Confuzzed
-
Posts
49 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Confuzzed
-
-
Per your request:
08:47:13.0342 6816 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
08:47:13.0939 6816 ============================================================
08:47:13.0940 6816 Current date / time: 2012/05/24 08:47:13.0939
08:47:13.0940 6816 SystemInfo:
08:47:13.0940 6816
08:47:13.0940 6816 OS Version: 6.1.7601 ServicePack: 1.0
08:47:13.0940 6816 Product type: Workstation
08:47:13.0940 6816 ComputerName: VEGAS
08:47:13.0940 6816 UserName: SL
08:47:13.0940 6816 Windows directory: C:\Windows
08:47:13.0940 6816 System windows directory: C:\Windows
08:47:13.0940 6816 Running under WOW64
08:47:13.0940 6816 Processor architecture: Intel x64
08:47:13.0940 6816 Number of processors: 6
08:47:13.0941 6816 Page size: 0x1000
08:47:13.0941 6816 Boot type: Normal boot
08:47:13.0941 6816 ============================================================
08:47:14.0164 6816 Drive \Device\Harddisk3\DR3 - Size: 0x19254C0000 (100.58 Gb), SectorSize: 0x200, Cylinders: 0x334A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:47:14.0173 6816 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
08:47:14.0186 6816 Drive \Device\Harddisk1\DR1 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
08:47:14.0203 6816 Drive \Device\Harddisk2\DR2 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
08:47:14.0462 6816 ============================================================
08:47:14.0462 6816 \Device\Harddisk3\DR3:
08:47:14.0462 6816 MBR partitions:
08:47:14.0462 6816 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:47:14.0462 6816 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC8F7000
08:47:14.0462 6816 \Device\Harddisk0\DR0:
08:47:14.0465 6816 MBR partitions:
08:47:14.0465 6816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
08:47:14.0465 6816 \Device\Harddisk1\DR1:
08:47:14.0465 6816 MBR partitions:
08:47:14.0465 6816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF82000
08:47:14.0465 6816 \Device\Harddisk2\DR2:
08:47:14.0465 6816 MBR partitions:
08:47:14.0465 6816 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF83000
08:47:14.0465 6816 ============================================================
08:47:14.0466 6816 C: <-> \Device\Harddisk3\DR3\Partition1
08:47:14.0503 6816 S: <-> \Device\Harddisk2\DR2\Partition0
08:47:14.0513 6816 D: <-> \Device\Harddisk0\DR0\Partition0
08:47:14.0527 6816 E: <-> \Device\Harddisk1\DR1\Partition0
08:47:14.0527 6816 ============================================================
08:47:14.0527 6816 Initialize success
08:47:14.0527 6816 ============================================================
08:47:20.0407 8104 ============================================================
08:47:20.0407 8104 Scan started
08:47:20.0407 8104 Mode: Manual;
08:47:20.0407 8104 ============================================================
08:47:20.0547 8104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:47:20.0552 8104 1394ohci - ok
08:47:20.0562 8104 AceecaUSBDx64 (5677f1633ea1fa5db3482080a506ea24) C:\Windows\system32\DRIVERS\AceecaUSBDx64.sys
08:47:20.0585 8104 AceecaUSBDx64 - ok
08:47:20.0600 8104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:47:20.0604 8104 ACPI - ok
08:47:20.0607 8104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:47:20.0608 8104 AcpiPmi - ok
08:47:20.0620 8104 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
08:47:20.0622 8104 AdobeActiveFileMonitor7.0 - ok
08:47:20.0652 8104 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:47:20.0655 8104 AdobeFlashPlayerUpdateSvc - ok
08:47:20.0677 8104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:47:20.0683 8104 adp94xx - ok
08:47:20.0698 8104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:47:20.0702 8104 adpahci - ok
08:47:20.0712 8104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:47:20.0715 8104 adpu320 - ok
08:47:20.0722 8104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:47:20.0724 8104 AeLookupSvc - ok
08:47:20.0745 8104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:47:20.0751 8104 AFD - ok
08:47:20.0756 8104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:47:20.0757 8104 agp440 - ok
08:47:20.0769 8104 ahcix64s (367bb1682a128ddf23182b370769771e) C:\Windows\system32\DRIVERS\ahcix64s.sys
08:47:20.0770 8104 ahcix64s - ok
08:47:20.0776 8104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:47:20.0777 8104 ALG - ok
08:47:20.0780 8104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:47:20.0781 8104 aliide - ok
08:47:20.0791 8104 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
08:47:20.0793 8104 AMD External Events Utility - ok
08:47:20.0796 8104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:47:20.0797 8104 amdide - ok
08:47:20.0802 8104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:47:20.0803 8104 AmdK8 - ok
08:47:21.0322 8104 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:21.0453 8104 amdkmdag - ok
08:47:21.0491 8104 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
08:47:21.0493 8104 amdkmdap - ok
08:47:21.0498 8104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:47:21.0498 8104 AmdPPM - ok
08:47:21.0504 8104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:47:21.0505 8104 amdsata - ok
08:47:21.0514 8104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:47:21.0517 8104 amdsbs - ok
08:47:21.0520 8104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:47:21.0521 8104 amdxata - ok
08:47:21.0525 8104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:47:21.0526 8104 AppID - ok
08:47:21.0530 8104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:47:21.0531 8104 AppIDSvc - ok
08:47:21.0535 8104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:47:21.0536 8104 Appinfo - ok
08:47:21.0543 8104 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:47:21.0545 8104 Apple Mobile Device - ok
08:47:21.0555 8104 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:47:21.0558 8104 AppMgmt - ok
08:47:21.0563 8104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:47:21.0564 8104 arc - ok
08:47:21.0570 8104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:47:21.0571 8104 arcsas - ok
08:47:21.0583 8104 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:47:21.0586 8104 aspnet_state - ok
08:47:21.0589 8104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:21.0590 8104 AsyncMac - ok
08:47:21.0593 8104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:47:21.0594 8104 atapi - ok
08:47:21.0599 8104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:47:21.0600 8104 AtiPcie - ok
08:47:21.0627 8104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:47:21.0634 8104 AudioEndpointBuilder - ok
08:47:21.0639 8104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:47:21.0642 8104 AudioSrv - ok
08:47:21.0650 8104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:47:21.0651 8104 AxInstSV - ok
08:47:21.0668 8104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:47:21.0671 8104 b06bdrv - ok
08:47:21.0682 8104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:47:21.0684 8104 b57nd60a - ok
08:47:21.0691 8104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:47:21.0692 8104 BDESVC - ok
08:47:21.0695 8104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:47:21.0695 8104 Beep - ok
08:47:21.0723 8104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:47:21.0730 8104 BFE - ok
08:47:21.0763 8104 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:47:21.0773 8104 BITS - ok
08:47:21.0780 8104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:47:21.0781 8104 blbdrive - ok
08:47:21.0801 8104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:47:21.0806 8104 Bonjour Service - ok
08:47:21.0812 8104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:47:21.0814 8104 bowser - ok
08:47:21.0816 8104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:47:21.0817 8104 BrFiltLo - ok
08:47:21.0820 8104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:47:21.0820 8104 BrFiltUp - ok
08:47:21.0828 8104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:47:21.0830 8104 Browser - ok
08:47:21.0839 8104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:47:21.0842 8104 Brserid - ok
08:47:21.0846 8104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:21.0847 8104 BrSerWdm - ok
08:47:21.0850 8104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:21.0850 8104 BrUsbMdm - ok
08:47:21.0853 8104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:47:21.0854 8104 BrUsbSer - ok
08:47:21.0859 8104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:47:21.0860 8104 BTHMODEM - ok
08:47:21.0866 8104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:47:21.0867 8104 bthserv - ok
08:47:21.0873 8104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:47:21.0875 8104 cdfs - ok
08:47:21.0882 8104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:47:21.0884 8104 cdrom - ok
08:47:21.0890 8104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:47:21.0891 8104 CertPropSvc - ok
08:47:21.0895 8104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:47:21.0896 8104 circlass - ok
08:47:21.0912 8104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:47:21.0916 8104 CLFS - ok
08:47:21.0923 8104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:47:21.0925 8104 clr_optimization_v2.0.50727_32 - ok
08:47:21.0932 8104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:47:21.0933 8104 clr_optimization_v2.0.50727_64 - ok
08:47:21.0944 8104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:47:21.0953 8104 clr_optimization_v4.0.30319_32 - ok
08:47:21.0963 8104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:47:21.0969 8104 clr_optimization_v4.0.30319_64 - ok
08:47:21.0972 8104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:47:21.0973 8104 CmBatt - ok
08:47:21.0976 8104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:47:21.0976 8104 cmdide - ok
08:47:21.0993 8104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:47:21.0997 8104 CNG - ok
08:47:22.0000 8104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:47:22.0001 8104 Compbatt - ok
08:47:22.0005 8104 CompFilter64 (403433d758c2d8908937265c1fb34f34) C:\Windows\system32\DRIVERS\lvbflt64.sys
08:47:22.0005 8104 CompFilter64 - ok
08:47:22.0009 8104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:47:22.0009 8104 CompositeBus - ok
08:47:22.0011 8104 COMSysApp - ok
08:47:22.0015 8104 cpuz134 - ok
08:47:22.0019 8104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:47:22.0020 8104 crcdisk - ok
08:47:22.0030 8104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:47:22.0033 8104 CryptSvc - ok
08:47:22.0054 8104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:47:22.0060 8104 CSC - ok
08:47:22.0086 8104 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:47:22.0093 8104 CscService - ok
08:47:22.0117 8104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:47:22.0124 8104 DcomLaunch - ok
08:47:22.0137 8104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:47:22.0140 8104 defragsvc - ok
08:47:22.0148 8104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:47:22.0150 8104 DfsC - ok
08:47:22.0164 8104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:47:22.0168 8104 Dhcp - ok
08:47:22.0171 8104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:47:22.0172 8104 discache - ok
08:47:22.0176 8104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:47:22.0178 8104 Disk - ok
08:47:22.0186 8104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:47:22.0188 8104 Dnscache - ok
08:47:22.0199 8104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:47:22.0202 8104 dot3svc - ok
08:47:22.0209 8104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:47:22.0211 8104 DPS - ok
08:47:22.0213 8104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:47:22.0214 8104 drmkaud - ok
08:47:22.0253 8104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:47:22.0258 8104 DXGKrnl - ok
08:47:22.0264 8104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:47:22.0266 8104 EapHost - ok
08:47:22.0382 8104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:47:22.0409 8104 ebdrv - ok
08:47:22.0435 8104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:47:22.0437 8104 EFS - ok
08:47:22.0459 8104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:47:22.0465 8104 ehRecvr - ok
08:47:22.0472 8104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:47:22.0474 8104 ehSched - ok
08:47:22.0498 8104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:47:22.0504 8104 elxstor - ok
08:47:22.0506 8104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:47:22.0507 8104 ErrDev - ok
08:47:22.0527 8104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:47:22.0532 8104 EventSystem - ok
08:47:22.0541 8104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:47:22.0543 8104 exfat - ok
08:47:22.0553 8104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:47:22.0555 8104 fastfat - ok
08:47:22.0579 8104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:47:22.0586 8104 Fax - ok
08:47:22.0589 8104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:47:22.0591 8104 fdc - ok
08:47:22.0593 8104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:47:22.0594 8104 fdPHost - ok
08:47:22.0598 8104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:47:22.0599 8104 FDResPub - ok
08:47:22.0603 8104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:47:22.0604 8104 FileInfo - ok
08:47:22.0607 8104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:47:22.0608 8104 Filetrace - ok
08:47:22.0634 8104 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:47:22.0701 8104 FLEXnet Licensing Service - ok
08:47:22.0704 8104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:47:22.0705 8104 flpydisk - ok
08:47:22.0718 8104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:47:22.0721 8104 FltMgr - ok
08:47:22.0761 8104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:47:22.0772 8104 FontCache - ok
08:47:22.0777 8104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:47:22.0778 8104 FontCache3.0.0.0 - ok
08:47:22.0784 8104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:47:22.0785 8104 FsDepends - ok
08:47:22.0788 8104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:47:22.0788 8104 Fs_Rec - ok
08:47:22.0799 8104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:47:22.0802 8104 fvevol - ok
08:47:22.0806 8104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:47:22.0807 8104 gagp30kx - ok
08:47:22.0809 8104 gdrv - ok
08:47:22.0814 8104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:47:22.0815 8104 GEARAspiWDM - ok
08:47:22.0844 8104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:47:22.0852 8104 gpsvc - ok
08:47:22.0861 8104 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:47:22.0863 8104 gupdate - ok
08:47:22.0865 8104 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:47:22.0866 8104 gupdatem - ok
08:47:22.0870 8104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:47:22.0871 8104 hcw85cir - ok
08:47:22.0884 8104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:47:22.0887 8104 HdAudAddService - ok
08:47:22.0894 8104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:47:22.0896 8104 HDAudBus - ok
08:47:22.0899 8104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:47:22.0900 8104 HidBatt - ok
08:47:22.0905 8104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:47:22.0906 8104 HidBth - ok
08:47:22.0909 8104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:47:22.0910 8104 HidIr - ok
08:47:22.0914 8104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:47:22.0915 8104 hidserv - ok
08:47:22.0919 8104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:47:22.0919 8104 HidUsb - ok
08:47:22.0924 8104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:47:22.0926 8104 hkmsvc - ok
08:47:22.0936 8104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:47:22.0940 8104 HomeGroupListener - ok
08:47:22.0949 8104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:47:22.0951 8104 HomeGroupProvider - ok
08:47:22.0956 8104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:47:22.0957 8104 HpSAMD - ok
08:47:22.0987 8104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:47:22.0994 8104 HTTP - ok
08:47:22.0997 8104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:47:22.0997 8104 hwpolicy - ok
08:47:23.0003 8104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:47:23.0005 8104 i8042prt - ok
08:47:23.0022 8104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:47:23.0028 8104 iaStorV - ok
08:47:23.0036 8104 IDMWFP (2a63036283b36b3b68cdc6f85a7d53ed) C:\Windows\system32\DRIVERS\idmwfp.sys
08:47:23.0037 8104 IDMWFP - ok
08:47:23.0043 8104 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:47:23.0045 8104 IDriverT - ok
08:47:23.0076 8104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:47:23.0085 8104 idsvc - ok
08:47:23.0089 8104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:47:23.0090 8104 iirsp - ok
08:47:23.0120 8104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:47:23.0129 8104 IKEEXT - ok
08:47:23.0229 8104 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
08:47:23.0247 8104 IntcAzAudAddService - ok
08:47:23.0275 8104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:47:23.0276 8104 intelide - ok
08:47:23.0280 8104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:47:23.0281 8104 intelppm - ok
08:47:23.0287 8104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:47:23.0289 8104 IPBusEnum - ok
08:47:23.0294 8104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:23.0295 8104 IpFilterDriver - ok
08:47:23.0318 8104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:47:23.0325 8104 iphlpsvc - ok
08:47:23.0329 8104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:47:23.0331 8104 IPMIDRV - ok
08:47:23.0336 8104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:47:23.0338 8104 IPNAT - ok
08:47:23.0372 8104 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
08:47:23.0382 8104 iPod Service - ok
08:47:23.0386 8104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:47:23.0386 8104 IRENUM - ok
08:47:23.0390 8104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:47:23.0391 8104 isapnp - ok
08:47:23.0401 8104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:47:23.0403 8104 iScsiPrt - ok
08:47:23.0425 8104 JMB36X (f3a41ec4c6506e76e07a219b3a1df8d2) C:\Windows\SysWOW64\XSrvSetup.exe
08:47:23.0459 8104 JMB36X - ok
08:47:23.0466 8104 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
08:47:23.0467 8104 JRAID - ok
08:47:23.0471 8104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:23.0471 8104 kbdclass - ok
08:47:23.0475 8104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:23.0476 8104 kbdhid - ok
08:47:23.0479 8104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:47:23.0480 8104 KeyIso - ok
08:47:23.0486 8104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:47:23.0487 8104 KSecDD - ok
08:47:23.0494 8104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:47:23.0496 8104 KSecPkg - ok
08:47:23.0500 8104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:47:23.0500 8104 ksthunk - ok
08:47:23.0512 8104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:47:23.0516 8104 KtmRm - ok
08:47:23.0527 8104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:47:23.0531 8104 LanmanServer - ok
08:47:23.0537 8104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:47:23.0539 8104 LanmanWorkstation - ok
08:47:23.0806 8104 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
08:47:23.0882 8104 LeapFrog Connect Device Service - ok
08:47:23.0913 8104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:47:23.0915 8104 lltdio - ok
08:47:23.0926 8104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:47:23.0929 8104 lltdsvc - ok
08:47:23.0932 8104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:47:23.0933 8104 lmhosts - ok
08:47:23.0941 8104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:47:23.0943 8104 LSI_FC - ok
08:47:23.0949 8104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:47:23.0950 8104 LSI_SAS - ok
08:47:23.0954 8104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:47:23.0955 8104 LSI_SAS2 - ok
08:47:23.0962 8104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:47:23.0964 8104 LSI_SCSI - ok
08:47:23.0970 8104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:47:23.0971 8104 luafv - ok
08:47:23.0975 8104 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:47:23.0976 8104 LVPr2M64 - ok
08:47:23.0978 8104 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:47:23.0978 8104 LVPr2Mon - ok
08:47:23.0993 8104 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
08:47:23.0995 8104 LVRS64 - ok
08:47:24.0175 8104 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
08:47:24.0196 8104 LVUVC64 - ok
08:47:24.0224 8104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:47:24.0226 8104 Mcx2Svc - ok
08:47:24.0231 8104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:47:24.0232 8104 megasas - ok
08:47:24.0244 8104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:47:24.0247 8104 MegaSR - ok
08:47:24.0255 8104 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:47:24.0256 8104 Microsoft Office Groove Audit Service - ok
08:47:24.0261 8104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:47:24.0262 8104 MMCSS - ok
08:47:24.0266 8104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:47:24.0266 8104 Modem - ok
08:47:24.0270 8104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:47:24.0270 8104 monitor - ok
08:47:24.0274 8104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:47:24.0275 8104 mouclass - ok
08:47:24.0278 8104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:47:24.0279 8104 mouhid - ok
08:47:24.0285 8104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:47:24.0286 8104 mountmgr - ok
08:47:24.0295 8104 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:47:24.0296 8104 MpFilter - ok
08:47:24.0304 8104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:47:24.0305 8104 mpio - ok
08:47:24.0310 8104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:47:24.0311 8104 mpsdrv - ok
08:47:24.0343 8104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:47:24.0351 8104 MpsSvc - ok
08:47:24.0359 8104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:47:24.0361 8104 MRxDAV - ok
08:47:24.0370 8104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:24.0372 8104 mrxsmb - ok
08:47:24.0384 8104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:24.0387 8104 mrxsmb10 - ok
08:47:24.0393 8104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:24.0395 8104 mrxsmb20 - ok
08:47:24.0398 8104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:47:24.0399 8104 msahci - ok
08:47:24.0406 8104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:47:24.0408 8104 msdsm - ok
08:47:24.0415 8104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:47:24.0417 8104 MSDTC - ok
08:47:24.0423 8104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:47:24.0424 8104 Msfs - ok
08:47:24.0426 8104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:47:24.0427 8104 mshidkmdf - ok
08:47:24.0430 8104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:47:24.0430 8104 msisadrv - ok
08:47:24.0440 8104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:47:24.0442 8104 MSiSCSI - ok
08:47:24.0445 8104 msiserver - ok
08:47:24.0448 8104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:47:24.0449 8104 MSKSSRV - ok
08:47:24.0453 8104 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:47:24.0454 8104 MsMpSvc - ok
08:47:24.0457 8104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:24.0457 8104 MSPCLOCK - ok
08:47:24.0460 8104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:47:24.0461 8104 MSPQM - ok
08:47:24.0478 8104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:47:24.0483 8104 MsRPC - ok
08:47:24.0488 8104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:47:24.0489 8104 mssmbios - ok
08:47:24.0491 8104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:47:24.0492 8104 MSTEE - ok
08:47:24.0495 8104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:47:24.0496 8104 MTConfig - ok
08:47:24.0501 8104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:47:24.0501 8104 Mup - ok
08:47:24.0521 8104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:47:24.0527 8104 napagent - ok
08:47:24.0539 8104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:47:24.0542 8104 NativeWifiP - ok
08:47:24.0581 8104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:47:24.0591 8104 NDIS - ok
08:47:24.0595 8104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:24.0596 8104 NdisCap - ok
08:47:24.0599 8104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:24.0600 8104 NdisTapi - ok
08:47:24.0604 8104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:24.0605 8104 Ndisuio - ok
08:47:24.0613 8104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:24.0616 8104 NdisWan - ok
08:47:24.0620 8104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:47:24.0621 8104 NDProxy - ok
08:47:24.0625 8104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:47:24.0626 8104 NetBIOS - ok
08:47:24.0638 8104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:47:24.0641 8104 NetBT - ok
08:47:24.0644 8104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:47:24.0645 8104 Netlogon - ok
08:47:24.0661 8104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:47:24.0666 8104 Netman - ok
08:47:24.0678 8104 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:47:24.0682 8104 NetMsmqActivator - ok
08:47:24.0685 8104 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:47:24.0685 8104 NetPipeActivator - ok
08:47:24.0705 8104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:47:24.0710 8104 netprofm - ok
08:47:24.0713 8104 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:47:24.0714 8104 NetTcpActivator - ok
08:47:24.0716 8104 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:47:24.0717 8104 NetTcpPortSharing - ok
08:47:24.0725 8104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:47:24.0726 8104 nfrd960 - ok
08:47:24.0732 8104 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:47:24.0733 8104 NisDrv - ok
08:47:24.0745 8104 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
08:47:24.0747 8104 NisSrv - ok
08:47:24.0760 8104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:47:24.0765 8104 NlaSvc - ok
08:47:24.0769 8104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:47:24.0770 8104 Npfs - ok
08:47:24.0774 8104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:47:24.0775 8104 nsi - ok
08:47:24.0779 8104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:47:24.0779 8104 nsiproxy - ok
08:47:24.0861 8104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:47:24.0883 8104 Ntfs - ok
08:47:24.0911 8104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:47:24.0912 8104 Null - ok
08:47:24.0918 8104 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:47:24.0919 8104 nusb3hub - ok
08:47:24.0929 8104 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:47:24.0931 8104 nusb3xhc - ok
08:47:24.0940 8104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:47:24.0942 8104 nvraid - ok
08:47:24.0951 8104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:47:24.0954 8104 nvstor - ok
08:47:24.0961 8104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:47:24.0963 8104 nv_agp - ok
08:47:24.0984 8104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:47:24.0990 8104 odserv - ok
08:47:24.0995 8104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:47:24.0997 8104 ohci1394 - ok
08:47:25.0004 8104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:47:25.0005 8104 ose - ok
08:47:25.0023 8104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:47:25.0028 8104 p2pimsvc - ok
08:47:25.0046 8104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:47:25.0051 8104 p2psvc - ok
08:47:25.0058 8104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:47:25.0059 8104 Parport - ok
08:47:25.0064 8104 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:47:25.0065 8104 partmgr - ok
08:47:25.0076 8104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:47:25.0079 8104 PcaSvc - ok
08:47:25.0090 8104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:47:25.0093 8104 pci - ok
08:47:25.0096 8104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:47:25.0097 8104 pciide - ok
08:47:25.0107 8104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:47:25.0109 8104 pcmcia - ok
08:47:25.0114 8104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:47:25.0115 8104 pcw - ok
08:47:25.0144 8104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:47:25.0153 8104 PEAUTH - ok
08:47:25.0207 8104 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:47:25.0225 8104 PeerDistSvc - ok
08:47:25.0248 8104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:47:25.0250 8104 PerfHost - ok
08:47:25.0326 8104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:47:25.0340 8104 pla - ok
08:47:25.0358 8104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:47:25.0364 8104 PlugPlay - ok
08:47:25.0367 8104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:47:25.0369 8104 PNRPAutoReg - ok
08:47:25.0382 8104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:47:25.0384 8104 PNRPsvc - ok
08:47:25.0406 8104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:47:25.0412 8104 PolicyAgent - ok
08:47:25.0422 8104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:47:25.0425 8104 Power - ok
08:47:25.0435 8104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:47:25.0436 8104 PptpMiniport - ok
08:47:25.0441 8104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:47:25.0442 8104 Processor - ok
08:47:25.0452 8104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:47:25.0455 8104 ProfSvc - ok
08:47:25.0458 8104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:47:25.0459 8104 ProtectedStorage - ok
08:47:25.0467 8104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:47:25.0468 8104 Psched - ok
08:47:25.0473 8104 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
08:47:25.0474 8104 PxHlpa64 - ok
08:47:25.0545 8104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:47:25.0569 8104 ql2300 - ok
08:47:25.0607 8104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:47:25.0610 8104 ql40xx - ok
08:47:25.0622 8104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:47:25.0626 8104 QWAVE - ok
08:47:25.0630 8104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:47:25.0631 8104 QWAVEdrv - ok
08:47:25.0634 8104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:47:25.0635 8104 RasAcd - ok
08:47:25.0641 8104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:47:25.0642 8104 RasAgileVpn - ok
08:47:25.0648 8104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:47:25.0650 8104 RasAuto - ok
08:47:25.0659 8104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:47:25.0661 8104 Rasl2tp - ok
08:47:25.0676 8104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:47:25.0681 8104 RasMan - ok
08:47:25.0688 8104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:47:25.0690 8104 RasPppoe - ok
08:47:25.0696 8104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:47:25.0697 8104 RasSstp - ok
08:47:25.0713 8104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:47:25.0718 8104 rdbss - ok
08:47:25.0722 8104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:47:25.0723 8104 rdpbus - ok
08:47:25.0726 8104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:47:25.0726 8104 RDPCDD - ok
08:47:25.0733 8104 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\Windows\system32\DRIVERS\rdpdispm.sys
08:47:25.0734 8104 RDPDISPM - ok
08:47:25.0744 8104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:47:25.0746 8104 RDPDR - ok
08:47:25.0750 8104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:47:25.0750 8104 RDPENCDD - ok
08:47:25.0756 8104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:47:25.0756 8104 RDPREFMP - ok
08:47:25.0767 8104 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:47:25.0769 8104 RDPWD - ok
08:47:25.0779 8104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:47:25.0782 8104 rdyboost - ok
08:47:25.0787 8104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:47:25.0789 8104 RemoteAccess - ok
08:47:25.0796 8104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:47:25.0798 8104 RemoteRegistry - ok
08:47:25.0803 8104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:47:25.0805 8104 RpcEptMapper - ok
08:47:25.0808 8104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:47:25.0809 8104 RpcLocator - ok
08:47:25.0831 8104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:47:25.0834 8104 RpcSs - ok
08:47:25.0840 8104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:47:25.0841 8104 rspndr - ok
08:47:25.0851 8104 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
08:47:25.0853 8104 RSUSBSTOR - ok
08:47:25.0863 8104 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
08:47:25.0879 8104 RTHDMIAzAudService - ok
08:47:25.0894 8104 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:47:25.0896 8104 RTL8167 - ok
08:47:25.0899 8104 RtsUIR - ok
08:47:25.0903 8104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:47:25.0904 8104 s3cap - ok
08:47:25.0907 8104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:47:25.0908 8104 SamSs - ok
08:47:25.0914 8104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:47:25.0916 8104 sbp2port - ok
08:47:25.0924 8104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:47:25.0926 8104 SCardSvr - ok
08:47:25.0930 8104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:47:25.0931 8104 scfilter - ok
08:47:25.0968 8104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:47:25.0979 8104 Schedule - ok
08:47:25.0985 8104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:47:25.0985 8104 SCPolicySvc - ok
08:47:25.0993 8104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:47:25.0996 8104 SDRSVC - ok
08:47:26.0002 8104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:47:26.0003 8104 secdrv - ok
08:47:26.0006 8104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:47:26.0007 8104 seclogon - ok
08:47:26.0012 8104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:47:26.0015 8104 SENS - ok
08:47:26.0018 8104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:47:26.0020 8104 SensrSvc - ok
08:47:26.0023 8104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:47:26.0024 8104 Serenum - ok
08:47:26.0029 8104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:47:26.0030 8104 Serial - ok
08:47:26.0033 8104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:47:26.0034 8104 sermouse - ok
08:47:26.0046 8104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:47:26.0048 8104 SessionEnv - ok
08:47:26.0051 8104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:47:26.0052 8104 sffdisk - ok
08:47:26.0054 8104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:47:26.0055 8104 sffp_mmc - ok
08:47:26.0058 8104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:47:26.0059 8104 sffp_sd - ok
08:47:26.0062 8104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:47:26.0063 8104 sfloppy - ok
08:47:26.0078 8104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:47:26.0082 8104 SharedAccess - ok
08:47:26.0098 8104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:47:26.0103 8104 ShellHWDetection - ok
08:47:26.0107 8104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:47:26.0108 8104 SiSRaid2 - ok
08:47:26.0113 8104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:47:26.0114 8104 SiSRaid4 - ok
08:47:26.0119 8104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:47:26.0120 8104 Smb - ok
08:47:26.0126 8104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:47:26.0128 8104 SNMPTRAP - ok
08:47:26.0131 8104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:47:26.0132 8104 spldr - ok
08:47:26.0155 8104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:47:26.0163 8104 Spooler - ok
08:47:26.0334 8104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:47:26.0375 8104 sppsvc - ok
08:47:26.0403 8104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:47:26.0405 8104 sppuinotify - ok
08:47:26.0429 8104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:47:26.0435 8104 srv - ok
08:47:26.0453 8104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:47:26.0458 8104 srv2 - ok
08:47:26.0466 8104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:47:26.0468 8104 srvnet - ok
08:47:26.0478 8104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:47:26.0481 8104 SSDPSRV - ok
08:47:26.0485 8104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:47:26.0488 8104 SstpSvc - ok
08:47:26.0491 8104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:47:26.0491 8104 stexstor - ok
08:47:26.0516 8104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:47:26.0524 8104 stisvc - ok
08:47:26.0528 8104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:47:26.0529 8104 storflt - ok
08:47:26.0532 8104 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:47:26.0534 8104 StorSvc - ok
08:47:26.0537 8104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:47:26.0538 8104 storvsc - ok
08:47:26.0541 8104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:47:26.0541 8104 swenum - ok
08:47:26.0561 8104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:47:26.0567 8104 swprv - ok
08:47:26.0642 8104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:47:26.0664 8104 SysMain - ok
08:47:26.0693 8104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:47:26.0695 8104 TabletInputService - ok
08:47:26.0708 8104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:47:26.0713 8104 TapiSrv - ok
08:47:26.0718 8104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:47:26.0720 8104 TBS - ok
08:47:26.0797 8104 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:47:26.0817 8104 Tcpip - ok
08:47:26.0899 8104 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:47:26.0907 8104 TCPIP6 - ok
08:47:26.0937 8104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:47:26.0938 8104 tcpipreg - ok
08:47:26.0942 8104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:47:26.0943 8104 TDPIPE - ok
08:47:26.0947 8104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:47:26.0947 8104 TDTCP - ok
08:47:26.0954 8104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:47:26.0955 8104 tdx - ok
08:47:26.0960 8104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:47:26.0960 8104 TermDD - ok
08:47:26.0983 8104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:47:26.0989 8104 TermService - ok
08:47:26.0993 8104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:47:26.0995 8104 Themes - ok
08:47:26.0999 8104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:47:27.0000 8104 THREADORDER - ok
08:47:27.0008 8104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:47:27.0010 8104 TrkWks - ok
08:47:27.0018 8104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:47:27.0020 8104 TrustedInstaller - ok
08:47:27.0026 8104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:47:27.0026 8104 tssecsrv - ok
08:47:27.0032 8104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:47:27.0033 8104 TsUsbFlt - ok
08:47:27.0040 8104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:47:27.0042 8104 tunnel - ok
08:47:27.0046 8104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:47:27.0047 8104 uagp35 - ok
08:47:27.0060 8104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:47:27.0064 8104 udfs - ok
08:47:27.0070 8104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:47:27.0072 8104 UI0Detect - ok
08:47:27.0077 8104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:47:27.0078 8104 uliagpkx - ok
08:47:27.0082 8104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:47:27.0083 8104 umbus - ok
08:47:27.0086 8104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:47:27.0087 8104 UmPass - ok
08:47:27.0096 8104 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:47:27.0099 8104 UmRdpService - ok
08:47:27.0118 8104 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:47:27.0122 8104 UMVPFSrv - ok
08:47:27.0138 8104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:47:27.0144 8104 upnphost - ok
08:47:27.0149 8104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:47:27.0150 8104 USBAAPL64 - ok
08:47:27.0157 8104 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:47:27.0158 8104 usbaudio - ok
08:47:27.0164 8104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:47:27.0165 8104 usbccgp - ok
08:47:27.0167 8104 USBCCID - ok
08:47:27.0175 8104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:47:27.0176 8104 usbcir - ok
08:47:27.0180 8104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:47:27.0181 8104 usbehci - ok
08:47:27.0185 8104 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
08:47:27.0185 8104 usbfilter - ok
08:47:27.0197 8104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:47:27.0200 8104 usbhub - ok
08:47:27.0204 8104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:47:27.0204 8104 usbohci - ok
08:47:27.0208 8104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:47:27.0209 8104 usbprint - ok
08:47:27.0213 8104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:47:27.0214 8104 usbscan - ok
08:47:27.0219 8104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:47:27.0221 8104 USBSTOR - ok
08:47:27.0224 8104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:47:27.0225 8104 usbuhci - ok
08:47:27.0234 8104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:47:27.0236 8104 usbvideo - ok
08:47:27.0240 8104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:47:27.0242 8104 UxSms - ok
08:47:27.0245 8104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:47:27.0246 8104 VaultSvc - ok
08:47:27.0249 8104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:47:27.0250 8104 vdrvroot - ok
08:47:27.0271 8104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:47:27.0277 8104 vds - ok
08:47:27.0281 8104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:27.0282 8104 vga - ok
08:47:27.0285 8104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:47:27.0287 8104 VgaSave - ok
08:47:27.0295 8104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:47:27.0298 8104 vhdmp - ok
08:47:27.0301 8104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:47:27.0302 8104 viaide - ok
08:47:27.0311 8104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:47:27.0314 8104 vmbus - ok
08:47:27.0317 8104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:47:27.0318 8104 VMBusHID - ok
08:47:27.0322 8104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:47:27.0324 8104 volmgr - ok
08:47:27.0339 8104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:47:27.0343 8104 volmgrx - ok
08:47:27.0356 8104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:47:27.0360 8104 volsnap - ok
08:47:27.0368 8104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:47:27.0370 8104 vsmraid - ok
08:47:27.0441 8104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:47:27.0460 8104 VSS - ok
08:47:27.0487 8104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:47:27.0488 8104 vwifibus - ok
08:47:27.0503 8104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:47:27.0508 8104 W32Time - ok
08:47:27.0513 8104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:47:27.0514 8104 WacomPen - ok
08:47:27.0520 8104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:27.0521 8104 WANARP - ok
08:47:27.0524 8104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:27.0524 8104 Wanarpv6 - ok
08:47:27.0587 8104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:47:27.0606 8104 WatAdminSvc - ok
08:47:27.0673 8104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:47:27.0693 8104 wbengine - ok
08:47:27.0731 8104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:47:27.0736 8104 WbioSrvc - ok
08:47:27.0757 8104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:47:27.0764 8104 wcncsvc - ok
08:47:27.0770 8104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:47:27.0773 8104 WcsPlugInService - ok
08:47:27.0781 8104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:47:27.0782 8104 Wd - ok
08:47:27.0815 8104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:47:27.0824 8104 Wdf01000 - ok
08:47:27.0833 8104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:47:27.0836 8104 WdiServiceHost - ok
08:47:27.0838 8104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:47:27.0840 8104 WdiSystemHost - ok
08:47:27.0851 8104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:47:27.0855 8104 WebClient - ok
08:47:27.0865 8104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:47:27.0869 8104 Wecsvc - ok
08:47:27.0874 8104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:47:27.0876 8104 wercplsupport - ok
08:47:27.0881 8104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:47:27.0883 8104 WerSvc - ok
08:47:27.0888 8104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:47:27.0889 8104 WfpLwf - ok
08:47:27.0892 8104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:47:27.0893 8104 WIMMount - ok
08:47:27.0895 8104 WinDefend - ok
08:47:27.0902 8104 WinHttpAutoProxySvc - ok
08:47:27.0917 8104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:47:27.0920 8104 Winmgmt - ok
08:47:28.0001 8104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:47:28.0026 8104 WinRM - ok
08:47:28.0061 8104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:47:28.0063 8104 WinUsb - ok
08:47:28.0095 8104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:47:28.0104 8104 Wlansvc - ok
08:47:28.0111 8104 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:47:28.0112 8104 wlcrasvc - ok
08:47:28.0227 8104 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:47:28.0251 8104 wlidsvc - ok
08:47:28.0279 8104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:47:28.0279 8104 WmiAcpi - ok
08:47:28.0293 8104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:47:28.0296 8104 wmiApSrv - ok
08:47:28.0299 8104 WMPNetworkSvc - ok
08:47:28.0303 8104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:47:28.0305 8104 WPCSvc - ok
08:47:28.0312 8104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:47:28.0315 8104 WPDBusEnum - ok
08:47:28.0318 8104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:47:28.0319 8104 ws2ifsl - ok
08:47:28.0324 8104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:47:28.0326 8104 wscsvc - ok
08:47:28.0328 8104 WSearch - ok
08:47:28.0450 8104 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:47:28.0490 8104 wuauserv - ok
08:47:28.0525 8104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:47:28.0527 8104 WudfPf - ok
08:47:28.0537 8104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:28.0540 8104 WUDFRd - ok
08:47:28.0546 8104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:47:28.0549 8104 wudfsvc - ok
08:47:28.0561 8104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:47:28.0565 8104 WwanSvc - ok
08:47:28.0572 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
08:47:28.0696 8104 \Device\Harddisk3\DR3 - ok
08:47:28.0718 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:47:28.0723 8104 \Device\Harddisk0\DR0 - ok
08:47:28.0730 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:47:28.0734 8104 \Device\Harddisk1\DR1 - ok
08:47:28.0739 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
08:47:28.0742 8104 \Device\Harddisk2\DR2 - ok
08:47:28.0745 8104 Boot (0x1200) (37c7f0971007cbf136ac52a0d211d083) \Device\Harddisk3\DR3\Partition0
08:47:28.0747 8104 \Device\Harddisk3\DR3\Partition0 - ok
08:47:28.0751 8104 Boot (0x1200) (6c1fc5eef85479b74d28f28b1ec1b4f1) \Device\Harddisk3\DR3\Partition1
08:47:28.0753 8104 \Device\Harddisk3\DR3\Partition1 - ok
08:47:28.0757 8104 Boot (0x1200) (1c81ba0a65f91a2e9319a42a45714861) \Device\Harddisk0\DR0\Partition0
08:47:28.0759 8104 \Device\Harddisk0\DR0\Partition0 - ok
08:47:28.0763 8104 Boot (0x1200) (cb8f5e8964e1eeed9de3dd63504a7704) \Device\Harddisk1\DR1\Partition0
08:47:28.0765 8104 \Device\Harddisk1\DR1\Partition0 - ok
08:47:28.0768 8104 Boot (0x1200) (ede2f40abb8b401821ec0acf8137ce4b) \Device\Harddisk2\DR2\Partition0
08:47:28.0769 8104 \Device\Harddisk2\DR2\Partition0 - ok
08:47:28.0769 8104 ============================================================
08:47:28.0769 8104 Scan finished
08:47:28.0769 8104 ============================================================
08:47:28.0776 5676 Detected object count: 0
08:47:28.0776 5676 Actual detected object count: 0
-
I have been infected. I honestly am not sure where it came from, or what it is. Antivirus does nost find it. Eset does not find it. Malwarebytes does not find it (although it did find other itmes).
I have attached the files as directed.
-
I am running XP SP3.
I foloowed the above directions and get the follwoing error after clicking "yes" to continue.
Error: Registry Editor could not set security in the key currently selected, or some of its subkeys.
I'm stumped....
-
Maybe I am either not following, or I am not being clear (either is very possible). Following up the path, the most nested key I can not access. The ones above it have full access. Does that make sense?
-
Well, that seems to be the problem. I can not open the key nor get to the permissions. It give me an "Unable to display security information" error. I can get to the subkey above it, and there are full permissions there. I am a bit lost.
-
Just those two, and windows firewall....
Thanks
-
Not sure if this is in the correct forum, but here it goes.
Problem... after having a virus and getting it resolved here http://forums.malwarebytes.org/index.php?s...fuzzed&st=0
I have run into a problem trying to install some software. The installer says it cannot access the reg file.
When I run regedit, I get the error "Cannot open {26CE9193-6640-418a-B7DD-DC07D7F3BBBF}: Error while opening key.
I can not delete or change the key. It is located here:
HKEY_USERS\S-1-5-21-527237240-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Settings\{76152C9D-0360-4843-85AD-1BDCE62EB374}\{26CE9193-6640-418a-B7DD-DC07D7F3BBBF}
The only other oddity is that I am not able to fully install a web cam. Of the two I tried, Skype does not recognize them even though they are certified by Skype. Not sure if this is related.
Microsoft Security Essentials and Malwarebytes Anti-Malware both turn up nothing. Everything else seems to be OK.
Thoughts?
-
The MBAM comes up clean and I have previously run the Combofix. Also the MS Security Essentials comes up clean. About the only thing left to turn on the CDROM emulation software using Defogger.
The computer now seems to be shutting down ok, it just does not want to boot with a USB drive installed.
Thoughts?
-
I think I did it, almost. I had a few virus' and at one time a backdoor.bot, went throught the self help section to work it out. I think I got it. The computer is scanning clean (although it too a number of days). Both the disk.sys and atapi.sys were infected. About the only problem I still seem to have is the computer does not want to close outlook completely and is having problems shutting down from the Start Menu.
Any thoughts would be appreciated.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Lawson at 11:31:56.64 on Mon 05/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2794 [GMT -7:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Lawson\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Lawson\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Lawson\Desktop\Temp1\dds.EXE
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [MoeMonitor.exe] "c:\documents and settings\lawson\local settings\application data\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\lawson\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238108135196
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238176636093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.28/TSWeb.cab
DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - hxxps://oca.microsoft.com/en/secure/ocarpt.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-2-7 274920]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-2-7 100840]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-2-7 285160]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-2-7 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-2-7 783848]
R2 DDService;Drobo Dashboard Service;c:\program files\drobo\drobo dashboard\support\DDService.exe [2010-3-19 704512]
R2 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\iscsiexe.exe [2008-11-13 103480]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-18 4408616]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-17 44880]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-18 112936]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2008-11-13 158264]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-2-7 121320]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-3-26 39456]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-2-17 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-2-17 19408]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-18 15656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-16 133104]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-2-7 276968]
S3 TVService;TVService;c:\program files\team mediaportal\mediaportal tv server\TvService.exe [2009-5-8 192512]
============== File Associations ===============
.scr=DWGTrueViewScriptFile
=============== Created Last 30 ================
2010-05-15 00:23:13 0 ----a-w- c:\documents and settings\lawson\defogger_reenable
2010-05-14 23:22:41 0 d-----w- c:\program files\Runtime Software
2010-05-14 21:58:49 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys
2010-05-14 21:58:49 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-05-14 21:55:46 98816 ----a-w- c:\windows\sed.exe
2010-05-14 21:55:46 77312 ----a-w- c:\windows\MBR.exe
2010-05-14 21:55:46 256512 ----a-w- c:\windows\PEV.exe
2010-05-14 21:55:46 161792 ----a-w- c:\windows\SWREG.exe
2010-05-14 21:15:48 0 d-sha-r- C:\cmdcons
2010-05-14 21:15:46 0 d-----w- c:\windows\setup.pss
2010-05-14 21:15:36 0 d-----w- c:\windows\setupupd
2010-05-14 16:25:21 3245 ----a-w- c:\windows\system32\wbem\Outlook_01caf3820c855766.mof
2010-05-14 02:49:39 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-14 01:16:18 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 01:16:18 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 01:15:52 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 01:15:52 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-13 16:36:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 16:33:15 0 d-----w- c:\program files\Microsoft Security Essentials
2010-05-13 16:27:50 0 d-----w- C:\60d349ba54d46634af
2010-05-13 00:50:07 0 d-----w- c:\docume~1\lawson\applic~1\Malwarebytes
2010-05-13 00:49:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 00:49:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 00:49:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 00:49:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-12 00:16:02 0 d-----w- c:\program files\Remove Empty Directories
2010-05-11 20:06:51 0 d-----w- c:\program files\Microsoft LifeCam
2010-05-11 20:06:40 0 d-----w- c:\windows\Logs
2010-04-30 16:29:05 0 d-----w- c:\program files\iPod
2010-04-30 16:29:01 0 d-----w- c:\program files\iTunes
2010-04-30 16:25:48 0 d-----w- c:\program files\Bonjour
2010-04-27 13:30:30 210352 ----a-w- c:\windows\system32\idmmbc.dll
==================== Find3M ====================
2010-05-14 21:45:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-25 22:19:28 74756 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-15 23:02:39 137195 ----a-w- c:\windows\fonts\AdobeFnt08.lst
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 23:34:07 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2010-02-17 23:34:07 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2009-10-21 01:21:18 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
============= FINISH: 11:32:13.71 ===============
-
Is there any way to get the remenants of all these programs out?
-
Hmmmm.... Are there any free malware programs I could run instead? Budgets are tight.
I rolled back to IE7, everything worked, then upgraded back to IE8. Got MS Essentials installed.
Cleaned up all the misc installations I could. Any reccomendations for a free registry cleaner - I am sure mine is full of crud.
Other than that, I am still trying it out. Things seem ok, but have not had much up time on this machine.
-
Well, that seemed to work. Thanks.
After looking at mbam, unless I purchase the program it really does not add any protection does it (besides manually running scans from time to time).
-
Well then IE is on the way out to be reintalled later. What about he copies of CCLeaner, cwshredder, HiJack This, Malwarebytes Anti Malware, Spybot Search and Destroy, Spyware Doctor, Super Antispyware, Windows Malious Program Remover, AVG Antivirus, Ad-Aware, etc I have installed. I figure I should probably just keep the AVG Antivirus unless you have a better suggestion.
-
It does not appear I have IE7 installed on the machine. Stepping back would have me reinstalling a number of programs that depend on IE. That being said, what antivirus and antimalware programs should I keep active? Right now this computer is moving at a snails pace.
-
No joy. I ran into this webpage error and was unable load another search engine.
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Sat, 12 Dec 2009 00:01:23 UTC
Message: Element not found.
Line: 167
Char: 1
Code: 0
URI: http://www.microsoft.com/windows/ie/search...m/runonce2.aspx
-
Changing the default search engine in IE8. The version is up in the Malwarebytes log if it makes any difference.
-
It also seems that I am unable to add or change the search engine.
Hmmm.....
-
I just ran the scans again.
Malwarebytes did not find anything, but eset did. See below.
Malwarebytes' Anti-Malware 1.42
Database version: 3345
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/11/2009 8:33:52 AM
mbam-log-2009-12-11 (08-33-52).txt
Scan type: Quick Scan
Objects scanned: 139120
Time elapsed: 15 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a502bb5dfd41fe4ebb523be5b5a9c1d2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-11 04:09:14
# local_time=2009-12-11 08:09:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2647253 2647253 0 0
# compatibility_mode=1024 16777175 100 0 1188902 1188902 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 1796308 1796308 0 0
# scanned=73861
# found=1
# cleaned=1
# scan_time=2978
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus (deleted - quarantined) 00000000000000000000000000000000 C
-
Fudge. I ran out of time at this location. I will be back this way in about a week and a half and I can continue to work on this. I ran Malwarebytes and it appears clean (seel log below), and ran Eset to about 75% complete without infection.
I will have to run both of these again when I am back this way.
I'll let you know. Thanks for your help so far, I belive we are close if not there already.
Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 5.1.2600 Service Pack 3
12/1/2009 7:31:48 AM
mbam-log-2009-12-01 (07-31-48).txt
Scan type: Quick Scan
Objects scanned: 120558
Time elapsed: 7 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Well... I followed the link as you suggested and turned off the Resident Sheild as was indicated on older versions of AVG. The Link refers to different versions up to v8.5 and I am running v9.0. I noted my concerns, but figired AVG 9 operated as the older versions.
Anyway, I ran ComboFix as you requested and below is the log. ComboFix did hang during one of the restarts, not sure why, but hopefully it did not screw anything up.
Hope this helps:
________________________________________________________________________
ComboFix 09-11-30.02 - SL 11/30/2009 17:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.569 [GMT -8:00]
Running from: c:\documents and settings\SL\Desktop\kahdah.pif
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sstray.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.
2009-11-30 22:49 . 2009-12-01 00:06 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-11-30 16:24 . 2009-11-30 16:24 292352 ----a-w- C:\m56rlhin.exe
2009-11-28 17:11 . 2009-11-28 17:11 -------- d-----w- c:\documents and settings\PG\Application Data\Malwarebytes
2009-11-26 22:10 . 2009-11-26 22:04 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-26 22:10 . 2009-11-26 22:04 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-26 22:10 . 2009-11-26 22:04 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-26 22:10 . 2009-11-26 22:04 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-26 22:04 . 2009-11-26 22:04 -------- d-----w- c:\program files\AVG
2009-11-26 21:45 . 2009-11-26 21:45 3584 ----a-r- c:\documents and settings\SL\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-26 21:45 . 2009-11-26 21:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-26 03:01 . 2009-11-10 14:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-25 20:21 . 2009-11-25 20:21 117760 ----a-w- c:\documents and settings\SL\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\documents and settings\SL\Application Data\SUPERAntiSpyware.com
2009-11-25 19:29 . 2009-11-25 19:29 -------- d-----w- c:\program files\CCleaner
2009-11-25 16:15 . 2009-11-25 16:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-10 14:29 . 2009-11-10 14:29 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-10 14:29 . 2009-11-26 00:39 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-10 14:29 . 2009-11-26 00:39 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-10 14:29 . 2009-11-26 00:39 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-10 14:29 . 2009-11-26 00:39 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-10 14:29 . 2009-11-26 00:39 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-10 14:28 . 2009-11-26 00:39 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-10 14:28 . 2009-11-26 00:39 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-10 14:28 . 2009-11-26 00:39 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-10 14:28 . 2009-11-26 00:39 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-10 14:27 . 2009-11-10 14:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-10 14:27 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-10 14:26 . 2009-11-10 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-10 14:26 . 2009-11-10 14:26 -------- d-----w- c:\program files\Lavasoft
2009-11-10 14:22 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 14:22 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:22 . 2009-11-25 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 05:48 . 2009-11-10 05:48 -------- d-sh--w- c:\documents and settings\PG\IECompatCache
2009-11-10 05:21 . 2009-11-10 05:21 -------- d-----w- c:\program files\ESET
2009-11-10 01:14 . 2009-11-10 01:43 -------- d-----w- C:\$AVG
2009-11-10 01:13 . 2009-11-10 01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-10 01:13 . 2009-11-16 02:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-10 01:13 . 2009-11-10 01:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-10 01:13 . 2009-11-10 01:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-10 01:13 . 2009-11-30 16:25 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-10 01:12 . 2009-11-26 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 00:58 . 2009-11-10 00:58 -------- d-----w- c:\program files\Trend Micro
2009-11-09 23:56 . 2009-12-01 02:05 -------- d-----w- c:\documents and settings\SL\Application Data\DMCache
2009-11-09 19:13 . 2009-11-09 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-09 17:26 . 2009-11-09 17:26 -------- d-----w- c:\documents and settings\SL\Application Data\Malwarebytes
2009-11-09 17:26 . 2009-11-09 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-09 16:56 . 2009-11-09 16:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-01 21:59 . 2009-11-01 21:59 -------- d-----w- c:\documents and settings\PG\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 21:44 . 2009-02-27 17:04 -------- d-----w- c:\program files\MSECACHE
2009-11-26 00:39 . 2009-11-10 14:30 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-26 00:39 . 2009-11-10 14:30 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-26 00:39 . 2009-11-10 14:30 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-26 00:39 . 2009-11-10 14:30 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-26 00:39 . 2009-11-10 14:30 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-26 00:39 . 2009-11-10 14:30 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-26 00:39 . 2009-11-10 14:30 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-25 20:20 . 2009-02-19 06:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-25 20:11 . 2006-10-24 15:01 -------- d-----w- c:\program files\Google
2009-11-25 17:28 . 2006-12-01 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 14:30 . 2009-11-10 14:30 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 14:30 . 2009-11-10 14:30 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-10 14:30 . 2009-11-10 14:30 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-10 14:30 . 2009-11-10 14:30 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-10 14:30 . 2009-11-10 14:30 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-10 14:30 . 2009-11-10 14:30 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-10 14:30 . 2009-11-10 14:30 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-10 14:30 . 2009-11-10 14:30 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-10 06:20 . 2008-09-01 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 05:24 . 2008-09-01 22:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-09 23:44 . 2009-08-23 17:50 -------- d-----w- c:\program files\Spyware Doctor
2009-11-09 23:43 . 2009-11-09 23:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-09 23:43 . 2009-08-23 17:51 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-03 04:42 . 2009-10-04 03:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 00:59 . 2006-11-28 15:03 3119320 ----a-w- c:\documents and settings\SL\Application Data\IDM\idmupdt.exe
2009-10-30 00:59 . 2006-10-26 17:15 -------- d-----w- c:\documents and settings\SL\Application Data\IDM
2009-10-19 23:57 . 2006-12-01 18:26 -------- d-----w- c:\program files\DivX
2009-10-19 23:55 . 2009-10-15 20:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-24 16:07 . 2009-04-11 17:41 198064 ----a-w- c:\documents and settings\SL\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-09-23 12:55 . 2009-11-10 14:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18 . 2001-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:43 . 2009-10-15 06:09 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-04 21:03 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-15 3134896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-10-06 866584]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-26 2020120]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
c:\documents and settings\PG\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2009-2-27 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-10 01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^SL^Start Menu^Programs^Startup^ikowin32.exe]
backup=c:\windows\pss\ikowin32.exeStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/10/2009 6:30 AM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/23/2009 9:51 AM 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/9/2009 5:13 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/9/2009 5:13 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/26/2009 2:04 PM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S2 gupdate1ca4dd75f989ce8;Google Update Service (gupdate1ca4dd75f989ce8);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1184912]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/5/2006 9:11 PM 13592]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [5/10/2009 1:35 PM 12672]
S3 M2400;IEEE 802.11b Wireless Network Driver;c:\windows\system32\drivers\M2400.sys [10/13/2003 2:22 PM 51328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/23/2009 9:50 AM 348752]
.
Contents of the 'Scheduled Tasks' folder
2009-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:39]
2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-11-30 c:\windows\Tasks\User_Feed_Synchronization-{10C5C172-A73E-4E78-9BB7-A8B606E717FC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-Tweak UI 2.10 - c:\windows\system32\mshta.exe res://c:\windows\system32\TweakUI.exe/uninstall.hta
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 18:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,b5,1c,f1,d7,7f,ab,d6,c3,c0,32,a1,20,d0,36,99,c0,f6,ba,c2,ac,
84,af,0a,ec,c6,e2,3f,e0,f6,36,d4,93,2c,b2,70,63,ff,60,59,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}]
@Denied: (Full) (Everyone)
"Model"=dword:00000075
"Therad"=dword:00000020
"MData"=hex(0):e1,90,6a,8e,a1,94,0b,6b,95,20,3b,49,2f,e8,42,e8,54,81,42,8f,ec,
1b,ec,4b,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-11-30 18:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-01 02:14
Pre-Run: 39,248,592,896 bytes free
Post-Run: 40,115,982,336 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C9A48D0EEE93D9810AEEB16020EF1AE5
-
I got the GMER to run and here are the results.
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-30 13:57:35
Windows 5.1.2600 Service Pack 3
Running: m56rlhin.exe; Driver: C:\DOCUME~1\SL\LOCALS~1\Temp\pxldypow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF739BD72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF737C9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF737CB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF739C568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF739C820]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF739AA80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF739CC8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF739C036]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF559D0B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [D0, 59, F5] {RCR BYTE [ECX-0xb], 0x1}
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF73E07AC]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6AB5360, 0x24BB1D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\00002142 -> \Driver\atapi \Device\Harddisk0\DR0 864D850C
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x3D 0xB5 0x1C 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@Model 117
Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@Therad 32
Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@MData 0xE1 0x90 0x6A 0x8E ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Hope it helps...
-
I started trying to follow the procedures you listed above, but with the parameters you set the OTL.exe program starts scanning fine but then hangs when trying to scan netsvcs. When I try and close the program a Not Responding error shows up.
I have my AVG Resident Sheild disabled, should I have more of the AVG disabled? Perhaps something else?
Oh, now I am getting popups as well. Oh joy....
-
Alright. I give up and this thing has beat me so far.
My McAfee finally expired and at some time after that my computer caught something. About 1 out of 4 times I click on a link from a search engine (Google, Yahoo, Bing, etc), I get redirected to some phony search engine or some ridiculous site.
I tried a system restore to a month prior to my problem. No avail. I turned off the system restore to eliminate anything that might be lurking in there.
I cleaned up a number of old versions of programs and uninstalled them - mostly the 8 version of Java I had installed.
I can not boot in Safe Mode as I get hung up on Mup.sys. I have tried getting around this by running chkdsk and multiple Anti-Spy-Malware programs. I have run through CCLeaner, cwshredder, HiJack This, Malwarebytes Anti Malware, Spybot Search and Destroy, Spyware Doctor, Super Antispyware, Windows Malious Program Remover (Nov Edition), AVG Antivirus and Ad-Aware. Again, only in normal mode as I can not boot in safe mode - the computer hangs and reboots. Yes I reboot between scans.
The Windows Malicious Program Remover found something and removed it, as did Malwarebytes (in full scan mode) and SuperAntiSpyware.
The rest of the programs shows the computer is clean.
All programs were checked for the most current updates before they were ran.
My problem still exists.
I have tried "fixing" these items in HiJack This but they keet coming back.
O23 - Service: Google Update Service (gupdate1ca4dd75f989ce8) (gupdate1ca4dd75f989ce8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
Just ran up to date versions of HiJack This, Malwarebytes, and AVG Antivirus. Hope someone can help, Thanks in advance. Here are the logs:
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.41
Database version: 3234
Windows 5.1.2600 Service Pack 3
11/25/2009 6:28:37 PM
mbam-log-2009-11-25 (18-28-37).txt
Scan type: Quick Scan
Objects scanned: 134513
Time elapsed: 36 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HIJACK THIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:03 PM, on 11/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161656023295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235765052484
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca4dd75f989ce8) (gupdate1ca4dd75f989ce8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8661 bytes
Unwanted popups in lower right part of screen...
in Resolved Malware Removal Logs
Posted
Oh, I forgot the other two logs. See attached.
The computer seems to be operating okay. Somtines it is reluctant to refresh or load a page in IE if I have a few tabs open.
ComboFix.txt
checkup.txt