removable 3820 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-08 04:34
======================= End Of Log ==========================
-
Malwarebytes keeps detecting three infections: Trojan.Small, Trojan.Sirefef and Rootkit.0Access but after I click remove, restart the computer, and scan again, they keep coming back. I'm at a loss. Norton Power eraser says services.exe in infected and I have to reinstall WIndows. God I hope not..... DDS, Attach and Malwarebytes log attached
and it popped up with a registery change warning which I allowed. Thanks for all your help thus far!
Malware problem or Software problem?
in Resolved Malware Removal Logs
Posted
It is running ok, malwarebytes scan come up clean.