Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with system-check, cannot run programs


  • This topic is locked This topic is locked
20 replies to this topic

#1 TDY329

TDY329

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 March 2012 - 06:06 PM

Hello,

I'm pretty sure I am infected with the System Check malware. I have a System Check icon on my desktop, I recognize a lot of the windows and graphics posted in the removal guide on here as the same ones I've seen, as well as numerous other symptoms matching. I tried to follow the removal guide and the "preparation guide for use before using malware removal tools and requesting help". However, when I download and try to run various of the programs, windows looks like it is loading the program (I am asked if I would like to run it and the "spinning circle" comes up over my cursor) but then nothing happens. I am running Windows 7 and have done all this in safemode with networking. Please help!

Edited by TDY329, 23 March 2012 - 06:07 PM.


BC AdBot (Login to Remove)

 


#2 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 March 2012 - 06:39 PM

After browsing some of the other topics and finding someone with a similar problem, I downloaded RogueKiller and was able to run that. It keeps crashing apparently before finishing the scan, but it did produce a log file, which I've attached to this reply. I tried to copy and paste it but the site is telling me my reply is too long. I'll post the first half or so. Hopefully this expedites things.

[00:00:0000] Has crashed before : Yes
[00:00:0000] ***** Global Init *****
[00:00:0000] Create mutex : RogueKiller
[00:00:0000] Mutex Created : 0x144
[00:00:0000] Fill lists
[00:00:0031] Take Privileges
[00:00:0187] Modify Token
[00:00:0187] Set priority to HIGH
[00:00:0187] Getting Operating System
[00:00:0187] Os Getted : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
[00:00:0187] ***** Global Init OK *****
[00:00:0187] ***** GUI Init *****
[00:00:0187] Get build number
[00:00:0187] build number : RogueKiller (by Tigzy) -- v7.3.2
[00:00:0343] ***** GUI Init OK *****
[00:00:0375] ***** PreScan *****
[00:00:0390] Clear ListViews
[00:00:0390] Clear Objects
[00:00:0406] [Check Window] Network Flyout
[00:00:0406] [Check Window] Task Switching
[00:00:0406] [Check Window] Tim
[00:00:0421] [Check Window] RogueKiller (by Tigzy) -- v7.3.2
[00:00:0421] [Check Window] X3Watch PRO Accountability Administrator
[00:00:0453] [Check Window] HiddenFaxWindow
[00:00:0453] [Check Window] SafeEyes LSP
[00:00:0453] [Check Window] BluetoothNotificationAreaIconWindowClass
[00:00:0453] [Check Window] MS_WebcheckMonitor
[00:00:0453] [Check Window] Media Center SSO
[00:00:0468] [Check Window] Battery Meter
[00:00:0468] [Check Window] Start menu
[00:00:0468] [Check Window] Jump List
[00:00:0468] [Check Window] DDE Server Window
[00:00:0484] [Check Window] Start
[00:00:0484] [Check Window] Program Manager
[00:00:0484] [Check Window] MSCTFIME UI
[00:00:0484] [Check Window] Default IME
[00:00:0484] [Check Window] Default IME
[00:00:0499] [Check Window] MSCTFIME UI
[00:00:0499] [Check Window] Default IME
[00:00:0499] [Check Window] MSCTFIME UI
[00:00:0499] [Check Window] Default IME
[00:00:0515] [Check Window] Default IME
[00:00:0515] [Check Window] Default IME
[00:00:0515] [Check Window] Default IME
[00:00:0515] [Check Window] Default IME
[00:00:0531] [Check Window] Default IME
[00:00:0531] [Check Window] MSCTFIME UI
[00:00:0531] [Check Window] Default IME
[00:00:0546] [Check Processes] Service PID : 392
[00:00:0546] [Check Processes] [0] [System Process]
[00:00:0546] [Check Processes] [4] System
[00:00:0546] [Check Processes] [216] smss.exe
[00:00:0562] [Check Processes] [300] csrss.exe
[00:00:0562] [Check Processes] [340] csrss.exe
[00:00:0562] [Check Processes] [348] wininit.exe
[00:00:0562] [Check Processes] [392] services.exe
[00:00:0577] [Check Processes] [416] winlogon.exe
[00:00:0577] [Check Processes] [444] lsass.exe
[00:00:0593] [Check Processes] [452] lsm.exe
[00:00:0593] [Check Processes] [564] svchost.exe
[00:00:0593] [Check Processes] [640] svchost.exe
[00:00:0609] [Check Processes] [704] svchost.exe
[00:00:0609] [Check Processes] [772] svchost.exe
[00:00:0609] [Check Processes] [856] svchost.exe
[00:00:0624] [Check Processes] [904] svchost.exe
[00:00:0624] [Check Processes] [932] svchost.exe
[00:00:0624] [Check Processes] [1044] ccSvcHst.exe
[00:00:0640] [Check Processes] [1180] svchost.exe
[00:00:0640] [Check Processes] [1332] Rtvscan.exe
[00:00:0640] [Check Processes] [1904] explorer.exe
[00:00:0655] [Check DLLs] Explorer.EXE
[00:00:0655] [Check DLLs] ntdll.dll
[00:00:0655] [Check DLLs] kernel32.dll
[00:00:0655] [Check DLLs] KERNELBASE.dll
[00:00:0671] [Check DLLs] ADVAPI32.dll
[00:00:0671] [Check DLLs] msvcrt.dll
[00:00:0671] [Check DLLs] sechost.dll
[00:00:0671] [Check DLLs] RPCRT4.dll
[00:00:0671] [Check DLLs] GDI32.dll
[00:00:0671] [Check DLLs] USER32.dll
[00:00:0671] [Check DLLs] LPK.dll
[00:00:0671] [Check DLLs] USP10.dll
[00:00:0687] [Check DLLs] SHLWAPI.dll
[00:00:0687] [Check DLLs] SHELL32.dll
[00:00:0687] [Check DLLs] ole32.dll
[00:00:0687] [Check DLLs] OLEAUT32.dll
[00:00:0687] [Check DLLs] EXPLORERFRAME.dll
[00:00:0687] [Check DLLs] DUser.dll
[00:00:0687] [Check DLLs] DUI70.dll
[00:00:0687] [Check DLLs] IMM32.dll
[00:00:0702] [Check DLLs] MSCTF.dll
[00:00:0702] [Check DLLs] UxTheme.dll
[00:00:0702] [Check DLLs] POWRPROF.dll
[00:00:0702] [Check DLLs] SETUPAPI.dll
[00:00:0702] [Check DLLs] CFGMGR32.dll
[00:00:0702] [Check DLLs] DEVOBJ.dll
[00:00:0702] [Check DLLs] dwmapi.dll
[00:00:0702] [Check DLLs] slc.dll
[00:00:0718] [Check DLLs] gdiplus.dll
[00:00:0718] [Check DLLs] Secur32.dll
[00:00:0718] [Check DLLs] SSPICLI.DLL
[00:00:0718] [Check DLLs] PROPSYS.dll
[00:00:0718] [Check DLLs] WININET.dll
[00:00:0718] [Check DLLs] Normaliz.dll
[00:00:0718] [Check DLLs] iertutil.dll
[00:00:0718] [Check DLLs] urlmon.dll
[00:00:0718] [Check DLLs] imagehlp.dll
[00:00:0733] [Check DLLs] WINSTA.dll
[00:00:0733] [Check DLLs] CRYPTBASE.dll
[00:00:0733] [Check DLLs] comctl32.dll
[00:00:0733] [Check DLLs] WindowsCodecs.dll
[00:00:0733] [Check DLLs] apphelp.dll
[00:00:0733] [Check DLLs] CLBCatQ.DLL
[00:00:0733] [Check DLLs] EhStorShell.dll
[00:00:0733] [Check DLLs] cscui.dll
[00:00:0749] [Check DLLs] CSCDLL.dll
[00:00:0749] [Check DLLs] CSCAPI.dll
[00:00:0749] [Check DLLs] ntshrui.dll
[00:00:0749] [Check DLLs] srvcli.dll
[00:00:0749] [Check DLLs] IconCodecService.dll
[00:00:0749] [Check DLLs] profapi.dll
[00:00:0749] [Check DLLs] CRYPTSP.dll
[00:00:0749] [Check DLLs] rsaenh.dll
[00:00:0749] [Check DLLs] RpcRtRemote.dll
[00:00:0765] [Check DLLs] SndVolSSO.DLL
[00:00:0765] [Check DLLs] HID.DLL
[00:00:0765] [Check DLLs] MMDevApi.dll
[00:00:0765] [Check DLLs] calcnfig.dll
[00:00:0765] [Check DLLs] PSAPI.DLL
[00:00:0765] [Check DLLs] CRYPT32.dll
[00:00:0765] [Check DLLs] MSASN1.dll
[00:00:0765] [Check DLLs] WS2_32.dll
[00:00:0765] [Check DLLs] NSI.dll
[00:00:0780] [Check DLLs] timedate.cpl
[00:00:0780] [Check DLLs] ATL.DLL
[00:00:0780] [Check DLLs] WINBRAND.dll
[00:00:0780] [Check DLLs] ntmarta.dll
[00:00:0780] [Check DLLs] WLDAP32.dll
[00:00:0780] [Check DLLs] USERENV.dll
[00:00:0780] [Check DLLs] shacct.dll
[00:00:0780] [Check DLLs] SAMLIB.dll
[00:00:0796] [Check DLLs] gameux.dll
[00:00:0796] [Check DLLs] XmlLite.dll
[00:00:0796] [Check DLLs] wer.dll
[00:00:0796] [Check DLLs] samcli.dll
[00:00:0796] [Check DLLs] netutils.dll
[00:00:0796] [Check DLLs] MsftEdit.dll
[00:00:0796] [Check DLLs] msls31.dll
[00:00:0796] [Check DLLs] tiptsf.dll
[00:00:0811] [Check DLLs] authui.dll
[00:00:0811] [Check DLLs] CRYPTUI.dll
[00:00:0811] [Check DLLs] shdocvw.dll
[00:00:0811] [Check DLLs] LINKINFO.dll
[00:00:0811] [Check DLLs] NetworkExplorer.dll
[00:00:0811] [Check DLLs] WINMM.dll
[00:00:0811] [Check DLLs] wdmaud.drv
[00:00:0811] [Check DLLs] ksuser.dll
[00:00:0827] [Check DLLs] AVRT.dll
[00:00:0827] [Check DLLs] stobject.dll
[00:00:0827] [Check DLLs] BatMeter.dll
[00:00:0827] [Check DLLs] WTSAPI32.dll
[00:00:0827] [Check DLLs] es.dll
[00:00:0827] [Check DLLs] prnfldr.dll
[00:00:0827] [Check DLLs] WINSPOOL.DRV
[00:00:0827] [Check DLLs] dxp.dll
[00:00:0827] [Check DLLs] WINTRUST.dll
[00:00:0843] [Check DLLs] Syncreg.dll
[00:00:0843] [Check DLLs] HelpPaneProxy.dll
[00:00:0843] [Check DLLs] SXS.DLL
[00:00:0843] [Check DLLs] AltTab.dll
[00:00:0843] [Check DLLs] UIAnimation.dll
[00:00:0843] [Check DLLs] pnidui.dll
[00:00:0843] [Check DLLs] QUtil.dll
[00:00:0843] [Check DLLs] wevtapi.dll
[00:00:0843] [Check DLLs] IPHLPAPI.DLL
[00:00:0858] [Check DLLs] WINNSI.DLL
[00:00:0858] [Check DLLs] dhcpcsvc.DLL
[00:00:0858] [Check DLLs] dhcpcsvc6.DLL
[00:00:0858] [Check DLLs] netshell.dll
[00:00:0858] [Check DLLs] nlaapi.dll
[00:00:0858] [Check DLLs] ehSSO.dll
[00:00:0858] [Check DLLs] wpdshserviceobj.dll
[00:00:0874] [Check DLLs] PortableDeviceTypes.dll
[00:00:0874] [Check DLLs] PortableDeviceApi.dll
[00:00:0874] [Check DLLs] npmproxy.dll
[00:00:0874] [Check DLLs] taskschd.dll
[00:00:0874] [Check DLLs] mstask.dll
[00:00:0874] [Check DLLs] srchadmin.dll
[00:00:0874] [Check DLLs] Wlanapi.dll
[00:00:0874] [Check DLLs] wlanutil.dll
[00:00:0874] [Check DLLs] wwanapi.dll
[00:00:0889] [Check DLLs] wwapi.dll
[00:00:0889] [Check DLLs] QAgent.dll
[00:00:0889] [Check DLLs] SyncCenter.dll
[00:00:0889] [Check DLLs] provsvc.dll
[00:00:0889] [Check DLLs] bthprops.cpl
[00:00:0889] [Check DLLs] imapi2.dll
[00:00:0889] [Check DLLs] hgcpl.dll
[00:00:0889] [Check DLLs] actxprxy.dll
[00:00:0889] [Check DLLs] netprofm.dll
[00:00:0905] [Check DLLs] wkscli.dll
[00:00:0905] [Check DLLs] fxsst.dll
[00:00:0905] [Check DLLs] FXSAPI.dll
[00:00:0905] [Check DLLs] FXSRESM.DLL
[00:00:0905] [Check DLLs] VERSION.dll
[00:00:0905] [Check DLLs] ieproxy.dll
[00:00:0905] [Check DLLs] DEVRTL.dll
[00:00:0905] [Check DLLs] MPR.dll
[00:00:0921] [Check DLLs] thumbcache.dll
[00:00:0921] [Check Processes] [1984] ctfmon.exe
[00:00:0921] [Check Processes] [1328] X3WatchPRO.exe
[00:00:0936] [Check Processes] [980] WmiPrvSE.exe
[00:00:0936] [Check Processes] [2184] WMIADAP.exe
[00:00:0936] [Check Processes] [2340] RogueKiller.exe
[00:00:0952] [Check Hidden Processes] 216
[00:00:0952] [Check Hidden Processes] 300
[00:00:0952] [Check Hidden Processes] 340
[00:00:0967] [Check Hidden Processes] 348
[00:00:0967] [Check Hidden Processes] 392
[00:00:0967] [Check Hidden Processes] 416
[00:00:0983] [Check Hidden Processes] 444
[00:00:0983] [Check Hidden Processes] 452
[00:00:0983] [Check Hidden Processes] 564
[00:00:0983] [Check Hidden Processes] 640
[00:00:0999] [Check Hidden Processes] 704
[00:00:0999] [Check Hidden Processes] 772
[00:00:0999] [Check Hidden Processes] 856
[00:00:0999] [Check Hidden Processes] 904
[00:00:0999] [Check Hidden Processes] 932
[00:01:0014] [Check Hidden Processes] 980
[00:01:0014] [Check Hidden Processes] 1044
[00:01:0014] [Check Hidden Processes] 1180
[00:01:0030] [Check Hidden Processes] 1328
[00:01:0030] [Check Hidden Processes] 1332
[00:01:0030] [Check Hidden Processes] 1904
[00:01:0045] [Check Hidden Processes] 1984
[00:01:0045] [Check Hidden Processes] 2184
[00:01:0045] [Check Hidden Processes] 2340
[00:01:0186] [Check Services] [0/433] 1394ohci
[00:01:0186] [Check Services] \SystemRoot\system32\drivers\1394ohci.sys
[00:01:0186] [Check Services] [1/433] ac.sharedstore
[00:01:0186] [Check Services] C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
[00:01:0186] [Check Services] [2/433] ACPI
[00:01:0201] [Check Services] \SystemRoot\system32\drivers\ACPI.sys
[00:01:0201] [Check Services] [3/433] AcpiPmi
[00:01:0201] [Check Services] \SystemRoot\system32\drivers\acpipmi.sys
[00:01:0201] [Check Services] [4/433] adp94xx
[00:01:0201] [Check Services] \SystemRoot\system32\DRIVERS\adp94xx.sys
[00:01:0201] [Check Services] [5/433] adpahci
[00:01:0217] [Check Services] \SystemRoot\system32\DRIVERS\adpahci.sys
[00:01:0217] [Check Services] [6/433] adpu320
[00:01:0217] [Check Services] \SystemRoot\system32\DRIVERS\adpu320.sys
[00:01:0217] [Check Services] [7/433] AeLookupSvc
[00:01:0233] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0233] [Check Services] [8/433] AFD
[00:01:0233] [Check Services] \SystemRoot\system32\drivers\afd.sys
[00:01:0233] [Check Services] [9/433] agp440
[00:01:0233] [Check Services] \SystemRoot\system32\drivers\agp440.sys
[00:01:0233] [Check Services] [10/433] aic78xx
[00:01:0233] [Check Services] \SystemRoot\system32\DRIVERS\djsvs.sys
[00:01:0233] [Check Services] [11/433] Akamai
[00:01:0248] [Check Services] C:\Windows\System32\svchost.exe -k Akamai
[00:01:0248] [Check Services] [12/433] ALG
[00:01:0248] [Check Services] C:\Windows\System32\alg.exe
[00:01:0248] [Check Services] [13/433] aliide
[00:01:0248] [Check Services] \SystemRoot\system32\drivers\aliide.sys
[00:01:0248] [Check Services] [14/433] amdagp
[00:01:0264] [Check Services] \SystemRoot\system32\drivers\amdagp.sys
[00:01:0264] [Check Services] [15/433] amdide
[00:01:0264] [Check Services] \SystemRoot\system32\drivers\amdide.sys
[00:01:0264] [Check Services] [16/433] AmdK8
[00:01:0264] [Check Services] \SystemRoot\system32\DRIVERS\amdk8.sys
[00:01:0279] [Check Services] [17/433] AmdPPM
[00:01:0279] [Check Services] \SystemRoot\system32\DRIVERS\amdppm.sys
[00:01:0279] [Check Services] [18/433] amdsata
[00:01:0279] [Check Services] \SystemRoot\system32\drivers\amdsata.sys
[00:01:0279] [Check Services] [19/433] amdsbs
[00:01:0295] [Check Services] \SystemRoot\system32\DRIVERS\amdsbs.sys
[00:01:0311] [Check Services] [20/433] amdxata
[00:01:0311] [Check Services] \SystemRoot\system32\drivers\amdxata.sys
[00:01:0311] [Check Services] [21/433] ApfiltrService
[00:01:0311] [Check Services] system32\DRIVERS\Apfiltr.sys
[00:01:0311] [Check Services] [22/433] AppID
[00:01:0311] [Check Services] \SystemRoot\system32\drivers\appid.sys
[00:01:0311] [Check Services] [23/433] AppIDSvc
[00:01:0326] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0326] [Check Services] [24/433] Appinfo
[00:01:0326] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0326] [Check Services] [25/433] Apple Mobile Device
[00:01:0326] [Check Services] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
[00:01:0326] [Check Services] [26/433] AppMgmt
[00:01:0342] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0342] [Check Services] [27/433] arc
[00:01:0342] [Check Services] \SystemRoot\system32\DRIVERS\arc.sys
[00:01:0342] [Check Services] [28/433] arcsas
[00:01:0357] [Check Services] \SystemRoot\system32\DRIVERS\arcsas.sys
[00:01:0357] [Check Services] [29/433] AsyncMac
[00:01:0357] [Check Services] system32\DRIVERS\asyncmac.sys
[00:01:0357] [Check Services] [30/433] atapi
[00:01:0373] [Check Services] \SystemRoot\system32\drivers\atapi.sys
[00:01:0373] [Check Services] [31/433] AudioEndpointBuilder
[00:01:0373] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0373] [Check Services] [32/433] Audiosrv
[00:01:0373] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0373] [Check Services] [33/433] AxInstSV
[00:01:0389] [Check Services] C:\Windows\system32\svchost.exe -k AxInstSVGroup
[00:01:0389] [Check Services] [34/433] b06bdrv
[00:01:0389] [Check Services] \SystemRoot\system32\DRIVERS\bxvbdx.sys
[00:01:0389] [Check Services] [35/433] b57nd60x
[00:01:0389] [Check Services] system32\DRIVERS\b57nd60x.sys
[00:01:0389] [Check Services] [36/433] BCM43XX
[00:01:0404] [Check Services] system32\DRIVERS\bcmwl6.sys
[00:01:0404] [Check Services] [37/433] BDESVC
[00:01:0420] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0420] [Check Services] [38/433] Beep
[00:01:0420] [Check Services] Path not found
[00:01:0420] [Check Services] [39/433] BITS
[00:01:0420] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0435] [Check Services] [40/433] blbdrive
[00:01:0435] [Check Services] system32\DRIVERS\blbdrive.sys
[00:01:0435] [Check Services] [41/433] Bonjour Service
[00:01:0435] [Check Services] "C:\Program Files\Bonjour\mDNSResponder.exe"
[00:01:0435] [Check Services] [42/433] bowser
[00:01:0451] [Check Services] system32\DRIVERS\bowser.sys
[00:01:0451] [Check Services] [43/433] BrFiltLo
[00:01:0451] [Check Services] \SystemRoot\system32\DRIVERS\BrFiltLo.sys
[00:01:0451] [Check Services] [44/433] BrFiltUp
[00:01:0451] [Check Services] \SystemRoot\system32\DRIVERS\BrFiltUp.sys
[00:01:0451] [Check Services] [45/433] Browser
[00:01:0467] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0467] [Check Services] [46/433] Brserid
[00:01:0482] [Check Services] \SystemRoot\System32\Drivers\Brserid.sys
[00:01:0482] [Check Services] [47/433] BrSerWdm
[00:01:0482] [Check Services] \SystemRoot\System32\Drivers\BrSerWdm.sys
[00:01:0482] [Check Services] [48/433] BrUsbMdm
[00:01:0482] [Check Services] \SystemRoot\System32\Drivers\BrUsbMdm.sys
[00:01:0498] [Check Services] [49/433] BrUsbSer
[00:01:0498] [Check Services] \SystemRoot\System32\Drivers\BrUsbSer.sys
[00:01:0498] [Check Services] [50/433] BthEnum
[00:01:0498] [Check Services] \SystemRoot\system32\drivers\BthEnum.sys
[00:01:0498] [Check Services] [51/433] BTHMODEM
[00:01:0513] [Check Services] \SystemRoot\system32\DRIVERS\bthmodem.sys
[00:01:0513] [Check Services] [52/433] BthPan
[00:01:0513] [Check Services] system32\DRIVERS\bthpan.sys
[00:01:0513] [Check Services] [53/433] BTHPORT
[00:01:0529] [Check Services] \SystemRoot\System32\Drivers\BTHport.sys
[00:01:0529] [Check Services] [54/433] bthserv
[00:01:0529] [Check Services] C:\Windows\system32\svchost.exe -k bthsvcs
[00:01:0529] [Check Services] [55/433] BTHUSB
[00:01:0545] [Check Services] \SystemRoot\System32\Drivers\BTHUSB.sys
[00:01:0545] [Check Services] [56/433] ccEvtMgr
[00:01:0545] [Check Services] "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
[00:01:0545] [Check Services] [57/433] ccSetMgr
[00:01:0545] [Check Services] "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
[00:01:0545] [Check Services] [58/433] cdfs
[00:01:0560] [Check Services] system32\DRIVERS\cdfs.sys
[00:01:0560] [Check Services] [59/433] cdrom
[00:01:0560] [Check Services] \SystemRoot\system32\drivers\cdrom.sys
[00:01:0560] [Check Services] [60/433] CertPropSvc
[00:01:0576] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0576] [Check Services] [61/433] circlass
[00:01:0576] [Check Services] \SystemRoot\system32\DRIVERS\circlass.sys
[00:01:0576] [Check Services] [62/433] CLFS
[00:01:0576] [Check Services] \SystemRoot\System32\CLFS.sys
[00:01:0576] [Check Services] [63/433] clr_optimization_v2.0.50727_32
[00:01:0591] [Check Services] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:01:0591] [Check Services] [64/433] clr_optimization_v4.0.30319_32
[00:01:0607] [Check Services] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00:01:0607] [Check Services] [65/433] CmBatt
[00:01:0607] [Check Services] system32\DRIVERS\CmBatt.sys
[00:01:0607] [Check Services] [66/433] cmdide
[00:01:0607] [Check Services] \SystemRoot\system32\drivers\cmdide.sys
[00:01:0607] [Check Services] [67/433] CNG
[00:01:0623] [Check Services] \SystemRoot\System32\Drivers\cng.sys
[00:01:0623] [Check Services] [68/433] Compbatt
[00:01:0623] [Check Services] \SystemRoot\system32\DRIVERS\compbatt.sys
[00:01:0623] [Check Services] [69/433] CompositeBus
[00:01:0623] [Check Services] \SystemRoot\system32\drivers\CompositeBus.sys
[00:01:0623] [Check Services] [70/433] COMSysApp
[00:01:0638] [Check Services] C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[00:01:0638] [Check Services] [71/433] crcdisk
[00:01:0638] [Check Services] \SystemRoot\system32\DRIVERS\crcdisk.sys
[00:01:0638] [Check Services] [72/433] CryptSvc
[00:01:0654] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:01:0654] [Check Services] [73/433] CSC
[00:01:0654] [Check Services] system32\drivers\csc.sys
[00:01:0654] [Check Services] [74/433] CscService
[00:01:0669] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0669] [Check Services] [75/433] DcomLaunch
[00:01:0669] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:01:0685] [Check Services] [76/433] defragsvc
[00:01:0685] [Check Services] C:\Windows\system32\svchost.exe -k defragsvc
[00:01:0685] [Check Services] [77/433] DfsC
[00:01:0685] [Check Services] System32\Drivers\dfsc.sys
[00:01:0685] [Check Services] [78/433] Dhcp
[00:01:0701] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0701] [Check Services] [79/433] discache
[00:01:0701] [Check Services] System32\drivers\discache.sys
[00:01:0701] [Check Services] [80/433] Disk
[00:01:0716] [Check Services] \SystemRoot\system32\DRIVERS\disk.sys
[00:01:0716] [Check Services] [81/433] Dnscache
[00:01:0716] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:01:0716] [Check Services] [82/433] dot3svc
[00:01:0732] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0732] [Check Services] [83/433] Dot4
[00:01:0732] [Check Services] system32\DRIVERS\Dot4.sys
[00:01:0732] [Check Services] [84/433] Dot4Print
[00:01:0747] [Check Services] \SystemRoot\system32\drivers\Dot4Prt.sys
[00:01:0747] [Check Services] [85/433] dot4usb
[00:01:0747] [Check Services] system32\DRIVERS\dot4usb.sys
[00:01:0747] [Check Services] [86/433] DPS
[00:01:0747] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
[00:01:0747] [Check Services] [87/433] drmkaud
[00:01:0763] [Check Services] system32\drivers\drmkaud.sys
[00:01:0763] [Check Services] [88/433] DXGKrnl
[00:01:0763] [Check Services] \SystemRoot\System32\drivers\dxgkrnl.sys
[00:01:0763] [Check Services] [89/433] EapHost
[00:01:0779] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0779] [Check Services] [90/433] ebdrv
[00:01:0779] [Check Services] \SystemRoot\system32\DRIVERS\evbdx.sys
[00:01:0779] [Check Services] [91/433] eeCtrl
[00:01:0794] [Check Services] \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
[00:01:0794] [Check Services] [92/433] EFS
[00:01:0794] [Check Services] C:\Windows\System32\lsass.exe
[00:01:0794] [Check Services] [93/433] ehRecvr
[00:01:0810] [Check Services] C:\Windows\ehome\ehRecvr.exe
[00:01:0810] [Check Services] [94/433] ehSched
[00:01:0810] [Check Services] C:\Windows\ehome\ehsched.exe
[00:01:0810] [Check Services] [95/433] elxstor
[00:01:0810] [Check Services] \SystemRoot\system32\DRIVERS\elxstor.sys
[00:01:0825] [Check Services] [96/433] EraserUtilRebootDrv
[00:01:0825] [Check Services] \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
[00:01:0825] [Check Services] [97/433] ErrDev
[00:01:0825] [Check Services] \SystemRoot\system32\drivers\errdev.sys
[00:01:0825] [Check Services] [98/433] eventlog
[00:01:0841] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0841] [Check Services] [99/433] EventSystem
[00:01:0857] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0857] [Check Services] [100/433] exfat
[00:01:0857] [Check Services] Path not found
[00:01:0857] [Check Services] [101/433] fastfat
[00:01:0857] [Check Services] Path not found
[00:01:0857] [Check Services] [102/433] Fax
[00:01:0872] [Check Services] C:\Windows\system32\fxssvc.exe
[00:01:0872] [Check Services] [103/433] fdc
[00:01:0872] [Check Services] \SystemRoot\system32\DRIVERS\fdc.sys
[00:01:0872] [Check Services] [104/433] fdPHost
[00:01:0888] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0888] [Check Services] [105/433] FDResPub
[00:01:0888] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0888] [Check Services] [106/433] FileInfo
[00:01:0903] [Check Services] \SystemRoot\system32\drivers\fileinfo.sys
[00:01:0903] [Check Services] [107/433] Filetrace
[00:01:0903] [Check Services] system32\drivers\filetrace.sys
[00:01:0919] [Check Services] [108/433] FLEXnet Licensing Service
[00:01:0919] [Check Services] "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
[00:01:0919] [Check Services] [109/433] flpydisk
[00:01:0919] [Check Services] \SystemRoot\system32\DRIVERS\flpydisk.sys
[00:01:0919] [Check Services] [110/433] FltMgr
[00:01:0935] [Check Services] \SystemRoot\system32\drivers\fltmgr.sys
[00:01:0935] [Check Services] [111/433] FontCache
[00:01:0935] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0935] [Check Services] [112/433] FontCache3.0.0.0
[00:01:0950] [Check Services] C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[00:01:0950] [Check Services] [113/433] FsDepends
[00:01:0950] [Check Services] System32\drivers\FsDepends.sys
[00:01:0950] [Check Services] [114/433] fvevol
[00:01:0966] [Check Services] \SystemRoot\System32\DRIVERS\fvevol.sys
[00:01:0966] [Check Services] [115/433] gagp30kx
[00:01:0981] [Check Services] \SystemRoot\system32\DRIVERS\gagp30kx.sys
[00:01:0981] [Check Services] [116/433] GEARAspiWDM
[00:01:0981] [Check Services] system32\DRIVERS\GEARAspiWDM.sys
[00:01:0981] [Check Services] [117/433] gpsvc
[00:01:0997] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0997] [Check Services] [118/433] guardian2
[00:01:0997] [Check Services] System32\Drivers\oz776.sys
[00:01:0997] [Check Services] [119/433] hcw85cir
[00:02:0013] [Check Services] \SystemRoot\system32\drivers\hcw85cir.sys
[00:02:0013] [Check Services] [120/433] HdAudAddService
[00:02:0013] [Check Services] \SystemRoot\system32\drivers\HdAudio.sys
[00:02:0013] [Check Services] [121/433] HDAudBus
[00:02:0028] [Check Services] \SystemRoot\system32\drivers\HDAudBus.sys
[00:02:0028] [Check Services] [122/433] HidBatt
[00:02:0028] [Check Services] \SystemRoot\system32\DRIVERS\HidBatt.sys
[00:02:0028] [Check Services] [123/433] HidBth
[00:02:0044] [Check Services] \SystemRoot\system32\DRIVERS\hidbth.sys
[00:02:0044] [Check Services] [124/433] HidIr
[00:02:0044] [Check Services] \SystemRoot\system32\DRIVERS\hidir.sys
[00:02:0044] [Check Services] [125/433] hidserv
[00:02:0059] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:02:0059] [Check Services] [126/433] HidUsb
[00:02:0059] [Check Services] \SystemRoot\system32\drivers\hidusb.sys
[00:02:0059] [Check Services] [127/433] hkmsvc
[00:02:0075] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:02:0075] [Check Services] [128/433] HomeGroupListener
[00:02:0075] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:02:0075] [Check Services] [129/433] HomeGroupProvider
[00:02:0091] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:02:0091] [Check Services] [130/433] HpSAMD
[00:02:0091] [Check Services] \SystemRoot\system32\drivers\HpSAMD.sys
[00:02:0091] [Check Services] [131/433] HPSLPSVC
[00:02:0106] [Check Services] C:\Windows\system32\svchost.exe -k HPService
[00:02:0106] [Check Services] [132/433] HTTP
[00:02:0106] [Check Services] system32\drivers\HTTP.sys
[00:02:0106] [Check Services] [133/433] hwpolicy
[00:02:0122] [Check Services] \SystemRoot\System32\drivers\hwpolicy.sys
[00:02:0122] [Check Services] [134/433] i8042prt
[00:02:0122] [Check Services] \SystemRoot\system32\drivers\i8042prt.sys
[00:02:0122] [Check Services] [135/433] iaStorV
[00:02:0122] [Check Services] \SystemRoot\system32\drivers\iaStorV.sys
[00:02:0122] [Check Services] [136/433] idsvc
[00:02:0137] [Check Services] "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[00:02:0137] [Check Services] [137/433] iirsp
[00:02:0137] [Check Services] \SystemRoot\system32\DRIVERS\iirsp.sys
[00:02:0137] [Check Services] [138/433] IKEEXT
[00:02:0153] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:02:0153] [Check Services] [139/433] intelide
[00:02:0169] [Check Services] \SystemRoot\system32\drivers\intelide.sys
[00:02:0169] [Check Services] [140/433] intelppm
[00:02:0169] [Check Services] system32\DRIVERS\intelppm.sys
[00:02:0169] [Check Services] [141/433] IPBusEnum
[00:02:0169] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:02:0184] [Check Services] [142/433] IpFilterDriver
[00:02:0184] [Check Services] system32\DRIVERS\ipfltdrv.sys
[00:02:0184] [Check Services] [143/433] IPMIDRV
[00:02:0184] [Check Services] \SystemRoot\system32\drivers\IPMIDrv.sys
[00:02:0184] [Check Services] [144/433] IPNAT
[00:02:0200] [Check Services] System32\drivers\ipnat.sys
[00:02:0200] [Check Services] [145/433] iPod Service
[00:02:0200] [Check Services] "C:\Program Files\iPod\bin\iPodService.exe"
[00:02:0200] [Check Services] [146/433] IRENUM
[00:02:0215] [Check Services] system32\drivers\irenum.sys
[00:02:0215] [Check Services] [147/433] isapnp
[00:02:0215] [Check Services] \SystemRoot\system32\drivers\isapnp.sys
[00:02:0215] [Check Services] [148/433] iScsiPrt
[00:02:0231] [Check Services] \SystemRoot\system32\drivers\msiscsi.sys
[00:02:0231] [Check Services] [149/433] kbdclass
[00:02:0231] [Check Services] \SystemRoot\system32\drivers\kbdclass.sys
[00:02:0231] [Check Services] [150/433] kbdhid
[00:02:0231] [Check Services] \SystemRoot\system32\drivers\kbdhid.sys
[00:02:0231] [Check Services] [151/433] KeyIso
[00:02:0247] [Check Services] C:\Windows\system32\lsass.exe
[00:02:0247] [Check Services] [152/433] KSecDD
[00:02:0247] [Check Services] \SystemRoot\System32\Drivers\ksecdd.sys
[00:02:0247] [Check Services] [153/433] KSecPkg
[00:02:0262] [Check Services] \SystemRoot\System32\Drivers\ksecpkg.sys
[00:02:0262] [Check Services] [154/433] KtmRm
[00:02:0262] [Check Services] C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
[00:02:0262] [Check Services] [155/433] LanmanServer
[00:02:0278] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:02:0278] [Check Services] [156/433] LanmanWorkstation
[00:02:0278] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:02:0278] [Check Services] [157/433] LiveUpdate
[00:02:0293] [Check Services] "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
[00:02:0293] [Check Services] [158/433] lltdio
[00:02:0293] [Check Services] system32\DRIVERS\lltdio.sys
[00:02:0293] [Check Services] [159/433] lltdsvc
[00:02:0309] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:02:0309] [Check Services] [160/433] lmhosts
[00:02:0309] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:02:0309] [Check Services] [161/433] LSI_FC
[00:02:0309] [Check Services] \SystemRoot\system32\DRIVERS\lsi_fc.sys
[00:02:0309] [Check Services] [162/433] LSI_SAS
[00:02:0325] [Check Services] \SystemRoot\system32\DRIVERS\lsi_sas.sys
[00:02:0325] [Check Services] [163/433] LSI_SAS2
[00:02:0325] [Check Services] \SystemRoot\system32\DRIVERS\lsi_sas2.sys
[00:02:0325] [Check Services] [164/433] LSI_SCSI
[00:02:0356] [Check Services] \SystemRoot\system32\DRIVERS\lsi_scsi.sys
[00:02:0356] [Check Services] [165/433] luafv
[00:02:0371] [Check Services] \SystemRoot\system32\drivers\luafv.sys
[00:02:0371] [Check Services] [166/433] Mcx2Svc
[00:02:0371] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:02:0371] [Check Services] [167/433] megasas
[00:02:0387] [Check Services] \SystemRoot\system32\DRIVERS\megasas.sys
[00:02:0387] [Check Services] [168/433] MegaSR
[00:02:0387] [Check Services] \SystemRoot\system32\DRIVERS\MegaSR.sys
[00:02:0403] [Check Services] [169/433] MMCSS
[00:02:0403] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:02:0403] [Check Services] [170/433] Modem
[00:02:0418] [Check Services] system32\drivers\modem.sys
[00:02:0418] [Check Services] [171/433] monitor
[00:02:0418] [Check Services] system32\DRIVERS\monitor.sys
[00:02:0418] [Check Services] [172/433] mouclass
[00:02:0418] [Check Services] \SystemRoot\system32\drivers\mouclass.sys
[00:02:0418] [Check Services] [173/433] mouhid
[00:02:0434] [Check Services] system32\DRIVERS\mouhid.sys
[00:02:0434] [Check Services] [174/433] mountmgr
[00:02:0434] [Check Services] \SystemRoot\System32\drivers\mountmgr.sys
[00:02:0434] [Check Services] [175/433] mpio
[00:02:0449] [Check Services] \SystemRoot\system32\drivers\mpio.sys
[00:02:0449] [Check Services] [176/433] mpsdrv
[00:02:0449] [Check Services] System32\drivers\mpsdrv.sys
[00:02:0449] [Check Services] [177/433] MRxDAV
[00:02:0449] [Check Services] \SystemRoot\system32\drivers\mrxdav.sys
[00:02:0465] [Check Services] [178/433] mrxsmb
[00:02:0465] [Check Services] system32\DRIVERS\mrxsmb.sys
[00:02:0465] [Check Services] [179/433] mrxsmb10
[00:02:0481] [Check Services] system32\DRIVERS\mrxsmb10.sys
[00:02:0481] [Check Services] [180/433] mrxsmb20
[00:02:0481] [Check Services] system32\DRIVERS\mrxsmb20.sys
[00:02:0481] [Check Services] [181/433] msahci
[00:02:0496] [Check Services] \SystemRoot\system32\drivers\msahci.sys
[00:02:0496] [Check Services] [182/433] msdsm
[00:02:0527] [Check Services] \SystemRoot\system32\drivers\msdsm.sys
[00:02:0527] [Check Services] [183/433] MSDTC
[00:02:0543] [Check Services] C:\Windows\System32\msdtc.exe
[00:02:0543] [Check Services] [184/433] Msfs
[00:02:0559] [Check Services] Path not found
[00:02:0559] [Check Services] [185/433] mshidkmdf
[00:02:0574] [Check Services] \SystemRoot\System32\drivers\mshidkmdf.sys
[00:02:0574] [Check Services] [186/433] msisadrv
[00:02:0574] [Check Services] \SystemRoot\system32\drivers\msisadrv.sys
[00:02:0574] [Check Services] [187/433] MSiSCSI
[00:02:0590] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:02:0590] [Check Services] [188/433] msiserver
[00:02:0590] [Check Services] C:\Windows\system32\msiexec.exe /V
[00:02:0590] [Check Services] [189/433] MSKSSRV
[00:02:0605] [Check Services] system32\drivers\MSKSSRV.sys
[00:02:0605] [Check Services] [190/433] MSPCLOCK
[00:02:0605] [Check Services] system32\drivers\MSPCLOCK.sys
[00:02:0605] [Check Services] [191/433] MSPQM
[00:02:0621] [Check Services] system32\drivers\MSPQM.sys
[00:02:0621] [Check Services] [192/433] MsRPC
[00:02:0621] [Check Services] Path not found
[00:02:0621] [Check Services] [193/433] mssmbios
[00:02:0621] [Check Services] \SystemRoot\system32\drivers\mssmbios.sys
[00:02:0621] [Check Services] [194/433] MSTEE
[00:02:0637] [Check Services] system32\drivers\MSTEE.sys
[00:02:0637] [Check Services] [195/433] MTConfig
[00:02:0637] [Check Services] \SystemRoot\system32\DRIVERS\MTConfig.sys
[00:02:0637] [Check Services] [196/433] Mup
[00:02:0637] [Check Services] \SystemRoot\System32\Drivers\mup.sys
[00:02:0637] [Check Services] [197/433] napagent
[00:02:0668] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:02:0668] [Check Services] [198/433] NativeWifiP
[00:02:0668] [Check Services] system32\DRIVERS\nwifi.sys
[00:02:0668] [Check Services] [199/433] NAVENG
[00:02:0683] [Check Services] \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVENG.SYS
[00:02:0683] [Check Services] [200/433] NAVEX15
[00:02:0683] [Check Services] \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVEX15.SYS
[00:02:0683] [Check Services] [201/433] NDIS
[00:02:0683] [Check Services] \SystemRoot\system32\drivers\ndis.sys
[00:02:0683] [Check Services] [202/433] NdisCap
[00:02:0699] [Check Services] system32\DRIVERS\ndiscap.sys
[00:02:0699] [Check Services] [203/433] NdisTapi
[00:02:0699] [Check Services] system32\DRIVERS\ndistapi.sys
[00:02:0699] [Check Services] [204/433] Ndisuio
[00:02:0715] [Check Services] system32\DRIVERS\ndisuio.sys
[00:02:0715] [Check Services] [205/433] NdisWan
[00:02:0715] [Check Services] system32\DRIVERS\ndiswan.sys
[00:02:0715] [Check Services] [206/433] NDProxy
[00:02:0730] [Check Services] Path not found
[00:02:0730] [Check Services] [207/433] Net Driver HPZ12
[00:02:0730] [Check Services] C:\Windows\System32\svchost.exe -k HPZ12
[00:02:0730] [Check Services] [208/433] NetBIOS
[00:02:0730] [Check Services] system32\DRIVERS\netbios.sys
[00:02:0746] [Check Services] [209/433] NetBT
[00:02:0746] [Check Services] System32\DRIVERS\netbt.sys
[00:02:0746] [Check Services] [210/433] Netlogon
[00:02:0746] [Check Services] C:\Windows\system32\lsass.exe
[00:02:0746] [Check Services] [211/433] Netman
[00:02:0761] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:02:0761] [Check Services] [212/433] netprofm
[00:02:0761] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:02:0761] [Check Services] [213/433] NetTcpPortSharing
[00:02:0777] [Check Services] "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[00:02:0777] [Check Services] [214/433] nfrd960
[00:02:0777] [Check Services] \SystemRoot\system32\DRIVERS\nfrd960.sys
[00:02:0777] [Check Services] [215/433] NlaSvc
[00:02:0793] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:02:0793] [Check Services] [216/433] Npfs
[00:02:0793] [Check Services] Path not found
[00:02:0793] [Check Services] [217/433] nsi
[00:02:0808] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:02:0808] [Check Services] [218/433] nsiproxy
[00:02:0808] [Check Services] system32\drivers\nsiproxy.sys
[00:02:0808] [Check Services] [219/433] Ntfs
[00:02:0824] [Check Services] Path not found
[00:02:0824] [Check Services] [220/433] Null
[00:02:0824] [Check Services] Path not found
[00:02:0824] [Check Services] [221/433] nvlddmkm
[00:02:0824] [Check Services] system32\DRIVERS\nvlddmkm.sys
[00:02:0824] [Check Services] [222/433] nvraid
[00:02:0839] [Check Services] \SystemRoot\system32\drivers\nvraid.sys
[00:02:0839] [Check Services] [223/433] nvstor
[00:02:0839] [Check Services] \SystemRoot\system32\drivers\nvstor.sys
[00:02:0855] [Check Services] [224/433] nv_agp
[00:02:0855] [Check Services] \SystemRoot\system32\drivers\nv_agp.sys
[00:02:0855] [Check Services] [225/433] odserv
[00:02:0855] [Check Services] "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
[00:02:0871] [Check Services] [226/433] ohci1394
[00:02:0871] [Check Services] \SystemRoot\system32\drivers\ohci1394.sys
[00:02:0871] [Check Services] [227/433] ose
[00:02:0871] [Check Services] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
[00:02:0871] [Check Services] [228/433] p2pimsvc
[00:02:0886] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:02:0886] [Check Services] [229/433] p2psvc
[00:02:0886] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:02:0886] [Check Services] [230/433] Parport
[00:02:0886] [Check Services] \SystemRoot\system32\DRIVERS\parport.sys
[00:02:0902] [Check Services] [231/433] partmgr
[00:02:0902] [Check Services] \SystemRoot\System32\drivers\partmgr.sys
[00:02:0902] [Check Services] [232/433] Parvdm
[00:02:0917] [Check Services] \SystemRoot\system32\DRIVERS\parvdm.sys
[00:02:0917] [Check Services] [233/433] PcaSvc
[00:02:0917] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:02:0917] [Check Services] [234/433] pci
[00:02:0917] [Check Services] \SystemRoot\system32\drivers\pci.sys
[00:02:0917] [Check Services] [235/433] pciide
[00:02:0933] [Check Services] \SystemRoot\system32\drivers\pciide.sys
[00:02:0933] [Check Services] [236/433] pcmcia
[00:02:0933] [Check Services] \SystemRoot\system32\DRIVERS\pcmcia.sys
[00:02:0933] [Check Services] [237/433] pcw
[00:02:0933] [Check Services] \SystemRoot\System32\drivers\pcw.sys
[00:02:0949] [Check Services] [238/433] PEAUTH
[00:02:0949] [Check Services] system32\drivers\peauth.sys
[00:02:0949] [Check Services] [239/433] PeerDistSvc
[00:02:0949] [Check Services] C:\Windows\System32\svchost.exe -k PeerDist
[00:02:0949] [Check Services] [240/433] pla
[00:02:0964] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
[00:02:0964] [Check Services] [241/433] PlugPlay
[00:02:0980] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:02:0980] [Check Services] [242/433] Pml Driver HPZ12
[00:02:0980] [Check Services] C:\Windows\System32\svchost.exe -k HPZ12
[00:02:0980] [Check Services] [243/433] PNRPAutoReg
[00:02:0980] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:02:0980] [Check Services] [244/433] PNRPsvc
[00:02:0995] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:02:0995] [Check Services] [245/433] PolicyAgent
[00:02:0995] [Check Services] C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
[00:02:0995] [Check Services] [246/433] Power
[00:03:0011] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:03:0011] [Check Services] [247/433] PptpMiniport
[00:03:0011] [Check Services] system32\DRIVERS\raspptp.sys
[00:03:0011] [Check Services] [248/433] Processor
[00:03:0027] [Check Services] \SystemRoot\system32\DRIVERS\processr.sys
[00:03:0027] [Check Services] [249/433] ProfSvc
[00:03:0027] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:03:0027] [Check Services] [250/433] ProtectedStorage
[00:03:0042] [Check Services] C:\Windows\system32\lsass.exe
[00:03:0042] [Check Services] [251/433] Psched
[00:03:0042] [Check Services] system32\DRIVERS\pacer.sys
[00:03:0042] [Check Services] [252/433] ql2300
[00:03:0058] [Check Services] \SystemRoot\system32\DRIVERS\ql2300.sys
[00:03:0058] [Check Services] [253/433] ql40xx
[00:03:0058] [Check Services] \SystemRoot\system32\DRIVERS\ql40xx.sys
[00:03:0058] [Check Services] [254/433] QWAVE
[00:03:0058] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0058] [Check Services] [255/433] QWAVEdrv
[00:03:0073] [Check Services] \SystemRoot\system32\drivers\qwavedrv.sys
[00:03:0073] [Check Services] [256/433] RasAcd
[00:03:0073] [Check Services] System32\DRIVERS\rasacd.sys
[00:03:0073] [Check Services] [257/433] RasAgileVpn
[00:03:0089] [Check Services] system32\DRIVERS\AgileVpn.sys
[00:03:0089] [Check Services] [258/433] RasAuto
[00:03:0089] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0105] [Check Services] [259/433] Rasl2tp
[00:03:0105] [Check Services] system32\DRIVERS\rasl2tp.sys
[00:03:0105] [Check Services] [260/433] RasMan
[00:03:0105] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0105] [Check Services] [261/433] RasPppoe
[00:03:0120] [Check Services] system32\DRIVERS\raspppoe.sys
[00:03:0120] [Check Services] [262/433] RasSstp
[00:03:0120] [Check Services] system32\DRIVERS\rassstp.sys
[00:03:0120] [Check Services] [263/433] rdbss
[00:03:0136] [Check Services] system32\DRIVERS\rdbss.sys
[00:03:0136] [Check Services] [264/433] rdpbus
[00:03:0136] [Check Services] system32\DRIVERS\rdpbus.sys
[00:03:0136] [Check Services] [265/433] RDPCDD
[00:03:0136] [Check Services] System32\DRIVERS\RDPCDD.sys
[00:03:0136] [Check Services] [266/433] RDPDR
[00:03:0151] [Check Services] System32\drivers\rdpdr.sys
[00:03:0151] [Check Services] [267/433] RDPENCDD
[00:03:0167] [Check Services] system32\drivers\rdpencdd.sys
[00:03:0167] [Check Services] [268/433] RDPREFMP
[00:03:0167] [Check Services] system32\drivers\rdprefmp.sys
[00:03:0167] [Check Services] [269/433] RdpVideoMiniport
[00:03:0167] [Check Services] System32\drivers\rdpvideominiport.sys
[00:03:0167] [Check Services] [270/433] RDPWD
[00:03:0183] [Check Services] Path not found
[00:03:0183] [Check Services] [271/433] rdyboost
[00:03:0183] [Check Services] \SystemRoot\System32\drivers\rdyboost.sys
[00:03:0183] [Check Services] [272/433] RemoteAccess
[00:03:0198] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0198] [Check Services] [273/433] RemoteRegistry
[00:03:0198] [Check Services] C:\Windows\system32\svchost.exe -k regsvc
[00:03:0198] [Check Services] [274/433] RFCOMM
[00:03:0198] [Check Services] system32\DRIVERS\rfcomm.sys
[00:03:0198] [Check Services] [275/433] RpcEptMapper
[00:03:0214] [Check Services] C:\Windows\system32\svchost.exe -k RPCSS
[00:03:0214] [Check Services] [276/433] RpcLocator
[00:03:0229] [Check Services] C:\Windows\system32\locator.exe
[00:03:0229] [Check Services] [277/433] rpcnetp
[00:03:0229] [Check Services] C:\Windows\System32\rpcnetp.exe
[00:03:0229] [Check Services] [278/433] RpcSs
[00:03:0245] [Check Services] C:\Windows\system32\svchost.exe -k rpcss
[00:03:0245] [Check Services] [279/433] rspndr
[00:03:0245] [Check Services] system32\DRIVERS\rspndr.sys
[00:03:0245] [Check Services] [280/433] s3cap
[00:03:0245] [Check Services] \SystemRoot\system32\drivers\vms3cap.sys
[00:03:0245] [Check Services] [281/433] SamSs
[00:03:0261] [Check Services] C:\Windows\system32\lsass.exe
[00:03:0261] [Check Services] [282/433] sbp2port
[00:03:0261] [Check Services] \SystemRoot\system32\drivers\sbp2port.sys
[00:03:0261] [Check Services] [283/433] SCardSvr
[00:03:0276] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0276] [Check Services] [284/433] scfilter
[00:03:0276] [Check Services] System32\DRIVERS\scfilter.sys
[00:03:0292] [Check Services] [285/433] Schedule
[00:03:0292] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:03:0292] [Check Services] [286/433] SCPolicySvc
[00:03:0292] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:03:0292] [Check Services] [287/433] SDRSVC
[00:03:0307] [Check Services] C:\Windows\system32\svchost.exe -k SDRSVC
[00:03:0307] [Check Services] [288/433] secdrv
[00:03:0307] [Check Services] Path not found
[00:03:0307] [Check Services] [289/433] seclogon
[00:03:0323] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:03:0323] [Check Services] [290/433] SENS
[00:03:0323] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:03:0323] [Check Services] [291/433] SensrSvc
[00:03:0339] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0339] [Check Services] [292/433] Serenum
[00:03:0339] [Check Services] system32\DRIVERS\serenum.sys
[00:03:0339] [Check Services] [293/433] Serial
[00:03:0354] [Check Services] system32\DRIVERS\serial.sys
[00:03:0354] [Check Services] [294/433] sermouse
[00:03:0354] [Check Services] \SystemRoot\system32\DRIVERS\sermouse.sys
[00:03:0354] [Check Services] [295/433] SessionEnv
[00:03:0354] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0370] [Check Services] [296/433] sffdisk
[00:03:0370] [Check Services] \SystemRoot\system32\drivers\sffdisk.sys
[00:03:0370] [Check Services] [297/433] sffp_mmc
[00:03:0370] [Check Services] \SystemRoot\system32\drivers\sffp_mmc.sys
[00:03:0370] [Check Services] [298/433] sffp_sd
[00:03:0385] [Check Services] \SystemRoot\system32\drivers\sffp_sd.sys
[00:03:0385] [Check Services] [299/433] sfloppy
[00:03:0385] [Check Services] \SystemRoot\system32\DRIVERS\sfloppy.sys
[00:03:0385] [Check Services] [300/433] SharedAccess
[00:03:0385] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0385] [Check Services] [301/433] ShellHWDetection
[00:03:0401] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0401] [Check Services] [302/433] sisagp
[00:03:0417] [Check Services] \SystemRoot\system32\drivers\sisagp.sys
[00:03:0417] [Check Services] [303/433] SiSRaid2
[00:03:0417] [Check Services] \SystemRoot\system32\DRIVERS\SiSRaid2.sys
[00:03:0417] [Check Services] [304/433] SiSRaid4
[00:03:0417] [Check Services] \SystemRoot\system32\DRIVERS\sisraid4.sys
[00:03:0417] [Check Services] [305/433] Smb
[00:03:0432] [Check Services] system32\DRIVERS\smb.sys
[00:03:0432] [Check Services] [306/433] SmcService
[00:03:0432] [Check Services] "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"
[00:03:0432] [Check Services] [307/433] SNAC
[00:03:0448] [Check Services] "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"
[00:03:0448] [Check Services] [308/433] SNMPTRAP
[00:03:0448] [Check Services] C:\Windows\System32\snmptrap.exe
[00:03:0448] [Check Services] [309/433] SPBBCDrv
[00:03:0448] [Check Services] \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
[00:03:0448] [Check Services] [310/433] spldr
[00:03:0463] [Check Services] Path not found
[00:03:0463] [Check Services] [311/433] Spooler
[00:03:0479] [Check Services] C:\Windows\System32\spoolsv.exe
[00:03:0479] [Check Services] [312/433] sppsvc
[00:03:0479] [Check Services] C:\Windows\system32\sppsvc.exe
[00:03:0479] [Check Services] [313/433] sppuinotify
[00:03:0495] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:03:0495] [Check Services] [314/433] SRTSP
[00:03:0495] [Check Services] System32\Drivers\SRTSP.SYS
[00:03:0495] [Check Services] [315/433] SRTSPL
[00:03:0495] [Check Services] System32\Drivers\SRTSPL.SYS
[00:03:0495] [Check Services] [316/433] SRTSPX
[00:03:0510] [Check Services] System32\Drivers\SRTSPX.SYS
[00:03:0510] [Check Services] [317/433] srv
[00:03:0510] [Check Services] System32\DRIVERS\srv.sys
[00:03:0510] [Check Services] [318/433] srv2
[00:03:0526] [Check Services] System32\DRIVERS\srv2.sys
[00:03:0526] [Check Services] [319/433] SrvHsfHDA
[00:03:0526] [Check Services] system32\DRIVERS\VSTAZL3.SYS
[00:03:0526] [Check Services] [320/433] SrvHsfV92
[00:03:0541] [Check Services] system32\DRIVERS\VSTDPV3.SYS
[00:03:0541] [Check Services] [321/433] SrvHsfWinac
[00:03:0557] [Check Services] system32\DRIVERS\VSTCNXT3.SYS
[00:03:0557] [Check Services] [322/433] srvnet
[00:03:0557] [Check Services] System32\DRIVERS\srvnet.sys
[00:03:0557] [Check Services] [323/433] SSDPSRV
[00:03:0573] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0573] [Check Services] [324/433] SstpSvc
[00:03:0635] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:03:0635] [Check Services] [325/433] stexstor
[00:03:0635] [Check Services] \SystemRoot\system32\DRIVERS\stexstor.sys
[00:03:0635] [Check Services] [326/433] StiSvc
[00:03:0635] [Check Services] C:\Windows\system32\svchost.exe -k imgsvc
[00:03:0651] [Check Services] [327/433] storflt
[00:03:0651] [Check Services] \SystemRoot\system32\drivers\vmstorfl.sys
[00:03:0651] [Check Services] [328/433] storvsc
[00:03:0666] [Check Services] \SystemRoot\system32\drivers\storvsc.sys
[00:03:0666] [Check Services] [329/433] swenum
[00:03:0666] [Check Services] \SystemRoot\system32\drivers\swenum.sys
[00:03:0666] [Check Services] [330/433] swprv
[00:03:0666] [Check Services] C:\Windows\System32\svchost.exe -k swprv
[00:03:0666] [Check Services] [331/433] Symantec AntiVirus
[00:03:0682] [Check Services] "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe"
[00:03:0682] [Check Services] [332/433] SymEvent
[00:03:0682] [Check Services] \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
[00:03:0682] [Check Services] [333/433] SYMREDRV
[00:03:0697] [Check Services] \SystemRoot\System32\Drivers\SYMREDRV.SYS
[00:03:0697] [Check Services] [334/433] SYMTDI
[00:03:0697] [Check Services] \SystemRoot\System32\Drivers\SYMTDI.SYS
[00:03:0697] [Check Services] [335/433] Synth3dVsc
[00:03:0697] [Check Services] System32\drivers\synth3dvsc.sys
[00:03:0697] [Check Services] [336/433] SysMain
[00:03:0713] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:03:0713] [Check Services] [337/433] TabletInputService
[00:03:0729] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:03:0729] [Check Services] [338/433] TapiSrv
[00:03:0729] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:03:0729] [Check Services] [339/433] TBS
[00:03:0744] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0744] [Check Services] [340/433] Tcpip
[00:03:0744] [Check Services] \SystemRoot\System32\drivers\tcpip.sys
[00:03:0744] [Check Services] [341/433] TCPIP6
[00:03:0744] [Check Services] system32\DRIVERS\tcpip.sys
[00:03:0744] [Check Services] [342/433] tcpipreg
[00:03:0760] [Check Services] System32\drivers\tcpipreg.sys
[00:03:0760] [Check Services] [343/433] TDPIPE
[00:03:0760] [Check Services] system32\drivers\tdpipe.sys
[00:03:0760] [Check Services] [344/433] TDTCP
[00:03:0760] [Check Services] system32\drivers\tdtcp.sys
[00:03:0760] [Check Services] [345/433] tdx
[00:03:0775] [Check Services] system32\DRIVERS\tdx.sys
[00:03:0775] [Check Services] [346/433] TermDD
[00:03:0791] [Check Services] \SystemRoot\system32\drivers\termdd.sys
[00:03:0791] [Check Services] [347/433] TermService
[00:03:0791] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:03:0791] [Check Services] [348/433] Themes
[00:03:0807] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:03:0807] [Check Services] [349/433] THREADORDER
[00:03:0807] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:03:0807] [Check Services] [350/433] TrkWks
[00:03:0807] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:03:0822] [Check Services] [351/433] TrustedInstaller
[00:03:0822] [Check Services] C:\Windows\servicing\TrustedInstaller.exe
[00:03:0822] [Check Services] [352/433] tssecsrv
[00:03:0822] [Check Services] System32\DRIVERS\tssecsrv.sys
[00:03:0822] [Check Services] [353/433] TsUsbFlt
[00:03:0838] [Check Services] system32\drivers\tsusbflt.sys
[00:03:0838] [Check Services] [354/433] tsusbhub
[00:03:0853] [Check Services] system32\drivers\tsusbhub.sys
[00:03:0853] [Check Services] [355/433] tunnel
[00:03:0853] [Check Services] system32\DRIVERS\tunnel.sys
[00:03:0853] [Check Services] [356/433] uagp35
[00:03:0853] [Check Services] \SystemRoot\system32\DRIVERS\uagp35.sys
[00:03:0853] [Check Services] [357/433] udfs
[00:03:0869] [Check Services] system32\DRIVERS\udfs.sys
[00:03:0869] [Check Services] [358/433] UI0Detect
[00:03:0885] [Check Services] C:\Windows\system32\UI0Detect.exe
[00:03:0885] [Check Services] [359/433] uliagpkx
[00:03:0885] [Check Services] \SystemRoot\system32\drivers\uliagpkx.sys
[00:03:0885] [Check Services] [360/433] umbus
[00:03:0885] [Check Services] \SystemRoot\system32\drivers\umbus.sys
[00:03:0885] [Check Services] [361/433] UmPass
[00:03:0900] [Check Services] system32\DRIVERS\umpass.sys
[00:03:0900] [Check Services] [362/433] UmRdpService
[00:03:0900] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:03:0916] [Check Services] [363/433] upnphost
[00:03:0916] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:03:0916] [Check Services] [364/433] USBAAPL
[00:03:0916] [Check Services] System32\Drivers\usbaapl.sys
[00:03:0916] [Check Services] [365/433] usbccgp
[00:03:0931] [Check Services] \SystemRoot\system32\drivers\usbccgp.sys
[00:03:0931] [Check Services] [366/433] usbcir
[00:03:0931] [Check Services] \SystemRoot\system32\drivers\usbcir.sys
[00:03:0931] [Check Services] [367/433] usbehci
[00:03:0947] [Check Services] system32\DRIVERS\usbehci.sys
[00:03:0947] [Check Services] [368/433] usbhub
[00:03:0947] [Check Services] system32\DRIVERS\usbhub.sys
[00:03:0947] [Check Services] [369/433] usbohci
[00:03:0963] [Check Services] \SystemRoot\system32\DRIVERS\usbohci.sys
[00:03:0963] [Check Services] [370/433] usbprint
[00:03:0978] [Check Services] system32\DRIVERS\usbprint.sys
[00:03:0978] [Check Services] [371/433] usbscan
[00:03:0978] [Check Services] system32\DRIVERS\usbscan.sys
[00:03:0978] [Check Services] [372/433] USBSTOR
[00:03:0978] [Check Services] system32\DRIVERS\USBSTOR.SYS
[00:03:0978] [Check Services] [373/433] usbuhci
[00:03:0994] [Check Services] system32\DRIVERS\usbuhci.sys
[00:03:0994] [Check Services] [374/433] UxSms
[00:03:0994] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:03:0994] [Check Services] [375/433] VaultSvc
[00:04:0009] [Check Services] C:\Windows\system32\lsass.exe
[00:04:0009] [Check Services] [376/433] vdrvroot
[00:04:0009] [Check Services] \SystemRoot\system32\drivers\vdrvroot.sys
[00:04:0009] [Check Services] [377/433] vds
[00:04:0009] [Check Services] C:\Windows\System32\vds.exe
[00:04:0009] [Check Services] [378/433] vga
[00:04:0025] [Check Services] system32\DRIVERS\vgapnp.sys
[00:04:0025] [Check Services] [379/433] VgaSave
[00:04:0025] [Check Services] \SystemRoot\System32\drivers\vga.sys
[00:04:0025] [Check Services] [380/433] VGPU
[00:04:0056] [Check Services] System32\drivers\rdvgkmd.sys
[00:04:0056] [Check Services] [381/433] vhdmp
[00:04:0072] [Check Services] \SystemRoot\system32\drivers\vhdmp.sys
[00:04:0072] [Check Services] [382/433] viaagp
[00:04:0087] [Check Services] \SystemRoot\system32\drivers\viaagp.sys
[00:04:0087] [Check Services] [383/433] ViaC7
[00:04:0103] [Check Services] \SystemRoot\system32\DRIVERS\viac7.sys
[00:04:0103] [Check Services] [384/433] viaide
[00:04:0103] [Check Services] \SystemRoot\system32\drivers\viaide.sys
[00:04:0103] [Check Services] [385/433] vmbus
[00:04:0119] [Check Services] \SystemRoot\system32\drivers\vmbus.sys
[00:04:0119] [Check Services] [386/433] VMBusHID
[00:04:0119] [Check Services] \SystemRoot\system32\drivers\VMBusHID.sys
[00:04:0119] [Check Services] [387/433] volmgr
[00:04:0119] [Check Services] \SystemRoot\system32\drivers\volmgr.sys
[00:04:0119] [Check Services] [388/433] volmgrx
[00:04:0134] [Check Services] \SystemRoot\System32\drivers\volmgrx.sys
[00:04:0134] [Check Services] [389/433] volsnap
[00:04:0134] [Check Services] \SystemRoot\system32\drivers\volsnap.sys
[00:04:0134] [Check Services] [390/433] vsmraid
[00:04:0150] [Check Services] \SystemRoot\system32\DRIVERS\vsmraid.sys
[00:04:0150] [Check Services] [391/433] VSS
[00:04:0150] [Check Services] C:\Windows\system32\vssvc.exe
[00:04:0150] [Check Services] [392/433] vwifibus
[00:04:0165] [Check Services] system32\DRIVERS\vwifibus.sys
[00:04:0165] [Check Services] [393/433] vwififlt
[00:04:0165] [Check Services] system32\DRIVERS\vwififlt.sys
[00:04:0165] [Check Services] [394/433] vwifimp
[00:04:0165] [Check Services] system32\DRIVERS\vwifimp.sys
[00:04:0165] [Check Services] [395/433] W32Time
[00:04:0181] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:04:0181] [Check Services] [396/433] WacomPen
[00:04:0181] [Check Services] \SystemRoot\system32\DRIVERS\wacompen.sys
[00:04:0181] [Check Services] [397/433] WANARP
[00:04:0197] [Check Services] system32\DRIVERS\wanarp.sys
[00:04:0197] [Check Services] [398/433] Wanarpv6
[00:04:0197] [Check Services] system32\DRIVERS\wanarp.sys
[00:04:0197] [Check Services] [399/433] WatAdminSvc
[00:04:0212] [Check Services] C:\Windows\system32\Wat\WatAdminSvc.exe
[00:04:0212] [Check Services] [400/433] wbengine
[00:04:0228] [Check Services] "C:\Windows\system32\wbengine.exe"
[00:04:0228] [Check Services] [401/433] WbioSrvc
[00:04:0228] [Check Services] C:\Windows\system32\svchost.exe -k WbioSvcGroup
[00:04:0228] [Check Services] [402/433] wcncsvc
[00:04:0243] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
[00:04:0243] [Check Services] [403/433] WcsPlugInService
[00:04:0243] [Check Services] C:\Windows\system32\svchost.exe -k wcssvc
[00:04:0243] [Check Services] [404/433] Wd
[00:04:0259] [Check Services] \SystemRoot\system32\DRIVERS\wd.sys
[00:04:0259] [Check Services] [405/433] Wdf01000
[00:04:0259] [Check Services] \SystemRoot\system32\drivers\Wdf01000.sys
[00:04:0275] [Check Services] [406/433] WdiServiceHost
[00:04:0275] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:04:0275] [Check Services] [407/433] WdiSystemHost
[00:04:0290] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:04:0290] [Check Services] [408/433] WebClient
[00:04:0290] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:04:0290] [Check Services] [409/433] Wecsvc
[00:04:0306] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:04:0306] [Check Services] [410/433] wercplsupport
[00:04:0306] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:04:0306] [Check Services] [411/433] WerSvc
[00:04:0321] [Check Services] C:\Windows\System32\svchost.exe -k WerSvcGroup
[00:04:0321] [Check Services] [412/433] WfpLwf
[00:04:0321] [Check Services] system32\DRIVERS\wfplwf.sys
[00:04:0321] [Check Services] [413/433] WIMMount
[00:04:0337] [Check Services] system32\drivers\wimmount.sys
[00:04:0337] [Check Services] [414/433] WinHttpAutoProxySvc
[00:04:0353] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:04:0353] [Check Services] [415/433] Winmgmt
[00:04:0353] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:04:0353] [Check Services] [416/433] WinRM
[00:04:0368] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:04:0368] [Check Services] [417/433] WinUsb
[00:04:0368] [Check Services] system32\DRIVERS\WinUsb.sys
[00:04:0368] [Check Services] [418/433] Wlansvc
[00:04:0384] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:04:0384] [Check Services] [419/433] wlidsvc
[00:04:0384] [Check Services] "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
[00:04:0384] [Check Services] [420/433] WmiAcpi
[00:04:0384] [Check Services] \SystemRoot\system32\drivers\wmiacpi.sys
[00:04:0399] [Check Services] [421/433] wmiApSrv
[00:04:0399] [Check Services] C:\Windows\system32\wbem\WmiApSrv.exe
[00:04:0399] [Check Services] [422/433] WMPNetworkSvc
[00:04:0415] [Check Services] "C:\Program Files\Windows Media Player\wmpnetwk.exe"
[00:04:0415] [Check Services] [423/433] WPCSvc
[00:04:0415] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:04:0415] [Check Services] [424/433] WPDBusEnum
[00:04:0431] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:04:0431] [Check Services] [425/433] ws2ifsl
[00:04:0431] [Check Services] \SystemRoot\system32\drivers\ws2ifsl.sys
[00:04:0431] [Check Services] [426/433] WSearch
[00:04:0446] [Check Services] C:\Windows\system32\SearchIndexer.exe /Embedding
[00:04:0446] [Check Services] [427/433] wuauserv
[00:04:0446] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:04:0446] [Check Services] [428/433] WudfPf
[00:04:0446] [Check Services] system32\drivers\WudfPf.sys
[00:04:0462] [Check Services] [429/433] WUDFRd
[00:04:0477] [Check Services] system32\DRIVERS\WUDFRd.sys
[00:04:0477] [Check Services] [430/433] wudfsvc
[00:04:0477] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:04:0477] [Check Services] [431/433] WwanSvc
[00:04:0493] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
[00:04:0493] [Check Services] [432/433] x3UpdateSvc
[00:04:0493] [Check Services] C:\Program Files\Internet Content Filter\UpdateService.exe
[00:04:0493] Loading Driver
[00:04:0493] Driver Loaded : No
[00:04:0493] Loading True SSDT
[00:04:0509] True SSDT Loaded : Yes
[00:04:0509] Getting current build number
[00:05:0741] Current build number : 7.3.2
[00:05:0741] Getting previous runs informations
[00:05:0757] ***** PreScan OK *****
[00:07:0410] ********* Scan Mode *********
[00:07:0426] Clear ListViews
[00:07:0426] Clear Objects
[00:07:0519] [GUID] HKCR\CLSID
[00:07:0582] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[00:07:0582] [RUN] Google Update
[00:07:0582] [RUN] Google Update : [GoogleUpdate.exe] C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
[00:07:0582] [RUN] SansaDispatch
[00:07:0582] [RUN] SansaDispatch : [SansaDispatch.exe] C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
[00:07:0597] [Reg][Del: No - Chk: Yes] [0x100]HKCU\Software\Microsoft\Windows\CurrentVersion\Run:SansaDispatch
[00:07:0629] [RUN] Akamai NetSession Interface
[00:07:0629] [RUN] Akamai NetSession Interface : [netsession_win.exe] C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
[00:07:0629] [RUN] Update
[00:07:0629] [RUN] Update : [rundll32.exe] rundll32.exe
[00:07:0644] [Reg][Del: No - Chk: Yes] [0x100]HKCU\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:07:0691] [RUN] Vyeryfant
[00:07:0691] [RUN] Vyeryfant : [neumy.exe] C:\Users\Tim\AppData\Roaming\Exuk\neumy.exe
[00:07:0707] [Reg][Del: No - Chk: Yes] [0x100]HKCU\Software\Microsoft\Windows\CurrentVersion\Run:Vyeryfant
[00:07:0738] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[00:07:0738] [RUN] NvSvc
[00:07:0738] [RUN] NvSvc : [RUNDLL32.EXE] RUNDLL32.EXE
[00:07:0738] [RUN] NvSvc : [nvsvc.dll] C:\Windows\system32\nvsvc.dll
[00:07:0753] [RUN] NvCplDaemon
[00:07:0753] [RUN] NvCplDaemon : [RUNDLL32.EXE] RUNDLL32.EXE
[00:07:0753] [RUN] NvCplDaemon : [NvCpl.dll] C:\Windows\system32\NvCpl.dll
[00:07:0753] [RUN] NvMediaCenter
[00:07:0753] [RUN] NvMediaCenter : [RUNDLL32.EXE] RUNDLL32.EXE
[00:07:0753] [RUN] NvMediaCenter : [NvMcTray.dll] C:\Windows\system32\NvMcTray.dll
[00:07:0769] [RUN] NVHotkey
[00:07:0769] [RUN] NVHotkey : [rundll32.exe] rundll32.exe
[00:07:0769] [RUN] Apoint
[00:07:0769] [RUN] Apoint : [Apoint.exe] C:\Program Files\DellTPad\Apoint.exe
[00:07:0769] [RUN] ccApp
[00:07:0769] [RUN] ccApp : [ccApp.exe] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[00:07:0769] [RUN] Adobe Reader Speed Launcher
[00:07:0769] [RUN] Adobe Reader Speed Launcher : [Reader_sl.exe] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[00:07:0769] [RUN] Adobe ARM
[00:07:0769] [RUN] Adobe ARM : [AdobeARM.exe] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[00:07:0785] [RUN] masqform.exe
[00:07:0785] [RUN] masqform.exe : [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe
[00:07:0785] [RUN] Adobe Acrobat Speed Launcher
[00:07:0785] [RUN] Adobe Acrobat Speed Launcher : [Acrobat_sl.exe] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
[00:07:0785] [RUN] Acrobat Assistant 8.0
[00:07:0785] [RUN] Acrobat Assistant 8.0 : [Acrotray.exe] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
[00:07:0800] [RUN] acevents
[00:07:0800] [RUN] acevents : [acevents.exe] C:\Program Files\ActivIdentity\ActivClient\acevents.exe
[00:07:0800] [RUN] accrdsub
[00:07:0800] [RUN] accrdsub : [accrdsub.exe] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
[00:07:0800] [RUN] AprvRemoveLegacyExcelKeys
[00:07:0800] [RUN] AprvRemoveLegacyExcelKeys : [AprvClean.exe] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe
[00:07:0800] [RUN] AprvRemoveLegacyExcelKeys : [OfficeAddIn.OfficeAddIn] -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
[00:07:0816] [RUN] AprvRemoveLegacyWordKeys
[00:07:0816] [RUN] AprvRemoveLegacyWordKeys : [AprvClean.exe] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe
[00:07:0816] [RUN] AprvRemoveLegacyWordKeys : [OfficeAddIn.OfficeAddIn] -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
[00:07:0816] [RUN] ApproveItForOfficeSetup
[00:07:0816] [RUN] ApproveItForOfficeSetup : [ApproveItForOfficeSetup.exe ] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
[00:07:0816] [RUN] SunJavaUpdateSched
[00:07:0816] [RUN] SunJavaUpdateSched : [jusched.exe] C:\Program Files\Common Files\Java\Java Update\jusched.exe
[00:07:0831] [RUN] QuickTime Task
[00:07:0831] [RUN] QuickTime Task : [QTTask.exe] C:\Program Files\QuickTime\QTTask.exe
[00:07:0831] [RUN] DivXUpdate
[00:07:0831] [RUN] DivXUpdate : [DivXUpdate.exe] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
[00:07:0831] [RUN] APSDaemon
[00:07:0831] [RUN] APSDaemon : [APSDaemon.exe] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
[00:07:0831] [RUN] iTunesHelper
[00:07:0847] [RUN] iTunesHelper : [iTunesHelper.exe] C:\Program Files\iTunes\iTunesHelper.exe
[00:07:0847] [RUN] TkBellExe
[00:07:0847] [RUN] TkBellExe : [realsched.exe] c:\program files\real\realplayer\Update\realsched.exe
[00:07:0847] [RUN] ICF
[00:07:0847] [RUN] ICF : [X3watchPRO.exe] C:\Program Files\Internet Content Filter\X3watchPRO.exe
[00:07:0847] [RUN] dplaysvr
[00:07:0847] [RUN] dplaysvr : [dplaysvr.exe] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
[00:07:0847] [RUN] bQBDimwbRmHtD.exe
[00:07:0894] [RUN] bQBDimwbRmHtD.exe : [bQBDimwbRmHtD.exe] C:\ProgramData\bQBDimwbRmHtD.exe
[00:07:0894] [Reg][Del: No - Chk: Yes] [0x100]HKLM\Software\Microsoft\Windows\CurrentVersion\Run:bQBDimwbRmHtD.exe
[00:07:0925] [RUN] wisad
[00:07:0925] [RUN] wisad : [rundll32.exe] rundll32.exe
[00:07:0925] [Reg][Del: No - Chk: Yes] [0x100]HKLM\Software\Microsoft\Windows\CurrentVersion\Run:wisad
[00:07:0956] [RUN] dmsbr
[00:07:0956] [RUN] dmsbr : [rundll32.exe] rundll32.exe
[00:07:0956] [Reg][Del: No - Chk: Yes] [0x100]HKLM\Software\Microsoft\Windows\CurrentVersion\Run:dmsbr
[00:08:0003] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0003] [RUN] Update
[00:08:0003] [RUN] Update : [rundll32.exe] rundll32.exe
[00:08:0003] [Reg][Del: No - Chk: Yes] [0x100]HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:08:0034] [RUN] dplaysvr
[00:08:0050] [RUN] dplaysvr : [dplaysvr.exe] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
[00:08:0050] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0050] [RUN] Sidebar
[00:08:0050] [RUN] Sidebar : [Sidebar.exe] %ProgramFiles%\Windows Sidebar\Sidebar.exe
[00:08:0050] [RUN] Update
[00:08:0050] [RUN] Update : [rundll32.exe] rundll32.exe
[00:08:0050] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:08:0112] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0112] [RUN] Sidebar
[00:08:0112] [RUN] Sidebar : [Sidebar.exe] %ProgramFiles%\Windows Sidebar\Sidebar.exe
[00:08:0128] [RUN] Update
[00:08:0128] [RUN] Update : [rundll32.exe] rundll32.exe
[00:08:0128] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:08:0175] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0175] [RUN] Google Update
[00:08:0175] [RUN] Google Update : [GoogleUpdate.exe] C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
[00:08:0190] [RUN] SansaDispatch
[00:08:0190] [RUN] SansaDispatch : [SansaDispatch.exe] C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
[00:08:0190] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\Run:SansaDispatch
[00:08:0237] [RUN] Akamai NetSession Interface
[00:08:0237] [RUN] Akamai NetSession Interface : [netsession_win.exe] C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
[00:08:0237] [RUN] Update
[00:08:0237] [RUN] Update : [rundll32.exe] rundll32.exe
[00:08:0237] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:08:0299] [RUN] Vyeryfant
[00:08:0299] [RUN] Vyeryfant : [neumy.exe] C:\Users\Tim\AppData\Roaming\Exuk\neumy.exe
[00:08:0299] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\Run:Vyeryfant
[00:08:0331] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0331] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0346] [RUN] Update
[00:08:0346] [RUN] Update : [rundll32.exe] rundll32.exe
[00:08:0346] [Reg][Del: No - Chk: Yes] [0x100]HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run:Update
[00:08:0424] [RUN] dplaysvr
[00:08:0424] [RUN] dplaysvr : [dplaysvr.exe] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
[00:08:0424] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0424] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0424] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0440] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0440] [RUN] mctadmin
[00:08:0440] [RUN] mctadmin : [mctadmin.exe] C:\Windows\System32\mctadmin.exe
[00:08:0440] [RUN]
[00:08:0440] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0440] [RUN] mctadmin
[00:08:0440] [RUN] mctadmin : [mctadmin.exe] C:\Windows\System32\mctadmin.exe
[00:08:0440] [RUN]
[00:08:0440] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0440] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0440] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:08:0455] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0455] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0471] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServices
[00:08:0471] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0471] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0471] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0471] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0471] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0471] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0487] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0487] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:08:0487] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0487] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0487] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0487] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0502] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [RUN][0x100] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
[00:08:0518] [Shell] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0518] [Shell] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0533] [Shell] Load
[00:08:0533] [Shell] Load : [Unknown]
[00:08:0533] [Shell] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0533] [Shell] Shell
[00:08:0533] [Shell] Shell : [explorer.exe] explorer.exe
[00:08:0533] [Shell] Userinit
[00:08:0533] [Shell] Userinit : [userinit.exe] C:\Windows\system32\userinit.exe
[00:08:0533] [Shell] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0549] [Shell] HKUS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:08:0549] [Shell] HKUS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0565] [Shell] HKUS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0565] [Shell] Load
[00:08:0565] [Shell] Load : [Unknown]
[00:08:0565] [Shell] HKUS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0565] [Shell] Load
[00:08:0565] [Shell] Load : [Unknown]
[00:08:0565] [Shell] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0565] [Shell] Load
[00:08:0565] [Shell] Load : [Unknown]
[00:08:0565] [Shell] HKUS\S-1-5-21-3178925919-3063591098-2084195045-1000_Classes\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0580] [Shell] HKUS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:08:0580] [Services] HKLM\SYSTEM\ControlSet001\services
[00:08:0580] [Services] .csc
[00:08:0580] [Services] .csc : \?
[00:08:0580] [Services] .NET CLR Data
[00:08:0580] [Services] .NET CLR Data :
[00:08:0580] [Services] .NET CLR Networking
[00:08:0580] [Services] .NET CLR Networking :
[00:08:0580] [Services] .NET CLR Networking 4.0.0.0
[00:08:0580] [Services] .NET CLR Networking 4.0.0.0 :
[00:08:0580] [Services] .NET Data Provider for Oracle
[00:08:0596] [Services] .NET Data Provider for Oracle :
[00:08:0596] [Services] .NET Data Provider for SqlServer
[00:08:0596] [Services] .NET Data Provider for SqlServer :
[00:08:0596] [Services] .NETFramework
[00:08:0596] [Services] .NETFramework :
[00:08:0596] [Services] 1394ohci
[00:08:0596] [Services] 1394ohci : \SystemRoot\system32\drivers\1394ohci.sys
[00:08:0596] [Services] 1394ohci : [1394ohci.sys] \SystemRoot\system32\drivers\1394ohci.sys
[00:08:0596] [Services] ac.sharedstore
[00:08:0596] [Services] ac.sharedstore : C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
[00:08:0596] [Services] ac.sharedstore : [ac.sharedstore.exe] C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
[00:08:0596] [Services] ACPI
[00:08:0611] [Services] ACPI : system32\drivers\ACPI.sys
[00:08:0611] [Services] ACPI : [ACPI.sys] system32\drivers\ACPI.sys
[00:08:0611] [Services] AcpiPmi
[00:08:0611] [Services] AcpiPmi : \SystemRoot\system32\drivers\acpipmi.sys
[00:08:0611] [Services] AcpiPmi : [acpipmi.sys] \SystemRoot\system32\drivers\acpipmi.sys
[00:08:0611] [Services] adp94xx
[00:08:0611] [Services] adp94xx : \SystemRoot\system32\DRIVERS\adp94xx.sys
[00:08:0611] [Services] adp94xx : [adp94xx.sys] \SystemRoot\system32\DRIVERS\adp94xx.sys
[00:08:0611] [Services] adpahci
[00:08:0611] [Services] adpahci : \SystemRoot\system32\DRIVERS\adpahci.sys
[00:08:0611] [Services] adpahci : [adpahci.sys] \SystemRoot\system32\DRIVERS\adpahci.sys
[00:08:0627] [Services] adpu320
[00:08:0627] [Services] adpu320 : \SystemRoot\system32\DRIVERS\adpu320.sys
[00:08:0627] [Services] adpu320 : [adpu320.sys] \SystemRoot\system32\DRIVERS\adpu320.sys
[00:08:0627] [Services] adsi
[00:08:0627] [Services] adsi :
[00:08:0627] [Services] AeLookupSvc
[00:08:0627] [Services] AeLookupSvc : %systemroot%\system32\svchost.exe -k netsvcs
[00:08:0627] [Services] AeLookupSvc : [svchost.exe] %systemroot%\system32\svchost.exe
[00:08:0627] [Services] AFD
[00:08:0627] [Services] AFD : \SystemRoot\system32\drivers\afd.sys
[00:08:0627] [Services] AFD : [afd.sys] \SystemRoot\system32\drivers\afd.sys
[00:08:0643] [Services] agp440
[00:08:0643] [Services] agp440 : \SystemRoot\system32\drivers\agp440.sys
[00:08:0643] [Services] agp440 : [agp440.sys] \SystemRoot\system32\drivers\agp440.sys
[00:08:0643] [Services] aic78xx
[00:08:0643] [Services] aic78xx : \SystemRoot\system32\DRIVERS\djsvs.sys
[00:08:0643] [Services] aic78xx : [djsvs.sys] \SystemRoot\system32\DRIVERS\djsvs.sys
[00:08:0643] [Services] Akamai
[00:08:0643] [Services] Akamai : %SystemRoot%\System32\svchost.exe -k Akamai
[00:08:0643] [Services] Akamai : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0643] [Services] ALG
[00:08:0658] [Services] ALG : %SystemRoot%\System32\alg.exe
[00:08:0658] [Services] ALG : [alg.exe] %SystemRoot%\System32\alg.exe
[00:08:0658] [Services] aliide
[00:08:0658] [Services] aliide : \SystemRoot\system32\drivers\aliide.sys
[00:08:0658] [Services] aliide : [aliide.sys] \SystemRoot\system32\drivers\aliide.sys
[00:08:0658] [Services] amdagp
[00:08:0658] [Services] amdagp : \SystemRoot\system32\drivers\amdagp.sys
[00:08:0658] [Services] amdagp : [amdagp.sys] \SystemRoot\system32\drivers\amdagp.sys
[00:08:0658] [Services] amdide
[00:08:0658] [Services] amdide : \SystemRoot\system32\drivers\amdide.sys
[00:08:0658] [Services] amdide : [amdide.sys] \SystemRoot\system32\drivers\amdide.sys
[00:08:0658] [Services] AmdK8
[00:08:0674] [Services] AmdK8 : \SystemRoot\system32\DRIVERS\amdk8.sys
[00:08:0674] [Services] AmdK8 : [amdk8.sys] \SystemRoot\system32\DRIVERS\amdk8.sys
[00:08:0674] [Services] AmdPPM
[00:08:0674] [Services] AmdPPM : \SystemRoot\system32\DRIVERS\amdppm.sys
[00:08:0674] [Services] AmdPPM : [amdppm.sys] \SystemRoot\system32\DRIVERS\amdppm.sys
[00:08:0674] [Services] amdsata
[00:08:0674] [Services] amdsata : \SystemRoot\system32\drivers\amdsata.sys
[00:08:0674] [Services] amdsata : [amdsata.sys] \SystemRoot\system32\drivers\amdsata.sys
[00:08:0674] [Services] amdsbs
[00:08:0674] [Services] amdsbs : \SystemRoot\system32\DRIVERS\amdsbs.sys
[00:08:0674] [Services] amdsbs : [amdsbs.sys] \SystemRoot\system32\DRIVERS\amdsbs.sys
[00:08:0689] [Services] amdxata
[00:08:0689] [Services] amdxata : system32\drivers\amdxata.sys
[00:08:0689] [Services] amdxata : [amdxata.sys] system32\drivers\amdxata.sys
[00:08:0689] [Services] ApfiltrService
[00:08:0689] [Services] ApfiltrService : system32\DRIVERS\Apfiltr.sys
[00:08:0689] [Services] ApfiltrService : [Apfiltr.sys] system32\DRIVERS\Apfiltr.sys
[00:08:0689] [Services] AppID
[00:08:0689] [Services] AppID : \SystemRoot\system32\drivers\appid.sys
[00:08:0689] [Services] AppID : [appid.sys] \SystemRoot\system32\drivers\appid.sys
[00:08:0689] [Services] AppIDSvc
[00:08:0705] [Services] AppIDSvc : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:08:0705] [Services] AppIDSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0705] [Services] Appinfo
[00:08:0705] [Services] Appinfo : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:08:0705] [Services] Appinfo : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0705] [Services] Apple Mobile Device
[00:08:0705] [Services] Apple Mobile Device : "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
[00:08:0705] [Services] Apple Mobile Device : [AppleMobileDeviceService.exe] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00:08:0705] [Services] AppMgmt
[00:08:0705] [Services] AppMgmt : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:08:0705] [Services] AppMgmt : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0721] [Services] arc
[00:08:0721] [Services] arc : \SystemRoot\system32\DRIVERS\arc.sys
[00:08:0721] [Services] arc : [arc.sys] \SystemRoot\system32\DRIVERS\arc.sys
[00:08:0721] [Services] arcsas
[00:08:0721] [Services] arcsas : \SystemRoot\system32\DRIVERS\arcsas.sys
[00:08:0721] [Services] arcsas : [arcsas.sys] \SystemRoot\system32\DRIVERS\arcsas.sys
[00:08:0721] [Services] AsyncMac
[00:08:0721] [Services] AsyncMac : system32\DRIVERS\asyncmac.sys
[00:08:0721] [Services] AsyncMac : [asyncmac.sys] system32\DRIVERS\asyncmac.sys
[00:08:0721] [Services] atapi
[00:08:0721] [Services] atapi : system32\drivers\atapi.sys
[00:08:0736] [Services] atapi : [atapi.sys] system32\drivers\atapi.sys
[00:08:0736] [Services] AudioEndpointBuilder
[00:08:0736] [Services] AudioEndpointBuilder : %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:08:0736] [Services] AudioEndpointBuilder : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0736] [Services] Audiosrv
[00:08:0736] [Services] Audiosrv : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:08:0736] [Services] Audiosrv : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0736] [Services] AxInstSV
[00:08:0736] [Services] AxInstSV : %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
[00:08:0736] [Services] AxInstSV : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0736] [Services] b06bdrv
[00:08:0752] [Services] b06bdrv : \SystemRoot\system32\DRIVERS\bxvbdx.sys
[00:08:0752] [Services] b06bdrv : [bxvbdx.sys] \SystemRoot\system32\DRIVERS\bxvbdx.sys
[00:08:0752] [Services] b57nd60x
[00:08:0752] [Services] b57nd60x : system32\DRIVERS\b57nd60x.sys
[00:08:0752] [Services] b57nd60x : [b57nd60x.sys] system32\DRIVERS\b57nd60x.sys
[00:08:0752] [Services] BattC
[00:08:0752] [Services] BattC :
[00:08:0752] [Services] BCM43XX
[00:08:0752] [Services] BCM43XX : system32\DRIVERS\bcmwl6.sys
[00:08:0752] [Services] BCM43XX : [bcmwl6.sys] system32\DRIVERS\bcmwl6.sys
[00:08:0767] [Services] BDESVC
[00:08:0767] [Services] BDESVC : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:08:0767] [Services] BDESVC : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0767] [Services] Beep
[00:08:0767] [Services] Beep :
[00:08:0767] [Services] BITS
[00:08:0767] [Services] BITS : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:08:0767] [Services] BITS : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0767] [Services] blbdrive
[00:08:0767] [Services] blbdrive : system32\DRIVERS\blbdrive.sys
[00:08:0767] [Services] blbdrive : [blbdrive.sys] system32\DRIVERS\blbdrive.sys
[00:08:0783] [Services] Bonjour Service
[00:08:0783] [Services] Bonjour Service : "C:\Program Files\Bonjour\mDNSResponder.exe"
[00:08:0783] [Services] Bonjour Service : [mDNSResponder.exe] C:\Program Files\Bonjour\mDNSResponder.exe
[00:08:0783] [Services] bowser
[00:08:0783] [Services] bowser : system32\DRIVERS\bowser.sys
[00:08:0783] [Services] bowser : [bowser.sys] system32\DRIVERS\bowser.sys
[00:08:0783] [Services] BrFiltLo
[00:08:0783] [Services] BrFiltLo : \SystemRoot\system32\DRIVERS\BrFiltLo.sys
[00:08:0783] [Services] BrFiltLo : [BrFiltLo.sys] \SystemRoot\system32\DRIVERS\BrFiltLo.sys
[00:08:0783] [Services] BrFiltUp
[00:08:0783] [Services] BrFiltUp : \SystemRoot\system32\DRIVERS\BrFiltUp.sys
[00:08:0799] [Services] BrFiltUp : [BrFiltUp.sys] \SystemRoot\system32\DRIVERS\BrFiltUp.sys
[00:08:0799] [Services] Browser
[00:08:0799] [Services] Browser : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:08:0799] [Services] Browser : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0799] [Services] Brserid
[00:08:0799] [Services] Brserid : \SystemRoot\System32\Drivers\Brserid.sys
[00:08:0799] [Services] Brserid : [Brserid.sys] \SystemRoot\System32\Drivers\Brserid.sys
[00:08:0799] [Services] BrSerWdm
[00:08:0799] [Services] BrSerWdm : \SystemRoot\System32\Drivers\BrSerWdm.sys
[00:08:0799] [Services] BrSerWdm : [BrSerWdm.sys] \SystemRoot\System32\Drivers\BrSerWdm.sys
[00:08:0799] [Services] BrUsbMdm
[00:08:0814] [Services] BrUsbMdm : \SystemRoot\System32\Drivers\BrUsbMdm.sys
[00:08:0814] [Services] BrUsbMdm : [BrUsbMdm.sys] \SystemRoot\System32\Drivers\BrUsbMdm.sys
[00:08:0814] [Services] BrUsbSer
[00:08:0814] [Services] BrUsbSer : \SystemRoot\System32\Drivers\BrUsbSer.sys
[00:08:0814] [Services] BrUsbSer : [BrUsbSer.sys] \SystemRoot\System32\Drivers\BrUsbSer.sys
[00:08:0814] [Services] BthEnum
[00:08:0814] [Services] BthEnum : \SystemRoot\system32\drivers\BthEnum.sys
[00:08:0814] [Services] BthEnum : [BthEnum.sys] \SystemRoot\system32\drivers\BthEnum.sys
[00:08:0814] [Services] BTHMODEM
[00:08:0814] [Services] BTHMODEM : \SystemRoot\system32\DRIVERS\bthmodem.sys
[00:08:0814] [Services] BTHMODEM : [bthmodem.sys] \SystemRoot\system32\DRIVERS\bthmodem.sys
[00:08:0830] [Services] BthPan
[00:08:0830] [Services] BthPan : system32\DRIVERS\bthpan.sys
[00:08:0830] [Services] BthPan : [bthpan.sys] system32\DRIVERS\bthpan.sys
[00:08:0830] [Services] BTHPORT
[00:08:0830] [Services] BTHPORT : \SystemRoot\System32\Drivers\BTHport.sys
[00:08:0830] [Services] BTHPORT : [BTHport.sys] \SystemRoot\System32\Drivers\BTHport.sys
[00:08:0830] [Services] bthserv
[00:08:0830] [Services] bthserv : %SystemRoot%\system32\svchost.exe -k bthsvcs
[00:08:0830] [Services] bthserv : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0830] [Services] BTHUSB
[00:08:0830] [Services] BTHUSB : \SystemRoot\System32\Drivers\BTHUSB.sys
[00:08:0845] [Services] BTHUSB : [BTHUSB.sys] \SystemRoot\System32\Drivers\BTHUSB.sys
[00:08:0845] [Services] ccEvtMgr
[00:08:0845] [Services] ccEvtMgr : "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
[00:08:0845] [Services] ccEvtMgr : [ccSvcHst.exe] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[00:08:0845] [Services] ccSetMgr
[00:08:0845] [Services] ccSetMgr : "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
[00:08:0845] [Services] ccSetMgr : [ccSvcHst.exe] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[00:08:0845] [Services] cdfs
[00:08:0845] [Services] cdfs : system32\DRIVERS\cdfs.sys
[00:08:0845] [Services] cdfs : [cdfs.sys] system32\DRIVERS\cdfs.sys
[00:08:0861] [Services] cdrom
[00:08:0861] [Services] cdrom : \SystemRoot\system32\drivers\cdrom.sys
[00:08:0861] [Services] cdrom : [cdrom.sys] \SystemRoot\system32\drivers\cdrom.sys
[00:08:0861] [Services] CertPropSvc
[00:08:0861] [Services] CertPropSvc : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:08:0861] [Services] CertPropSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0861] [Services] circlass
[00:08:0861] [Services] circlass : \SystemRoot\system32\DRIVERS\circlass.sys
[00:08:0861] [Services] circlass : [circlass.sys] \SystemRoot\system32\DRIVERS\circlass.sys
[00:08:0861] [Services] CLFS
[00:08:0861] [Services] CLFS : System32\CLFS.sys
[00:08:0861] [Services] CLFS : [CLFS.sys] System32\CLFS.sys
[00:08:0877] [Services] clr_optimization_v2.0.50727_32
[00:08:0877] [Services] clr_optimization_v2.0.50727_32 : %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:08:0877] [Services] clr_optimization_v2.0.50727_32 : [mscorsvw.exe] %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:08:0877] [Services] clr_optimization_v4.0.30319_32
[00:08:0877] [Services] clr_optimization_v4.0.30319_32 : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00:08:0877] [Services] clr_optimization_v4.0.30319_32 : [mscorsvw.exe] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00:08:0877] [Services] CmBatt
[00:08:0877] [Services] CmBatt : system32\DRIVERS\CmBatt.sys
[00:08:0877] [Services] CmBatt : [CmBatt.sys] system32\DRIVERS\CmBatt.sys
[00:08:0892] [Services] cmdide
[00:08:0892] [Services] cmdide : \SystemRoot\system32\drivers\cmdide.sys
[00:08:0892] [Services] cmdide : [cmdide.sys] \SystemRoot\system32\drivers\cmdide.sys
[00:08:0892] [Services] CNG
[00:08:0892] [Services] CNG : System32\Drivers\cng.sys
[00:08:0892] [Services] CNG : [cng.sys] System32\Drivers\cng.sys
[00:08:0892] [Services] Compbatt
[00:08:0892] [Services] Compbatt : system32\DRIVERS\compbatt.sys
[00:08:0892] [Services] Compbatt : [compbatt.sys] system32\DRIVERS\compbatt.sys
[00:08:0908] [Services] CompositeBus
[00:08:0908] [Services] CompositeBus : \SystemRoot\system32\drivers\CompositeBus.sys
[00:08:0908] [Services] CompositeBus : [CompositeBus.sys] \SystemRoot\system32\drivers\CompositeBus.sys
[00:08:0908] [Services] COMSysApp
[00:08:0908] [Services] COMSysApp : %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[00:08:0908] [Services] COMSysApp : [dllhost.exe] %SystemRoot%\system32\dllhost.exe
[00:08:0908] [Services] crcdisk
[00:08:0908] [Services] crcdisk : \SystemRoot\system32\DRIVERS\crcdisk.sys
[00:08:0908] [Services] crcdisk : [crcdisk.sys] \SystemRoot\system32\DRIVERS\crcdisk.sys
[00:08:0908] [Services] crypt32
[00:08:0908] [Services] crypt32 :
[00:08:0923] [Services] CryptSvc
[00:08:0923] [Services] CryptSvc : %SystemRoot%\system32\svchost.exe -k NetworkService
[00:08:0923] [Services] CryptSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0923] [Services] CSC
[00:08:0923] [Services] CSC : system32\drivers\csc.sys
[00:08:0923] [Services] CSC : [csc.sys] system32\drivers\csc.sys
[00:08:0923] [Services] CscService
[00:08:0923] [Services] CscService : %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:08:0923] [Services] CscService : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0923] [Services] DCLocator
[00:08:0939] [Services] DCLocator :
[00:08:0939] [Services] DcomLaunch
[00:08:0939] [Services] DcomLaunch : %SystemRoot%\system32\svchost.exe -k DcomLaunch
[00:08:0939] [Services] DcomLaunch : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0939] [Services] defragsvc
[00:08:0939] [Services] defragsvc : %SystemRoot%\system32\svchost.exe -k defragsvc
[00:08:0939] [Services] defragsvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0939] [Services] DfsC
[00:08:0939] [Services] DfsC : System32\Drivers\dfsc.sys
[00:08:0939] [Services] DfsC : [dfsc.sys] System32\Drivers\dfsc.sys
[00:08:0939] [Services] DFSR
[00:08:0939] [Services] DFSR :
[00:08:0939] [Services] Dhcp
[00:08:0955] [Services] Dhcp : %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:08:0955] [Services] Dhcp : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0955] [Services] discache
[00:08:0955] [Services] discache : System32\drivers\discache.sys
[00:08:0955] [Services] discache : [discache.sys] System32\drivers\discache.sys
[00:08:0955] [Services] Disk
[00:08:0955] [Services] Disk : system32\DRIVERS\disk.sys
[00:08:0955] [Services] Disk : [disk.sys] system32\DRIVERS\disk.sys
[00:08:0955] [Services] Dnscache
[00:08:0955] [Services] Dnscache : %SystemRoot%\system32\svchost.exe -k NetworkService
[00:08:0970] [Services] Dnscache : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0970] [Services] dot3svc
[00:08:0970] [Services] dot3svc : %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:08:0970] [Services] dot3svc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:08:0970] [Services] Dot4
[00:08:0970] [Services] Dot4 : system32\DRIVERS\Dot4.sys
[00:08:0970] [Services] Dot4 : [Dot4.sys] system32\DRIVERS\Dot4.sys
[00:08:0970] [Services] Dot4Print
[00:08:0970] [Services] Dot4Print : \SystemRoot\system32\drivers\Dot4Prt.sys
[00:08:0970] [Services] Dot4Print : [Dot4Prt.sys] \SystemRoot\system32\drivers\Dot4Prt.sys
[00:08:0970] [Services] dot4usb
[00:08:0986] [Services] dot4usb : system32\DRIVERS\dot4usb.sys
[00:08:0986] [Services] dot4usb : [dot4usb.sys] system32\DRIVERS\dot4usb.sys
[00:08:0986] [Services] DPS
[00:08:0986] [Services] DPS : %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
[00:08:0986] [Services] DPS : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:08:0986] [Services] drmkaud
[00:08:0986] [Services] drmkaud : system32\drivers\drmkaud.sys
[00:08:0986] [Services] drmkaud : [drmkaud.sys] system32\drivers\drmkaud.sys
[00:08:0986] [Services] DXGKrnl
[00:09:0001] [Services] DXGKrnl : \SystemRoot\System32\drivers\dxgkrnl.sys
[00:09:0001] [Services] DXGKrnl : [dxgkrnl.sys] \SystemRoot\System32\drivers\dxgkrnl.sys
[00:09:0001] [Services] EapHost
[00:09:0001] [Services] EapHost : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0001] [Services] EapHost : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0001] [Services] ebdrv
[00:09:0001] [Services] ebdrv : \SystemRoot\system32\DRIVERS\evbdx.sys
[00:09:0001] [Services] ebdrv : [evbdx.sys] \SystemRoot\system32\DRIVERS\evbdx.sys
[00:09:0001] [Services] eeCtrl
[00:09:0001] [Services] eeCtrl : \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
[00:09:0001] [Services] eeCtrl : [eeCtrl.sys] \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
[00:09:0017] [Services] EFS
[00:09:0017] [Services] EFS : %SystemRoot%\System32\lsass.exe
[00:09:0017] [Services] EFS : [lsass.exe] %SystemRoot%\System32\lsass.exe
[00:09:0017] [Services] ehRecvr
[00:09:0017] [Services] ehRecvr : %systemroot%\ehome\ehRecvr.exe
[00:09:0017] [Services] ehRecvr : [ehRecvr.exe] %systemroot%\ehome\ehRecvr.exe
[00:09:0017] [Services] ehSched
[00:09:0017] [Services] ehSched : %systemroot%\ehome\ehsched.exe
[00:09:0017] [Services] ehSched : [ehsched.exe] %systemroot%\ehome\ehsched.exe
[00:09:0017] [Services] elxstor
[00:09:0033] [Services] elxstor : \SystemRoot\system32\DRIVERS\elxstor.sys
[00:09:0033] [Services] elxstor : [elxstor.sys] \SystemRoot\system32\DRIVERS\elxstor.sys
[00:09:0033] [Services] EraserUtilRebootDrv
[00:09:0033] [Services] EraserUtilRebootDrv : \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
[00:09:0033] [Services] EraserUtilRebootDrv : [EraserUtilRebootDrv.sys] \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
[00:09:0033] [Services] ErrDev
[00:09:0033] [Services] ErrDev : \SystemRoot\system32\drivers\errdev.sys
[00:09:0033] [Services] ErrDev : [errdev.sys] \SystemRoot\system32\drivers\errdev.sys
[00:09:0033] [Services] ESENT
[00:09:0033] [Services] ESENT :
[00:09:0033] [Services] eventlog
[00:09:0048] [Services] eventlog : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:09:0048] [Services] eventlog : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0048] [Services] EventSystem
[00:09:0048] [Services] EventSystem : %SystemRoot%\system32\svchost.exe -k LocalService
[00:09:0048] [Services] EventSystem : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0048] [Services] exfat
[00:09:0048] [Services] exfat :
[00:09:0048] [Services] fastfat
[00:09:0048] [Services] fastfat :
[00:09:0048] [Services] Fax
[00:09:0048] [Services] Fax : %systemroot%\system32\fxssvc.exe
[00:09:0048] [Services] Fax : [fxssvc.exe] %systemroot%\system32\fxssvc.exe
[00:09:0064] [Services] fdc
[00:09:0064] [Services] fdc : \SystemRoot\system32\DRIVERS\fdc.sys
[00:09:0064] [Services] fdc : [fdc.sys] \SystemRoot\system32\DRIVERS\fdc.sys
[00:09:0064] [Services] fdPHost
[00:09:0064] [Services] fdPHost : %SystemRoot%\system32\svchost.exe -k LocalService
[00:09:0064] [Services] fdPHost : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0064] [Services] FDResPub
[00:09:0064] [Services] FDResPub : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0064] [Services] FDResPub : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0064] [Services] FileInfo
[00:09:0064] [Services] FileInfo : system32\drivers\fileinfo.sys
[00:09:0064] [Services] FileInfo : [fileinfo.sys] system32\drivers\fileinfo.sys
[00:09:0079] [Services] Filetrace
[00:09:0079] [Services] Filetrace : system32\drivers\filetrace.sys
[00:09:0079] [Services] Filetrace : [filetrace.sys] system32\drivers\filetrace.sys
[00:09:0079] [Services] FLEXnet Licensing Service
[00:09:0079] [Services] FLEXnet Licensing Service : "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
[00:09:0079] [Services] FLEXnet Licensing Service : [FNPLicensingService.exe] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[00:09:0079] [Services] flpydisk
[00:09:0079] [Services] flpydisk : \SystemRoot\system32\DRIVERS\flpydisk.sys
[00:09:0079] [Services] flpydisk : [flpydisk.sys] \SystemRoot\system32\DRIVERS\flpydisk.sys
[00:09:0079] [Services] FltMgr
[00:09:0095] [Services] FltMgr : system32\drivers\fltmgr.sys
[00:09:0095] [Services] FltMgr : [fltmgr.sys] system32\drivers\fltmgr.sys
[00:09:0095] [Services] FontCache
[00:09:0095] [Services] FontCache : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0095] [Services] FontCache : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0095] [Services] FontCache3.0.0.0
[00:09:0095] [Services] FontCache3.0.0.0 : %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[00:09:0095] [Services] FontCache3.0.0.0 : [PresentationFontCache.exe] %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[00:09:0095] [Services] FsDepends
[00:09:0095] [Services] FsDepends : System32\drivers\FsDepends.sys
[00:09:0111] [Services] FsDepends : [FsDepends.sys] System32\drivers\FsDepends.sys
[00:09:0111] [Services] Fs_Rec
[00:09:0111] [Services] Fs_Rec :
[00:09:0111] [Services] fvevol
[00:09:0111] [Services] fvevol : System32\DRIVERS\fvevol.sys
[00:09:0111] [Services] fvevol : [fvevol.sys] System32\DRIVERS\fvevol.sys
[00:09:0111] [Services] gagp30kx
[00:09:0111] [Services] gagp30kx : \SystemRoot\system32\DRIVERS\gagp30kx.sys
[00:09:0111] [Services] gagp30kx : [gagp30kx.sys] \SystemRoot\system32\DRIVERS\gagp30kx.sys
[00:09:0111] [Services] GEARAspiWDM
[00:09:0111] [Services] GEARAspiWDM : system32\DRIVERS\GEARAspiWDM.sys
[00:09:0126] [Services] GEARAspiWDM : [GEARAspiWDM.sys] system32\DRIVERS\GEARAspiWDM.sys
[00:09:0126] [Services] gpsvc
[00:09:0126] [Services] gpsvc : %systemroot%\system32\svchost.exe -k netsvcs
[00:09:0126] [Services] gpsvc : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0126] [Services] guardian2
[00:09:0126] [Services] guardian2 : System32\Drivers\oz776.sys
[00:09:0126] [Services] guardian2 : [oz776.sys] System32\Drivers\oz776.sys
[00:09:0126] [Services] hcw85cir
[00:09:0126] [Services] hcw85cir : \SystemRoot\system32\drivers\hcw85cir.sys
[00:09:0126] [Services] hcw85cir : [hcw85cir.sys] \SystemRoot\system32\drivers\hcw85cir.sys
[00:09:0142] [Services] HdAudAddService
[00:09:0142] [Services] HdAudAddService : \SystemRoot\system32\drivers\HdAudio.sys
[00:09:0142] [Services] HdAudAddService : [HdAudio.sys] \SystemRoot\system32\drivers\HdAudio.sys
[00:09:0142] [Services] HDAudBus
[00:09:0142] [Services] HDAudBus : \SystemRoot\system32\drivers\HDAudBus.sys
[00:09:0142] [Services] HDAudBus : [HDAudBus.sys] \SystemRoot\system32\drivers\HDAudBus.sys
[00:09:0142] [Services] HidBatt
[00:09:0142] [Services] HidBatt : \SystemRoot\system32\DRIVERS\HidBatt.sys
[00:09:0142] [Services] HidBatt : [HidBatt.sys] \SystemRoot\system32\DRIVERS\HidBatt.sys
[00:09:0142] [Services] HidBth
[00:09:0142] [Services] HidBth : \SystemRoot\system32\DRIVERS\hidbth.sys
[00:09:0142] [Services] HidBth : [hidbth.sys] \SystemRoot\system32\DRIVERS\hidbth.sys
[00:09:0157] [Services] HidIr
[00:09:0157] [Services] HidIr : \SystemRoot\system32\DRIVERS\hidir.sys
[00:09:0157] [Services] HidIr : [hidir.sys] \SystemRoot\system32\DRIVERS\hidir.sys
[00:09:0157] [Services] hidserv
[00:09:0157] [Services] hidserv : %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:09:0157] [Services] hidserv : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0157] [Services] HidUsb
[00:09:0157] [Services] HidUsb : \SystemRoot\system32\drivers\hidusb.sys
[00:09:0157] [Services] HidUsb : [hidusb.sys] \SystemRoot\system32\drivers\hidusb.sys
[00:09:0157] [Services] hkmsvc
[00:09:0157] [Services] hkmsvc : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0173] [Services] hkmsvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0173] [Services] HomeGroupListener
[00:09:0173] [Services] HomeGroupListener : %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:09:0173] [Services] HomeGroupListener : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0173] [Services] HomeGroupProvider
[00:09:0173] [Services] HomeGroupProvider : %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:09:0173] [Services] HomeGroupProvider : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0173] [Services] HpSAMD
[00:09:0173] [Services] HpSAMD : \SystemRoot\system32\drivers\HpSAMD.sys
[00:09:0173] [Services] HpSAMD : [HpSAMD.sys] \SystemRoot\system32\drivers\HpSAMD.sys
[00:09:0173] [Services] HPSLPSVC
[00:09:0189] [Services] HPSLPSVC : %SystemRoot%\system32\svchost.exe -k HPService
[00:09:0189] [Services] HPSLPSVC : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0189] [Services] HTTP
[00:09:0189] [Services] HTTP : system32\drivers\HTTP.sys
[00:09:0189] [Services] HTTP : [HTTP.sys] system32\drivers\HTTP.sys
[00:09:0189] [Services] hwpolicy
[00:09:0189] [Services] hwpolicy : System32\drivers\hwpolicy.sys
[00:09:0189] [Services] hwpolicy : [hwpolicy.sys] System32\drivers\hwpolicy.sys
[00:09:0189] [Services] i8042prt
[00:09:0189] [Services] i8042prt : \SystemRoot\system32\drivers\i8042prt.sys
[00:09:0204] [Services] i8042prt : [i8042prt.sys] \SystemRoot\system32\drivers\i8042prt.sys
[00:09:0204] [Services] iaStorV
[00:09:0204] [Services] iaStorV : \SystemRoot\system32\drivers\iaStorV.sys
[00:09:0204] [Services] iaStorV : [iaStorV.sys] \SystemRoot\system32\drivers\iaStorV.sys
[00:09:0204] [Services] idsvc
[00:09:0204] [Services] idsvc : "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[00:09:0204] [Services] idsvc : [infocard.exe] %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
[00:09:0204] [Services] iirsp
[00:09:0220] [Services] iirsp : \SystemRoot\system32\DRIVERS\iirsp.sys
[00:09:0220] [Services] iirsp : [iirsp.sys] \SystemRoot\system32\DRIVERS\iirsp.sys
[00:09:0220] [Services] IKEEXT
[00:09:0220] [Services] IKEEXT : %systemroot%\system32\svchost.exe -k netsvcs
[00:09:0220] [Services] IKEEXT : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0220] [Services] inetaccs
[00:09:0220] [Services] inetaccs :
[00:09:0220] [Services] intelide
[00:09:0220] [Services] intelide : system32\drivers\intelide.sys
[00:09:0220] [Services] intelide : [intelide.sys] system32\drivers\intelide.sys
[00:09:0235] [Services] intelppm
[00:09:0235] [Services] intelppm : system32\DRIVERS\intelppm.sys
[00:09:0235] [Services] intelppm : [intelppm.sys] system32\DRIVERS\intelppm.sys
[00:09:0235] [Services] IPBusEnum
[00:09:0235] [Services] IPBusEnum : %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:09:0235] [Services] IPBusEnum : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0235] [Services] IpFilterDriver
[00:09:0235] [Services] IpFilterDriver : system32\DRIVERS\ipfltdrv.sys
[00:09:0235] [Services] IpFilterDriver : [ipfltdrv.sys] system32\DRIVERS\ipfltdrv.sys
[00:09:0235] [Services] IPMIDRV
[00:09:0235] [Services] IPMIDRV : \SystemRoot\system32\drivers\IPMIDrv.sys
[00:09:0235] [Services] IPMIDRV : [IPMIDrv.sys] \SystemRoot\system32\drivers\IPMIDrv.sys
[00:09:0251] [Services] IPNAT
[00:09:0251] [Services] IPNAT : System32\drivers\ipnat.sys
[00:09:0251] [Services] IPNAT : [ipnat.sys] System32\drivers\ipnat.sys
[00:09:0251] [Services] iPod Service
[00:09:0251] [Services] iPod Service : "C:\Program Files\iPod\bin\iPodService.exe"
[00:09:0251] [Services] iPod Service : [iPodService.exe] C:\Program Files\iPod\bin\iPodService.exe
[00:09:0251] [Services] IRENUM
[00:09:0251] [Services] IRENUM : system32\drivers\irenum.sys
[00:09:0251] [Services] IRENUM : [irenum.sys] system32\drivers\irenum.sys
[00:09:0267] [Services] isapnp
[00:09:0267] [Services] isapnp : \SystemRoot\system32\drivers\isapnp.sys
[00:09:0267] [Services] isapnp : [isapnp.sys] \SystemRoot\system32\drivers\isapnp.sys
[00:09:0267] [Services] iScsiPrt
[00:09:0267] [Services] iScsiPrt : \SystemRoot\system32\drivers\msiscsi.sys
[00:09:0267] [Services] iScsiPrt : [msiscsi.sys] \SystemRoot\system32\drivers\msiscsi.sys
[00:09:0267] [Services] kbdclass
[00:09:0267] [Services] kbdclass : \SystemRoot\system32\drivers\kbdclass.sys
[00:09:0267] [Services] kbdclass : [kbdclass.sys] \SystemRoot\system32\drivers\kbdclass.sys
[00:09:0267] [Services] kbdhid
[00:09:0267] [Services] kbdhid : \SystemRoot\system32\drivers\kbdhid.sys
[00:09:0267] [Services] kbdhid : [kbdhid.sys] \SystemRoot\system32\drivers\kbdhid.sys
[00:09:0282] [Services] KeyIso
[00:09:0282] [Services] KeyIso : %SystemRoot%\system32\lsass.exe
[00:09:0282] [Services] KeyIso : [lsass.exe] %SystemRoot%\system32\lsass.exe
[00:09:0282] [Services] KSecDD
[00:09:0282] [Services] KSecDD : System32\Drivers\ksecdd.sys
[00:09:0282] [Services] KSecDD : [ksecdd.sys] System32\Drivers\ksecdd.sys
[00:09:0282] [Services] KSecPkg
[00:09:0282] [Services] KSecPkg : System32\Drivers\ksecpkg.sys
[00:09:0282] [Services] KSecPkg : [ksecpkg.sys] System32\Drivers\ksecpkg.sys
[00:09:0282] [Services] KtmRm
[00:09:0282] [Services] KtmRm : %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
[00:09:0282] [Services] KtmRm : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0298] [Services] LanmanServer
[00:09:0298] [Services] LanmanServer : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:09:0298] [Services] LanmanServer : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0298] [Services] LanmanWorkstation
[00:09:0298] [Services] LanmanWorkstation : %SystemRoot%\System32\svchost.exe -k NetworkService
[00:09:0298] [Services] LanmanWorkstation : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0298] [Services] ldap
[00:09:0298] [Services] ldap :
[00:09:0298] [Services] LiveUpdate
[00:09:0298] [Services] LiveUpdate : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
[00:09:0298] [Services] LiveUpdate : [LUCOMS~1.EXE] C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
[00:09:0313] [Services] lltdio
[00:09:0313] [Services] lltdio : system32\DRIVERS\lltdio.sys
[00:09:0313] [Services] lltdio : [lltdio.sys] system32\DRIVERS\lltdio.sys
[00:09:0313] [Services] lltdsvc
[00:09:0313] [Services] lltdsvc : %SystemRoot%\System32\svchost.exe -k LocalService
[00:09:0313] [Services] lltdsvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0313] [Services] lmhosts
[00:09:0313] [Services] lmhosts : %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:09:0313] [Services] lmhosts : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0313] [Services] Lsa
[00:09:0329] [Services] Lsa :
[00:09:0329] [Services] LSI_FC
[00:09:0329] [Services] LSI_FC : \SystemRoot\system32\DRIVERS\lsi_fc.sys
[00:09:0329] [Services] LSI_FC : [lsi_fc.sys] \SystemRoot\system32\DRIVERS\lsi_fc.sys
[00:09:0329] [Services] LSI_SAS
[00:09:0329] [Services] LSI_SAS : \SystemRoot\system32\DRIVERS\lsi_sas.sys
[00:09:0329] [Services] LSI_SAS : [lsi_sas.sys] \SystemRoot\system32\DRIVERS\lsi_sas.sys
[00:09:0329] [Services] LSI_SAS2
[00:09:0329] [Services] LSI_SAS2 : \SystemRoot\system32\DRIVERS\lsi_sas2.sys
[00:09:0329] [Services] LSI_SAS2 : [lsi_sas2.sys] \SystemRoot\system32\DRIVERS\lsi_sas2.sys
[00:09:0329] [Services] LSI_SCSI
[00:09:0329] [Services] LSI_SCSI : \SystemRoot\system32\DRIVERS\lsi_scsi.sys
[00:09:0329] [Services] LSI_SCSI : [lsi_scsi.sys] \SystemRoot\system32\DRIVERS\lsi_scsi.sys
[00:09:0345] [Services] luafv
[00:09:0345] [Services] luafv : \SystemRoot\system32\drivers\luafv.sys
[00:09:0345] [Services] luafv : [luafv.sys] \SystemRoot\system32\drivers\luafv.sys
[00:09:0345] [Services] Mcx2Svc
[00:09:0345] [Services] Mcx2Svc : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0345] [Services] Mcx2Svc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0345] [Services] megasas
[00:09:0345] [Services] megasas : \SystemRoot\system32\DRIVERS\megasas.sys
[00:09:0345] [Services] megasas : [megasas.sys] \SystemRoot\system32\DRIVERS\megasas.sys
[00:09:0345] [Services] MegaSR
[00:09:0345] [Services] MegaSR : \SystemRoot\system32\DRIVERS\MegaSR.sys
[00:09:0360] [Services] MegaSR : [MegaSR.sys] \SystemRoot\system32\DRIVERS\MegaSR.sys
[00:09:0360] [Services] MMCSS
[00:09:0360] [Services] MMCSS : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:09:0360] [Services] MMCSS : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0360] [Services] Modem
[00:09:0360] [Services] Modem : system32\drivers\modem.sys
[00:09:0360] [Services] Modem : [modem.sys] system32\drivers\modem.sys
[00:09:0360] [Services] monitor
[00:09:0360] [Services] monitor : system32\DRIVERS\monitor.sys
[00:09:0360] [Services] monitor : [monitor.sys] system32\DRIVERS\monitor.sys
[00:09:0376] [Services] mouclass
[00:09:0376] [Services] mouclass : \SystemRoot\system32\drivers\mouclass.sys
[00:09:0376] [Services] mouclass : [mouclass.sys] \SystemRoot\system32\drivers\mouclass.sys
[00:09:0376] [Services] mouhid
[00:09:0376] [Services] mouhid : system32\DRIVERS\mouhid.sys
[00:09:0376] [Services] mouhid : [mouhid.sys] system32\DRIVERS\mouhid.sys
[00:09:0376] [Services] mountmgr
[00:09:0376] [Services] mountmgr : System32\drivers\mountmgr.sys
[00:09:0376] [Services] mountmgr : [mountmgr.sys] System32\drivers\mountmgr.sys
[00:09:0376] [Services] mpio
[00:09:0376] [Services] mpio : \SystemRoot\system32\drivers\mpio.sys
[00:09:0391] [Services] mpio : [mpio.sys] \SystemRoot\system32\drivers\mpio.sys
[00:09:0391] [Services] mpsdrv
[00:09:0391] [Services] mpsdrv : System32\drivers\mpsdrv.sys
[00:09:0391] [Services] mpsdrv : [mpsdrv.sys] System32\drivers\mpsdrv.sys
[00:09:0391] [Services] MRxDAV
[00:09:0391] [Services] MRxDAV : \SystemRoot\system32\drivers\mrxdav.sys
[00:09:0391] [Services] MRxDAV : [mrxdav.sys] \SystemRoot\system32\drivers\mrxdav.sys
[00:09:0391] [Services] mrxsmb
[00:09:0391] [Services] mrxsmb : system32\DRIVERS\mrxsmb.sys
[00:09:0391] [Services] mrxsmb : [mrxsmb.sys] system32\DRIVERS\mrxsmb.sys
[00:09:0407] [Services] mrxsmb10
[00:09:0407] [Services] mrxsmb10 : system32\DRIVERS\mrxsmb10.sys
[00:09:0407] [Services] mrxsmb10 : [mrxsmb10.sys] system32\DRIVERS\mrxsmb10.sys
[00:09:0407] [Services] mrxsmb20
[00:09:0407] [Services] mrxsmb20 : system32\DRIVERS\mrxsmb20.sys
[00:09:0407] [Services] mrxsmb20 : [mrxsmb20.sys] system32\DRIVERS\mrxsmb20.sys
[00:09:0407] [Services] msahci
[00:09:0407] [Services] msahci : system32\drivers\msahci.sys
[00:09:0407] [Services] msahci : [msahci.sys] system32\drivers\msahci.sys
[00:09:0407] [Services] msdsm
[00:09:0423] [Services] msdsm : \SystemRoot\system32\drivers\msdsm.sys
[00:09:0423] [Services] msdsm : [msdsm.sys] \SystemRoot\system32\drivers\msdsm.sys
[00:09:0423] [Services] MSDTC
[00:09:0423] [Services] MSDTC : %SystemRoot%\System32\msdtc.exe
[00:09:0423] [Services] MSDTC : [msdtc.exe] %SystemRoot%\System32\msdtc.exe
[00:09:0423] [Services] MSDTC Bridge 3.0.0.0
[00:09:0423] [Services] MSDTC Bridge 3.0.0.0 :
[00:09:0423] [Services] MSDTC Bridge 4.0.0.0
[00:09:0423] [Services] MSDTC Bridge 4.0.0.0 :
[00:09:0423] [Services] Msfs
[00:09:0423] [Services] Msfs :
[00:09:0423] [Services] mshidkmdf
[00:09:0423] [Services] mshidkmdf : \SystemRoot\System32\drivers\mshidkmdf.sys
[00:09:0438] [Services] mshidkmdf : [mshidkmdf.sys] \SystemRoot\System32\drivers\mshidkmdf.sys
[00:09:0438] [Services] msisadrv
[00:09:0438] [Services] msisadrv : system32\drivers\msisadrv.sys
[00:09:0438] [Services] msisadrv : [msisadrv.sys] system32\drivers\msisadrv.sys
[00:09:0438] [Services] MSiSCSI
[00:09:0438] [Services] MSiSCSI : %systemroot%\system32\svchost.exe -k netsvcs
[00:09:0438] [Services] MSiSCSI : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0438] [Services] msiserver
[00:09:0438] [Services] msiserver : %systemroot%\system32\msiexec.exe /V
[00:09:0438] [Services] msiserver : [msiexec.exe] %systemroot%\system32\msiexec.exe
[00:09:0454] [Services] MSKSSRV
[00:09:0454] [Services] MSKSSRV : system32\drivers\MSKSSRV.sys
[00:09:0454] [Services] MSKSSRV : [MSKSSRV.sys] system32\drivers\MSKSSRV.sys
[00:09:0454] [Services] MSPCLOCK
[00:09:0454] [Services] MSPCLOCK : system32\drivers\MSPCLOCK.sys
[00:09:0454] [Services] MSPCLOCK : [MSPCLOCK.sys] system32\drivers\MSPCLOCK.sys
[00:09:0454] [Services] MSPQM
[00:09:0454] [Services] MSPQM : system32\drivers\MSPQM.sys
[00:09:0454] [Services] MSPQM : [MSPQM.sys] system32\drivers\MSPQM.sys
[00:09:0469] [Services] MsRPC
[00:09:0469] [Services] MsRPC :
[00:09:0469] [Services] MSSCNTRS
[00:09:0469] [Services] MSSCNTRS :
[00:09:0469] [Services] mssmbios
[00:09:0469] [Services] mssmbios : \SystemRoot\system32\drivers\mssmbios.sys
[00:09:0469] [Services] mssmbios : [mssmbios.sys] \SystemRoot\system32\drivers\mssmbios.sys
[00:09:0469] [Services] MSTEE
[00:09:0469] [Services] MSTEE : system32\drivers\MSTEE.sys
[00:09:0469] [Services] MSTEE : [MSTEE.sys] system32\drivers\MSTEE.sys
[00:09:0469] [Services] MTConfig
[00:09:0469] [Services] MTConfig : \SystemRoot\system32\DRIVERS\MTConfig.sys
[00:09:0469] [Services] MTConfig : [MTConfig.sys] \SystemRoot\system32\DRIVERS\MTConfig.sys
[00:09:0485] [Services] Mup
[00:09:0485] [Services] Mup : System32\Drivers\mup.sys
[00:09:0485] [Services] Mup : [mup.sys] System32\Drivers\mup.sys
[00:09:0485] [Services] napagent
[00:09:0485] [Services] napagent : %SystemRoot%\System32\svchost.exe -k NetworkService
[00:09:0485] [Services] napagent : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0485] [Services] NativeWifiP
[00:09:0485] [Services] NativeWifiP : system32\DRIVERS\nwifi.sys
[00:09:0485] [Services] NativeWifiP : [nwifi.sys] system32\DRIVERS\nwifi.sys
[00:09:0485] [Services] NAVENG
[00:09:0485] [Services] NAVENG : \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVENG.SYS
[00:09:0501] [Services] NAVENG : [NAVENG.SYS] \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVENG.SYS
[00:09:0501] [Services] NAVEX15
[00:09:0501] [Services] NAVEX15 : \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVEX15.SYS
[00:09:0501] [Services] NAVEX15 : [NAVEX15.SYS] \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVEX15.SYS
[00:09:0501] [Services] NDIS
[00:09:0501] [Services] NDIS : system32\drivers\ndis.sys
[00:09:0501] [Services] NDIS : [ndis.sys] system32\drivers\ndis.sys
[00:09:0501] [Services] NdisCap
[00:09:0501] [Services] NdisCap : system32\DRIVERS\ndiscap.sys
[00:09:0501] [Services] NdisCap : [ndiscap.sys] system32\DRIVERS\ndiscap.sys
[00:09:0516] [Services] NdisTapi
[00:09:0516] [Services] NdisTapi : system32\DRIVERS\ndistapi.sys
[00:09:0516] [Services] NdisTapi : [ndistapi.sys] system32\DRIVERS\ndistapi.sys
[00:09:0516] [Services] Ndisuio
[00:09:0516] [Services] Ndisuio : system32\DRIVERS\ndisuio.sys
[00:09:0516] [Services] Ndisuio : [ndisuio.sys] system32\DRIVERS\ndisuio.sys
[00:09:0516] [Services] NdisWan
[00:09:0516] [Services] NdisWan : system32\DRIVERS\ndiswan.sys
[00:09:0516] [Services] NdisWan : [ndiswan.sys] system32\DRIVERS\ndiswan.sys
[00:09:0532] [Services] NDProxy
[00:09:0532] [Services] NDProxy :
[00:09:0532] [Services] Net Driver HPZ12
[00:09:0532] [Services] Net Driver HPZ12 : %SystemRoot%\System32\svchost.exe -k HPZ12
[00:09:0532] [Services] Net Driver HPZ12 : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0532] [Services] NetBIOS
[00:09:0532] [Services] NetBIOS : system32\DRIVERS\netbios.sys
[00:09:0532] [Services] NetBIOS : [netbios.sys] system32\DRIVERS\netbios.sys
[00:09:0532] [Services] NetBT
[00:09:0532] [Services] NetBT : System32\DRIVERS\netbt.sys
[00:09:0532] [Services] NetBT : [netbt.sys] System32\DRIVERS\netbt.sys
[00:09:0547] [Services] Netlogon
[00:09:0547] [Services] Netlogon : %systemroot%\system32\lsass.exe
[00:09:0547] [Services] Netlogon : [lsass.exe] %systemroot%\system32\lsass.exe
[00:09:0547] [Services] Netman
[00:09:0547] [Services] Netman : %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:09:0547] [Services] Netman : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0547] [Services] netprofm
[00:09:0547] [Services] netprofm : %SystemRoot%\System32\svchost.exe -k LocalService
[00:09:0547] [Services] netprofm : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0547] [Services] NetTcpPortSharing
[00:09:0563] [Services] NetTcpPortSharing : "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[00:09:0563] [Services] NetTcpPortSharing : [SMSvcHost.exe] %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[00:09:0563] [Services] nfrd960
[00:09:0563] [Services] nfrd960 : \SystemRoot\system32\DRIVERS\nfrd960.sys
[00:09:0563] [Services] nfrd960 : [nfrd960.sys] \SystemRoot\system32\DRIVERS\nfrd960.sys
[00:09:0563] [Services] NlaSvc
[00:09:0563] [Services] NlaSvc : %SystemRoot%\System32\svchost.exe -k NetworkService
[00:09:0563] [Services] NlaSvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0563] [Services] Npfs
[00:09:0563] [Services] Npfs :
[00:09:0563] [Services] nsi
[00:09:0563] [Services] nsi : %systemroot%\system32\svchost.exe -k LocalService
[00:09:0563] [Services] nsi : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0579] [Services] nsiproxy
[00:09:0579] [Services] nsiproxy : system32\drivers\nsiproxy.sys
[00:09:0579] [Services] nsiproxy : [nsiproxy.sys] system32\drivers\nsiproxy.sys
[00:09:0579] [Services] NTDS
[00:09:0579] [Services] NTDS :
[00:09:0579] [Services] Ntfs
[00:09:0579] [Services] Ntfs :
[00:09:0579] [Services] Null
[00:09:0579] [Services] Null :
[00:09:0579] [Services] nvlddmkm
[00:09:0579] [Services] nvlddmkm : system32\DRIVERS\nvlddmkm.sys
[00:09:0579] [Services] nvlddmkm : [nvlddmkm.sys] system32\DRIVERS\nvlddmkm.sys
[00:09:0594] [Services] nvraid
[00:09:0594] [Services] nvraid : \SystemRoot\system32\drivers\nvraid.sys
[00:09:0594] [Services] nvraid : [nvraid.sys] \SystemRoot\system32\drivers\nvraid.sys
[00:09:0594] [Services] nvstor
[00:09:0594] [Services] nvstor : \SystemRoot\system32\drivers\nvstor.sys
[00:09:0594] [Services] nvstor : [nvstor.sys] \SystemRoot\system32\drivers\nvstor.sys
[00:09:0594] [Services] nv_agp
[00:09:0594] [Services] nv_agp : \SystemRoot\system32\drivers\nv_agp.sys
[00:09:0594] [Services] nv_agp : [nv_agp.sys] \SystemRoot\system32\drivers\nv_agp.sys
[00:09:0594] [Services] odserv
[00:09:0610] [Services] odserv : "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
[00:09:0610] [Services] odserv : [ODSERV.EXE] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[00:09:0610] [Services] ohci1394
[00:09:0610] [Services] ohci1394 : \SystemRoot\system32\drivers\ohci1394.sys
[00:09:0610] [Services] ohci1394 : [ohci1394.sys] \SystemRoot\system32\drivers\ohci1394.sys
[00:09:0610] [Services] ose
[00:09:0610] [Services] ose : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
[00:09:0610] [Services] ose : [OSE.EXE] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00:09:0610] [Services] p2pimsvc
[00:09:0610] [Services] p2pimsvc : %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
[00:09:0610] [Services] p2pimsvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0625] [Services] p2psvc
[00:09:0625] [Services] p2psvc : %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
[00:09:0625] [Services] p2psvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0625] [Services] Parport
[00:09:0625] [Services] Parport : \SystemRoot\system32\DRIVERS\parport.sys
[00:09:0625] [Services] Parport : [parport.sys] \SystemRoot\system32\DRIVERS\parport.sys
[00:09:0625] [Services] partmgr
[00:09:0625] [Services] partmgr : System32\drivers\partmgr.sys
[00:09:0625] [Services] partmgr : [partmgr.sys] System32\drivers\partmgr.sys
[00:09:0625] [Services] Parvdm
[00:09:0625] [Services] Parvdm : \SystemRoot\system32\DRIVERS\parvdm.sys
[00:09:0641] [Services] Parvdm : [parvdm.sys] \SystemRoot\system32\DRIVERS\parvdm.sys
[00:09:0641] [Services] PcaSvc
[00:09:0641] [Services] PcaSvc : %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:09:0641] [Services] PcaSvc : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0641] [Services] pci
[00:09:0641] [Services] pci : system32\drivers\pci.sys
[00:09:0641] [Services] pci : [pci.sys] system32\drivers\pci.sys
[00:09:0641] [Services] pciide
[00:09:0641] [Services] pciide : \SystemRoot\system32\drivers\pciide.sys
[00:09:0641] [Services] pciide : [pciide.sys] \SystemRoot\system32\drivers\pciide.sys
[00:09:0657] [Services] pcmcia
[00:09:0657] [Services] pcmcia : system32\DRIVERS\pcmcia.sys
[00:09:0657] [Services] pcmcia : [pcmcia.sys] system32\DRIVERS\pcmcia.sys
[00:09:0657] [Services] pcw
[00:09:0657] [Services] pcw : System32\drivers\pcw.sys
[00:09:0657] [Services] pcw : [pcw.sys] System32\drivers\pcw.sys
[00:09:0657] [Services] PEAUTH
[00:09:0657] [Services] PEAUTH : system32\drivers\peauth.sys
[00:09:0657] [Services] PEAUTH : [peauth.sys] system32\drivers\peauth.sys
[00:09:0657] [Services] PeerDistSvc
[00:09:0657] [Services] PeerDistSvc : %SystemRoot%\System32\svchost.exe -k PeerDist
[00:09:0672] [Services] PeerDistSvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0672] [Services] PerfDisk
[00:09:0672] [Services] PerfDisk :
[00:09:0672] [Services] PerfNet
[00:09:0672] [Services] PerfNet :
[00:09:0672] [Services] PerfOS
[00:09:0672] [Services] PerfOS :
[00:09:0672] [Services] PerfProc
[00:09:0672] [Services] PerfProc :
[00:09:0672] [Services] pla
[00:09:0672] [Services] pla : %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
[00:09:0672] [Services] pla : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0672] [Services] PlugPlay
[00:09:0672] [Services] PlugPlay : %SystemRoot%\system32\svchost.exe -k DcomLaunch
[00:09:0672] [Services] PlugPlay : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0688] [Services] Pml Driver HPZ12
[00:09:0688] [Services] Pml Driver HPZ12 : %SystemRoot%\System32\svchost.exe -k HPZ12
[00:09:0688] [Services] Pml Driver HPZ12 : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0688] [Services] PNRPAutoReg
[00:09:0688] [Services] PNRPAutoReg : %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
[00:09:0688] [Services] PNRPAutoReg : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0688] [Services] PNRPsvc
[00:09:0688] [Services] PNRPsvc : %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
[00:09:0688] [Services] PNRPsvc : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0688] [Services] PolicyAgent
[00:09:0703] [Services] PolicyAgent : %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
[00:09:0703] [Services] PolicyAgent : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0703] [Services] PortProxy
[00:09:0703] [Services] PortProxy :
[00:09:0703] [Services] Power
[00:09:0703] [Services] Power : %SystemRoot%\system32\svchost.exe -k DcomLaunch
[00:09:0703] [Services] Power : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0703] [Services] PptpMiniport
[00:09:0703] [Services] PptpMiniport : system32\DRIVERS\raspptp.sys
[00:09:0703] [Services] PptpMiniport : [raspptp.sys] system32\DRIVERS\raspptp.sys
[00:09:0703] [Services] Processor
[00:09:0703] [Services] Processor : \SystemRoot\system32\DRIVERS\processr.sys
[00:09:0719] [Services] Processor : [processr.sys] \SystemRoot\system32\DRIVERS\processr.sys
[00:09:0719] [Services] ProfSvc
[00:09:0719] [Services] ProfSvc : %systemroot%\system32\svchost.exe -k netsvcs
[00:09:0719] [Services] ProfSvc : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0719] [Services] ProtectedStorage
[00:09:0719] [Services] ProtectedStorage : %SystemRoot%\system32\lsass.exe
[00:09:0719] [Services] ProtectedStorage : [lsass.exe] %SystemRoot%\system32\lsass.exe
[00:09:0719] [Services] Psched
[00:09:0719] [Services] Psched : system32\DRIVERS\pacer.sys
[00:09:0719] [Services] Psched : [pacer.sys] system32\DRIVERS\pacer.sys
[00:09:0719] [Services] ql2300
[00:09:0735] [Services] ql2300 : \SystemRoot\system32\DRIVERS\ql2300.sys
[00:09:0735] [Services] ql2300 : [ql2300.sys] \SystemRoot\system32\DRIVERS\ql2300.sys
[00:09:0735] [Services] ql40xx
[00:09:0735] [Services] ql40xx : \SystemRoot\system32\DRIVERS\ql40xx.sys
[00:09:0735] [Services] ql40xx : [ql40xx.sys] \SystemRoot\system32\DRIVERS\ql40xx.sys
[00:09:0735] [Services] QWAVE
[00:09:0735] [Services] QWAVE : %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0735] [Services] QWAVE : [svchost.exe] %windir%\system32\svchost.exe
[00:09:0735] [Services] QWAVEdrv
[00:09:0735] [Services] QWAVEdrv : \SystemRoot\system32\drivers\qwavedrv.sys
[00:09:0735] [Services] QWAVEdrv : [qwavedrv.sys] \SystemRoot\system32\drivers\qwavedrv.sys
[00:09:0750] [Services] RasAcd
[00:09:0750] [Services] RasAcd : System32\DRIVERS\rasacd.sys
[00:09:0750] [Services] RasAcd : [rasacd.sys] System32\DRIVERS\rasacd.sys
[00:09:0750] [Services] RasAgileVpn
[00:09:0750] [Services] RasAgileVpn : system32\DRIVERS\AgileVpn.sys
[00:09:0750] [Services] RasAgileVpn : [AgileVpn.sys] system32\DRIVERS\AgileVpn.sys
[00:09:0750] [Services] RasAuto
[00:09:0750] [Services] RasAuto : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0750] [Services] RasAuto : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0750] [Services] Rasl2tp
[00:09:0750] [Services] Rasl2tp : system32\DRIVERS\rasl2tp.sys
[00:09:0766] [Services] Rasl2tp : [rasl2tp.sys] system32\DRIVERS\rasl2tp.sys
[00:09:0766] [Services] RasMan
[00:09:0766] [Services] RasMan : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0766] [Services] RasMan : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0766] [Services] RasPppoe
[00:09:0766] [Services] RasPppoe : system32\DRIVERS\raspppoe.sys
[00:09:0766] [Services] RasPppoe : [raspppoe.sys] system32\DRIVERS\raspppoe.sys
[00:09:0766] [Services] RasSstp
[00:09:0766] [Services] RasSstp : system32\DRIVERS\rassstp.sys
[00:09:0766] [Services] RasSstp : [rassstp.sys] system32\DRIVERS\rassstp.sys
[00:09:0781] [Services] rdbss
[00:09:0781] [Services] rdbss : system32\DRIVERS\rdbss.sys
[00:09:0781] [Services] rdbss : [rdbss.sys] system32\DRIVERS\rdbss.sys
[00:09:0781] [Services] rdpbus
[00:09:0781] [Services] rdpbus : system32\DRIVERS\rdpbus.sys
[00:09:0781] [Services] rdpbus : [rdpbus.sys] system32\DRIVERS\rdpbus.sys
[00:09:0781] [Services] RDPCDD
[00:09:0781] [Services] RDPCDD : System32\DRIVERS\RDPCDD.sys
[00:09:0781] [Services] RDPCDD : [RDPCDD.sys] System32\DRIVERS\RDPCDD.sys
[00:09:0797] [Services] RDPDD
[00:09:0797] [Services] RDPDD :
[00:09:0797] [Services] RDPDR
[00:09:0797] [Services] RDPDR : System32\drivers\rdpdr.sys
[00:09:0797] [Services] RDPDR : [rdpdr.sys] System32\drivers\rdpdr.sys
[00:09:0797] [Services] RDPENCDD
[00:09:0797] [Services] RDPENCDD : system32\drivers\rdpencdd.sys
[00:09:0797] [Services] RDPENCDD : [rdpencdd.sys] system32\drivers\rdpencdd.sys
[00:09:0797] [Services] RDPNP
[00:09:0797] [Services] RDPNP :
[00:09:0797] [Services] RDPREFMP
[00:09:0797] [Services] RDPREFMP : system32\drivers\rdprefmp.sys
[00:09:0797] [Services] RDPREFMP : [rdprefmp.sys] system32\drivers\rdprefmp.sys
[00:09:0813] [Services] RDPUDD
[00:09:0813] [Services] RDPUDD :
[00:09:0813] [Services] RdpVideoMiniport
[00:09:0813] [Services] RdpVideoMiniport : System32\drivers\rdpvideominiport.sys
[00:09:0813] [Services] RdpVideoMiniport : [rdpvideominiport.sys] System32\drivers\rdpvideominiport.sys
[00:09:0813] [Services] RDPWD
[00:09:0813] [Services] RDPWD :
[00:09:0813] [Services] rdyboost
[00:09:0813] [Services] rdyboost : System32\drivers\rdyboost.sys
[00:09:0813] [Services] rdyboost : [rdyboost.sys] System32\drivers\rdyboost.sys
[00:09:0828] [Services] RemoteAccess
[00:09:0828] [Services] RemoteAccess : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0828] [Services] RemoteAccess : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0828] [Services] RemoteRegistry
[00:09:0828] [Services] RemoteRegistry : %SystemRoot%\system32\svchost.exe -k regsvc
[00:09:0828] [Services] RemoteRegistry : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0828] [Services] RFCOMM
[00:09:0828] [Services] RFCOMM : system32\DRIVERS\rfcomm.sys
[00:09:0828] [Services] RFCOMM : [rfcomm.sys] system32\DRIVERS\rfcomm.sys
[00:09:0828] [Services] RpcEptMapper
[00:09:0828] [Services] RpcEptMapper : %SystemRoot%\system32\svchost.exe -k RPCSS
[00:09:0828] [Services] RpcEptMapper : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0844] [Services] RpcLocator
[00:09:0844] [Services] RpcLocator : %SystemRoot%\system32\locator.exe
[00:09:0844] [Services] RpcLocator : [locator.exe] %SystemRoot%\system32\locator.exe
[00:09:0844] [Services] rpcnet
[00:09:0844] [Services] rpcnet :
[00:09:0844] [Services] rpcnetp
[00:09:0844] [Services] rpcnetp : %SystemRoot%\System32\rpcnetp.exe
[00:09:0844] [Services] rpcnetp : [rpcnetp.exe] %SystemRoot%\System32\rpcnetp.exe
[00:09:0844] [Services] RpcSs
[00:09:0844] [Services] RpcSs : %SystemRoot%\system32\svchost.exe -k rpcss
[00:09:0844] [Services] RpcSs : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0859] [Services] rspndr
[00:09:0859] [Services] rspndr : system32\DRIVERS\rspndr.sys
[00:09:0859] [Services] rspndr : [rspndr.sys] system32\DRIVERS\rspndr.sys
[00:09:0859] [Services] s3cap
[00:09:0859] [Services] s3cap : \SystemRoot\system32\drivers\vms3cap.sys
[00:09:0859] [Services] s3cap : [vms3cap.sys] \SystemRoot\system32\drivers\vms3cap.sys
[00:09:0859] [Services] SamSs
[00:09:0859] [Services] SamSs : %SystemRoot%\system32\lsass.exe
[00:09:0859] [Services] SamSs : [lsass.exe] %SystemRoot%\system32\lsass.exe
[00:09:0859] [Services] sbp2port
[00:09:0859] [Services] sbp2port : \SystemRoot\system32\drivers\sbp2port.sys
[00:09:0875] [Services] sbp2port : [sbp2port.sys] \SystemRoot\system32\drivers\sbp2port.sys
[00:09:0875] [Services] SCardSvr
[00:09:0875] [Services] SCardSvr : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0875] [Services] SCardSvr : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0875] [Services] scfilter
[00:09:0875] [Services] scfilter : System32\DRIVERS\scfilter.sys
[00:09:0875] [Services] scfilter : [scfilter.sys] System32\DRIVERS\scfilter.sys
[00:09:0875] [Services] Schedule
[00:09:0875] [Services] Schedule : %systemroot%\system32\svchost.exe -k netsvcs
[00:09:0875] [Services] Schedule : [svchost.exe] %systemroot%\system32\svchost.exe
[00:09:0891] [Services] SCPolicySvc
[00:09:0891] [Services] SCPolicySvc : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:09:0891] [Services] SCPolicySvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0891] [Services] SDRSVC
[00:09:0891] [Services] SDRSVC : %SystemRoot%\system32\svchost.exe -k SDRSVC
[00:09:0891] [Services] SDRSVC : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0891] [Services] secdrv
[00:09:0891] [Services] secdrv :
[00:09:0891] [Services] seclogon
[00:09:0891] [Services] seclogon : %windir%\system32\svchost.exe -k netsvcs
[00:09:0891] [Services] seclogon : [svchost.exe] %windir%\system32\svchost.exe
[00:09:0906] [Services] SENS
[00:09:0906] [Services] SENS : %SystemRoot%\system32\svchost.exe -k netsvcs
[00:09:0906] [Services] SENS : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0906] [Services] SensrSvc
[00:09:0906] [Services] SensrSvc : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:09:0906] [Services] SensrSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:09:0906] [Services] Serenum
[00:09:0906] [Services] Serenum : system32\DRIVERS\serenum.sys
[00:09:0906] [Services] Serenum : [serenum.sys] system32\DRIVERS\serenum.sys
[00:09:0906] [Services] Serial
[00:09:0906] [Services] Serial : system32\DRIVERS\serial.sys
[00:09:0906] [Services] Serial : [serial.sys] system32\DRIVERS\serial.sys
[00:09:0922] [Services] sermouse
[00:09:0922] [Services] sermouse : \SystemRoot\system32\DRIVERS\sermouse.sys
[00:09:0922] [Services] sermouse : [sermouse.sys] \SystemRoot\system32\DRIVERS\sermouse.sys
[00:09:0922] [Services] ServiceModelEndpoint 3.0.0.0
[00:09:0922] [Services] ServiceModelEndpoint 3.0.0.0 :
[00:09:0922] [Services] ServiceModelOperation 3.0.0.0
[00:09:0922] [Services] ServiceModelOperation 3.0.0.0 :
[00:09:0922] [Services] ServiceModelService 3.0.0.0
[00:09:0922] [Services] ServiceModelService 3.0.0.0 :
[00:09:0922] [Services] SessionEnv
[00:09:0922] [Services] SessionEnv : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0922] [Services] SessionEnv : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0937] [Services] sffdisk
[00:09:0937] [Services] sffdisk : \SystemRoot\system32\drivers\sffdisk.sys
[00:09:0937] [Services] sffdisk : [sffdisk.sys] \SystemRoot\system32\drivers\sffdisk.sys
[00:09:0937] [Services] sffp_mmc
[00:09:0937] [Services] sffp_mmc : \SystemRoot\system32\drivers\sffp_mmc.sys
[00:09:0937] [Services] sffp_mmc : [sffp_mmc.sys] \SystemRoot\system32\drivers\sffp_mmc.sys
[00:09:0937] [Services] sffp_sd
[00:09:0937] [Services] sffp_sd : \SystemRoot\system32\drivers\sffp_sd.sys
[00:09:0937] [Services] sffp_sd : [sffp_sd.sys] \SystemRoot\system32\drivers\sffp_sd.sys
[00:09:0937] [Services] sfloppy
[00:09:0937] [Services] sfloppy : \SystemRoot\system32\DRIVERS\sfloppy.sys
[00:09:0937] [Services] sfloppy : [sfloppy.sys] \SystemRoot\system32\DRIVERS\sfloppy.sys
[00:09:0953] [Services] SharedAccess
[00:09:0953] [Services] SharedAccess : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0953] [Services] SharedAccess : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0953] [Services] ShellHWDetection
[00:09:0953] [Services] ShellHWDetection : %SystemRoot%\System32\svchost.exe -k netsvcs
[00:09:0953] [Services] ShellHWDetection : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:09:0953] [Services] sisagp
[00:09:0953] [Services] sisagp : \SystemRoot\system32\drivers\sisagp.sys
[00:09:0953] [Services] sisagp : [sisagp.sys] \SystemRoot\system32\drivers\sisagp.sys
[00:09:0953] [Services] SiSRaid2
[00:09:0953] [Services] SiSRaid2 : \SystemRoot\system32\DRIVERS\SiSRaid2.sys
[00:09:0953] [Services] SiSRaid2 : [SiSRaid2.sys] \SystemRoot\system32\DRIVERS\SiSRaid2.sys
[00:09:0969] [Services] SiSRaid4
[00:09:0969] [Services] SiSRaid4 : \SystemRoot\system32\DRIVERS\sisraid4.sys
[00:09:0969] [Services] SiSRaid4 : [sisraid4.sys] \SystemRoot\system32\DRIVERS\sisraid4.sys
[00:09:0969] [Services] Smb
[00:09:0969] [Services] Smb : system32\DRIVERS\smb.sys
[00:09:0969] [Services] Smb : [smb.sys] system32\DRIVERS\smb.sys
[00:09:0969] [Services] SmcService
[00:09:0969] [Services] SmcService : "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"
[00:09:0969] [Services] SmcService : [Smc.exe] C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
[00:09:0984] [Services] SMSvcHost 3.0.0.0
[00:09:0984] [Services] SMSvcHost 3.0.0.0 :
[00:09:0984] [Services] SMSvcHost 4.0.0.0
[00:09:0984] [Services] SMSvcHost 4.0.0.0 :
[00:09:0984] [Services] SNAC
[00:09:0984] [Services] SNAC : "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"
[00:09:0984] [Services] SNAC : [SNAC.EXE] C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
[00:09:0984] [Services] SnacNp
[00:09:0984] [Services] SnacNp :
[00:09:0984] [Services] SNMPTRAP
[00:09:0984] [Services] SNMPTRAP : %SystemRoot%\System32\snmptrap.exe
[00:09:0984] [Services] SNMPTRAP : [snmptrap.exe] %SystemRoot%\System32\snmptrap.exe
[00:10:0000] [Services] SPBBCDrv
[00:10:0000] [Services] SPBBCDrv : \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
[00:10:0000] [Services] SPBBCDrv : [SPBBCDrv.sys] \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
[00:10:0000] [Services] spldr
[00:10:0000] [Services] spldr :
[00:10:0000] [Services] Spooler
[00:10:0000] [Services] Spooler : %SystemRoot%\System32\spoolsv.exe
[00:10:0000] [Services] Spooler : [spoolsv.exe] %SystemRoot%\System32\spoolsv.exe
[00:10:0000] [Services] sppsvc
[00:10:0000] [Services] sppsvc : %SystemRoot%\system32\sppsvc.exe
[00:10:0000] [Services] sppsvc : [sppsvc.exe] %SystemRoot%\system32\sppsvc.exe
[00:10:0015] [Services] sppuinotify
[00:10:0015] [Services] sppuinotify : %SystemRoot%\system32\svchost.exe -k LocalService
[00:10:0015] [Services] sppuinotify : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:10:0015] [Services] SRTSP
[00:10:0015] [Services] SRTSP : System32\Drivers\SRTSP.SYS
[00:10:0015] [Services] SRTSP : [SRTSP.SYS] System32\Drivers\SRTSP.SYS
[00:10:0015] [Services] SRTSPL
[00:10:0015] [Services] SRTSPL : System32\Drivers\SRTSPL.SYS
[00:10:0015] [Services] SRTSPL : [SRTSPL.SYS] System32\Drivers\SRTSPL.SYS
[00:10:0015] [Services] SRTSPX
[00:10:0015] [Services] SRTSPX : System32\Drivers\SRTSPX.SYS
[00:10:0015] [Services] SRTSPX : [SRTSPX.SYS] System32\Drivers\SRTSPX.SYS
[00:10:0031] [Services] srv
[00:10:0031] [Services] srv : System32\DRIVERS\srv.sys
[00:10:0031] [Services] srv : [srv.sys] System32\DRIVERS\srv.sys
[00:10:0031] [Services] srv2
[00:10:0031] [Services] srv2 : System32\DRIVERS\srv2.sys
[00:10:0031] [Services] srv2 : [srv2.sys] System32\DRIVERS\srv2.sys
[00:10:0031] [Services] SrvHsfHDA
[00:10:0031] [Services] SrvHsfHDA : system32\DRIVERS\VSTAZL3.SYS
[00:10:0031] [Services] SrvHsfHDA : [VSTAZL3.SYS] system32\DRIVERS\VSTAZL3.SYS
[00:10:0031] [Services] SrvHsfV92
[00:10:0031] [Services] SrvHsfV92 : system32\DRIVERS\VSTDPV3.SYS
[00:10:0047] [Services] SrvHsfV92 : [VSTDPV3.SYS] system32\DRIVERS\VSTDPV3.SYS
[00:10:0047] [Services] SrvHsfWinac
[00:10:0047] [Services] SrvHsfWinac : system32\DRIVERS\VSTCNXT3.SYS
[00:10:0047] [Services] SrvHsfWinac : [VSTCNXT3.SYS] system32\DRIVERS\VSTCNXT3.SYS
[00:10:0047] [Services] srvnet
[00:10:0047] [Services] srvnet : System32\DRIVERS\srvnet.sys
[00:10:0047] [Services] srvnet : [srvnet.sys] System32\DRIVERS\srvnet.sys
[00:10:0047] [Services] SSDPSRV
[00:10:0047] [Services] SSDPSRV : %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:10:0062] [Services] SSDPSRV : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:10:0062] [Services] SstpSvc
[00:10:0062] [Services] SstpSvc : %SystemRoot%\system32\svchost.exe -k LocalService
[00:10:0062] [Services] SstpSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:10:0062] [Services] stexstor
[00:10:0062] [Services] stexstor : \SystemRoot\system32\DRIVERS\stexstor.sys
[00:10:0062] [Services] stexstor : [stexstor.sys] \SystemRoot\system32\DRIVERS\stexstor.sys
[00:10:0062] [Services] StiSvc
[00:10:0062] [Services] StiSvc : %SystemRoot%\system32\svchost.exe -k imgsvc
[00:10:0062] [Services] StiSvc : [svchost.exe] %SystemRoot%\system32\svchost.exe
[00:10:0062] [Services] storflt
[00:10:0062] [Services] storflt : system32\drivers\vmstorfl.sys
[00:10:0078] [Services] storflt : [vmstorfl.sys] system32\drivers\vmstorfl.sys
[00:10:0078] [Services] storvsc
[00:10:0078] [Services] storvsc : \SystemRoot\system32\drivers\storvsc.sys
[00:10:0078] [Services] storvsc : [storvsc.sys] \SystemRoot\system32\drivers\storvsc.sys
[00:10:0078] [Services] swenum
[00:10:0078] [Services] swenum : \SystemRoot\system32\drivers\swenum.sys
[00:10:0078] [Services] swenum : [swenum.sys] \SystemRoot\system32\drivers\swenum.sys
[00:10:0078] [Services] swprv
[00:10:0078] [Services] swprv : %SystemRoot%\System32\svchost.exe -k swprv
[00:10:0078] [Services] swprv : [svchost.exe] %SystemRoot%\System32\svchost.exe
[00:10:0093] [Services] Symantec AntiVirus
[00:10:0093] [Services] Symantec AntiVirus : "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe"
[00:10:0093] [Services] Symantec AntiVirus : [Rtvscan.exe] C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
[00:10:0093] [Services] SymEvent
[00:10:0093] [Services] SymEvent : \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
[00:10:0093] [Services] SymEvent : [SYMEVENT.SYS] \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
[00:10:0093] [Services] SYMREDRV
[00:10:0093] [Services] SYMREDRV : \SystemRoot\System32\Drivers\SYMREDRV.SYS
[00:10:0093] [Services] SYMREDRV : [SYMREDRV.SYS] \SystemRoot\System32\Drivers\SYMREDRV.SYS
[00:10:0093] [Services] SYMTDI
[00:10:0093] [Services] SYMTDI : \SystemRoot\System32\Drivers\SYMTDI.SYS
[00:10:0109] [Services] SYMTDI : [SYMTDI.SYS] \SystemRoot\System32\Drivers\SYMTDI.SYS
[00:10:0109] [Services] Synth3dVsc
[00:10:0109] [Services] Synth3dVsc : System32\drivers\synth3dvsc.sys
[00:10:0109] [Services] Synth3dVsc : [synth3dvsc.sys] System32\drivers\synth3dvsc.sys
[00:10:0109] [Services] SysMain
[00:10:0109] [Services] SysMain : %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:10:0109] [Services] SysMain : [svchost.exe] %systemroot%\system32\svchost.exe
[00:10:0109] [Services] TabletInputService
[00:10:0109] [Services] TabletInputService : %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:10:0109] [Services] TabletInputService : [svchost.exe] %SystemRoot%\System32\svchost.exe

Attached Files



#3 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 March 2012 - 08:20 PM

Ok, looks like I posted prematurely. I rebooted and tried running gmer and dds, this time with success. Here are the logs:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Tim at 20:39:00 on 2012-03-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.270 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Content Filter\X3WatchPRO.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Google Update] "c:\users\tim\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SansaDispatch] c:\users\tim\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [Akamai NetSession Interface] "c:\users\tim\appdata\local\akamai\netsession_win.exe"
uRun: [Update] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft\vubjh.dll",DllRegisterServer
uRun: [Vyeryfant] c:\users\tim\appdata\roaming\exuk\neumy.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn
mRun: [AprvRemoveLegacyWordKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\word\addins\OfficeAddIn.OfficeAddIn
mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ICF] "c:\program files\internet content filter\X3watchPRO.exe"
mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mRun: [bQBDimwbRmHtD.exe] c:\programdata\bQBDimwbRmHtD.exe
mRun: [wisad] rundll32.exe "c:\windows\temp\wisad.dll",DocStartFeedLoad
mRun: [dmsbr] rundll32.exe "c:\windows\temp\dmsbr.dll",GetDevicePropertyCount
dRun: [Update] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft\vubjh.dll",DllRegisterServer
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mExplorerRun: [2] logn33.exe
StartupFolder: c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\startup\hueh.exe
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\startup\yburo.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\icf.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3F536E4B-81B7-40AF-83EA-1B2D330E5F81} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\65348413 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\855627875637 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\960586F6E65602D4977596 : DhcpNameServer = 66.174.71.33 69.78.96.14 8.8.8.8
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\B6F6C6C61627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\D416E6E616055726C69636 : DhcpNameServer = 10.128.128.128
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Hosts: 94.63.147.22 www.google.com
Hosts: 94.63.147.23 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-23 22:14:49 63488 --sha-w- c:\windows\system32\logn33.exe
2012-03-23 22:08:30 194560 ----a-w- c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\startup\yburo.exe
2012-03-23 21:59:11 243720 ----a-w- c:\users\tim\appdata\roaming\microsoft\windows\start menu\programs\startup\hueh.exe
2012-03-23 12:38:53 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-03-23 12:37:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-23 05:14:42 84992 ----a-w- c:\windows\system32\CsY4H.com_
2012-03-23 02:25:27 -------- d-sh--w- C:\found.000
2012-03-22 19:44:15 89088 ----a-w- c:\windows\system32\calcnfig.dll
2012-03-22 17:27:41 31232 ----a-w- c:\windows\system32\CsY4H.com
2012-03-22 02:23:46 158720 ---ha-w- c:\programdata\microsoft\windows\drm\D588.tmp
2012-03-20 19:32:33 6552120 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{4fa8492e-bb5c-402a-997c-37f762535cee}\mpengine.dll
2012-03-14 07:01:30 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:01:27 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 20:32:22 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:32:17 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:29:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:29:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:29:54 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:29:46 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:29:45 826880 ----a-w- c:\windows\system32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-23 23:18:43 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 21:10:22.21 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 23 March 2012 - 11:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 24 March 2012 - 04:55 PM

Gringo, thank you very much for the help. I don't know what code boxes are. Was that number in your instructions a response to what I posted above or standard guidance you give?

As for the steps you gave me, I am having problems ensuring my security software is disabled before running Combofix. Ordinarily I have Symantc Endpoint Protection (I believe), Windows Defender, and the Windows Firewall. The virus wiped out my Start menu, and in Safe Mode, at least, Symantec Endpoint and Windows Defender do not show up in the task bar on the lower right hand corner of my screen (by the time, date, network connection, etc.). Also, when I go to disable my Windows Firewall and get to the screen from the Control Panel with "Turn Windows Firewall on or off" option on the left, when I click it the left panel disappears and I get "Ok" and "Cancel" buttons on the bottom of the screen. There does not seem to be any way to turn it on or off, and I am not sure that it is currently on.

When I look at Windows Task Manager I am not sure but I don't see any indication that any of these programs are running. What do I do? Should I go ahead and run ComboFix?

Edited by TDY329, 24 March 2012 - 04:58 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 24 March 2012 - 10:56 PM

Hello


the numbered instruction is my normal begaining for everybody


yes go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 March 2012 - 12:28 AM

Ok, ran ComboFix in safemode. It rebooted and I let it boot into the regular Windows, i.e. not safemode, because it didn't say to go to safemode. It ran without any problems, then rebooted again. I let it boot to regular Windows again. It got me the log but I also noted that the system-check was still running. I rebooted once more just to make sure and it was still there. Log below:

ComboFix 12-03-22.01 - Tim 03/25/2012 0:30.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1273 [GMT -4:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3YAxIso83QW0nz
c:\programdata\H85KwOa0.exe
c:\users\Tim\AppData\Roaming\Emmi
c:\users\Tim\AppData\Roaming\Emmi\esgyu.due
c:\users\Tim\AppData\Roaming\Estaow
c:\users\Tim\AppData\Roaming\Estaow\ewor.vom
c:\users\Tim\AppData\Roaming\Exuk
c:\users\Tim\AppData\Roaming\Exuk\neumy.exe
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hueh.exe
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Tim\AppData\Roaming\Orciet
c:\users\Tim\AppData\Roaming\Orciet\ikaq.exe
c:\users\Tim\AppData\Roaming\Ubilwy
c:\users\Tim\AppData\Roaming\Ubilwy\cehek.fyy
c:\windows\$NtUninstallKB55478$
c:\windows\$NtUninstallKB55478$\563027869
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\sp.Dll
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\vubjh.dll
c:\windows\TEMP\dmsbr.dll
c:\windows\TEMP\wisad.dll
c:\windows\XSxS
.
Infected copy of c:\windows\system32\drivers\csc.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\System32\autochk.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 04:48 . 2012-03-25 04:48 -------- d-----w- c:\users\Tim\AppData\Roaming\Uqvuuz
2012-03-25 04:48 . 2012-03-25 04:48 -------- d-----w- c:\users\Tim\AppData\Roaming\Ybmue
2012-03-25 04:48 . 2012-03-25 04:48 -------- d-----w- c:\users\Tim\AppData\Roaming\Teuhh
2012-03-24 23:47 . 2012-03-24 23:47 -------- d--h--w- c:\users\Tim\AppData\Local\{D3F9D139-7534-11E1-826D-B8AC6F996F26}
2012-03-24 23:47 . 2012-03-24 23:47 -------- d--h--w- c:\users\Tim\AppData\Local\{D3F99AFF-7534-11E1-826D-B8AC6F996F26}
2012-03-23 23:16 . 2012-03-23 23:18 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-23 22:14 . 2012-03-23 22:14 63488 --sha-w- c:\windows\system32\logn33.exe
2012-03-23 22:08 . 2012-03-23 22:08 194560 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vion.exe
2012-03-23 22:08 . 2012-03-23 22:08 194560 ----a-w- c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yburo.exe
2012-03-23 21:59 . 2012-03-23 23:02 -------- d-----w- c:\users\Tim\AppData\Roaming\Ixobo
2012-03-23 21:59 . 2012-03-23 21:59 243720 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\leope.exe
2012-03-23 12:45 . 2012-03-23 12:45 354304 ---ha-w- c:\programdata\3YAxIso83QW0nz.exe
2012-03-23 12:38 . 2012-03-25 04:46 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-03-23 12:37 . 2012-03-25 04:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-23 05:14 . 2012-03-23 05:11 440832 ---ha-w- c:\programdata\bQBDimwbRmHtD.exe
2012-03-23 02:25 . 2012-03-23 02:25 -------- d-----w- C:\found.000
2012-03-22 19:44 . 2012-03-22 19:44 89088 ----a-w- c:\windows\system32\calcnfig.dll
2012-03-22 17:27 . 2012-03-23 05:11 31232 ----a-w- c:\windows\system32\CsY4H.com
2012-03-22 17:26 . 2012-03-22 17:26 -------- d-----w- c:\windows\Sun
2012-03-22 02:23 . 2012-03-22 02:23 158720 ---ha-w- c:\programdata\Microsoft\Windows\DRM\D588.tmp
2012-03-20 19:32 . 2012-02-08 06:03 6552120 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FA8492E-BB5C-402A-997C-37F762535CEE}\mpengine.dll
2012-03-14 07:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 20:32 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:29 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:29 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:29 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:29 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:29 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:29 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 03:50 . 2011-12-16 20:46 44544 ----a-w- c:\windows\system32\agremove.exe
2012-02-23 14:18 . 2009-10-06 18:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-17 20:06 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-17 20:07 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-04-03 79872]
"Akamai NetSession Interface"="c:\users\Tim\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2009-04-30 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-30 296056]
"ICF"="c:\program files\Internet Content Filter\X3watchPRO.exe" [2011-03-21 1654504]
"bQBDimwbRmHtD.exe"="c:\programdata\bQBDimwbRmHtD.exe" [2012-03-23 440832]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
yburo.exe [2012-3-23 194560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
leope.exe [2012-3-23 243720]
vion.exe [2012-3-23 194560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ---ha-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-05 01:24 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S0 rpcnetp;rpcnetp; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 106104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\At11.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At13.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At15.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At17.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At19.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At21.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At23.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At25.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At27.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At29.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-25 c:\windows\Tasks\At3.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At31.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At33.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At35.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At37.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At39.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At41.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-25 c:\windows\Tasks\At43.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-25 c:\windows\Tasks\At45.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-25 c:\windows\Tasks\At47.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At49.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At5.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At7.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-23 c:\windows\Tasks\At9.job
- c:\windows\system32\CsY4H.com [2012-03-22 05:11]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178925919-3063591098-2084195045-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 22:48]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178925919-3063591098-2084195045-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 22:48]
.
2012-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178925919-3063591098-2084195045-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\System32\icf.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\m58jnm5n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Tim\AppData\Roaming\Move Networks
FF - Ext: Translate This!: {D3F99AFF-7534-11E1-826D-B8AC6F996F26} - c:\users\Tim\AppData\Local\{D3F99AFF-7534-11E1-826D-B8AC6F996F26}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKCU-Run-Vyeryfant - c:\users\Tim\AppData\Roaming\Exuk\neumy.exe
SafeBoot-Wdf01000.sys
SafeBoot-Symantec Antvirus
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2768)
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\windows\system32\nvcpl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Internet Content Filter\UpdateService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\programdata\3YAxIso83QW0nz.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-03-25 01:00:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 05:00
.
Pre-Run: 53,508,444,160 bytes free
Post-Run: 54,631,231,488 bytes free
.
- - End Of File - - E4A2A58659F178157FFB5ACEF8EF1478

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 25 March 2012 - 12:36 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 March 2012 - 04:56 PM

Ok, ran both without any issues. First the TDSSKiller log:

16:56:12.0198 3452 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:56:14.0220 3452 ============================================================
16:56:14.0220 3452 Current date / time: 2012/03/25 16:56:14.0220
16:56:14.0220 3452 SystemInfo:
16:56:14.0220 3452
16:56:14.0220 3452 OS Version: 6.1.7601 ServicePack: 1.0
16:56:14.0220 3452 Product type: Workstation
16:56:14.0220 3452 ComputerName: TIM-PC
16:56:14.0220 3452 UserName: Tim
16:56:14.0220 3452 Windows directory: C:\Windows
16:56:14.0220 3452 System windows directory: C:\Windows
16:56:14.0220 3452 Processor architecture: Intel x86
16:56:14.0220 3452 Number of processors: 2
16:56:14.0220 3452 Page size: 0x1000
16:56:14.0220 3452 Boot type: Safe boot with network
16:56:14.0220 3452 ============================================================
16:56:15.0663 3452 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:15.0664 3452 \Device\Harddisk0\DR0:
16:56:15.0665 3452 MBR used
16:56:15.0665 3452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x400000
16:56:15.0665 3452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x42B800, BlocksNum 0xDB68800
16:56:16.0057 3452 Initialize success
16:56:16.0057 3452 ============================================================
16:56:19.0211 4044 ============================================================
16:56:19.0211 4044 Scan started
16:56:19.0211 4044 Mode: Manual;
16:56:19.0211 4044 ============================================================
16:56:23.0304 4044 .csc - ok
16:56:23.0679 4044 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:56:23.0682 4044 1394ohci - ok
16:56:23.0969 4044 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:56:23.0974 4044 ac.sharedstore - ok
16:56:24.0295 4044 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:56:24.0326 4044 ACPI - ok
16:56:24.0458 4044 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:56:24.0460 4044 AcpiPmi - ok
16:56:24.0605 4044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:56:24.0614 4044 adp94xx - ok
16:56:24.0735 4044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:56:24.0770 4044 adpahci - ok
16:56:24.0877 4044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:56:24.0881 4044 adpu320 - ok
16:56:24.0948 4044 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:56:24.0950 4044 AeLookupSvc - ok
16:56:25.0070 4044 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:56:25.0077 4044 AFD - ok
16:56:25.0140 4044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:56:25.0142 4044 agp440 - ok
16:56:25.0196 4044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:56:25.0199 4044 aic78xx - ok
16:56:25.0520 4044 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files\common files\akamai/netsession_win_7de0ed9.dll
16:56:25.0520 4044 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
16:56:25.0528 4044 Akamai ( HiddenFile.Multi.Generic ) - warning
16:56:25.0529 4044 Akamai - detected HiddenFile.Multi.Generic (1)
16:56:25.0673 4044 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:56:25.0674 4044 ALG - ok
16:56:25.0762 4044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:56:25.0763 4044 aliide - ok
16:56:25.0791 4044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:56:25.0793 4044 amdagp - ok
16:56:25.0834 4044 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:56:25.0835 4044 amdide - ok
16:56:25.0897 4044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:56:25.0899 4044 AmdK8 - ok
16:56:25.0988 4044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:56:25.0990 4044 AmdPPM - ok
16:56:26.0073 4044 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:56:26.0075 4044 amdsata - ok
16:56:26.0144 4044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:56:26.0178 4044 amdsbs - ok
16:56:26.0227 4044 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:56:26.0229 4044 amdxata - ok
16:56:26.0341 4044 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:56:26.0344 4044 ApfiltrService - ok
16:56:26.0457 4044 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:56:26.0459 4044 AppID - ok
16:56:26.0513 4044 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:56:26.0514 4044 AppIDSvc - ok
16:56:26.0625 4044 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:56:26.0627 4044 Appinfo - ok
16:56:26.0770 4044 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:26.0773 4044 Apple Mobile Device - ok
16:56:26.0878 4044 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:56:26.0881 4044 AppMgmt - ok
16:56:26.0981 4044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:56:26.0983 4044 arc - ok
16:56:27.0037 4044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:56:27.0039 4044 arcsas - ok
16:56:27.0094 4044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:27.0098 4044 AsyncMac - ok
16:56:27.0163 4044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:56:27.0163 4044 atapi - ok
16:56:27.0287 4044 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:56:27.0297 4044 AudioEndpointBuilder - ok
16:56:27.0310 4044 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:56:27.0314 4044 Audiosrv - ok
16:56:27.0410 4044 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:56:27.0413 4044 AxInstSV - ok
16:56:27.0529 4044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:56:27.0539 4044 b06bdrv - ok
16:56:27.0638 4044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:56:27.0643 4044 b57nd60x - ok
16:56:27.0836 4044 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:56:27.0881 4044 BCM43XX - ok
16:56:27.0958 4044 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:56:27.0960 4044 BDESVC - ok
16:56:28.0056 4044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:56:28.0056 4044 Beep - ok
16:56:28.0159 4044 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:56:28.0169 4044 BFE - ok
16:56:28.0260 4044 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
16:56:28.0292 4044 BITS - ok
16:56:28.0361 4044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:56:28.0362 4044 blbdrive - ok
16:56:28.0773 4044 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:56:28.0780 4044 Bonjour Service - ok
16:56:28.0868 4044 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:56:28.0870 4044 bowser - ok
16:56:28.0937 4044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:56:28.0938 4044 BrFiltLo - ok
16:56:28.0963 4044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:56:28.0964 4044 BrFiltUp - ok
16:56:29.0035 4044 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:56:29.0037 4044 BridgeMP - ok
16:56:29.0149 4044 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:56:29.0151 4044 Browser - ok
16:56:29.0259 4044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:56:29.0265 4044 Brserid - ok
16:56:29.0302 4044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:56:29.0304 4044 BrSerWdm - ok
16:56:29.0329 4044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:56:29.0330 4044 BrUsbMdm - ok
16:56:29.0364 4044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:56:29.0365 4044 BrUsbSer - ok
16:56:29.0455 4044 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
16:56:29.0457 4044 BthEnum - ok
16:56:29.0528 4044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:56:29.0530 4044 BTHMODEM - ok
16:56:29.0627 4044 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:56:29.0630 4044 BthPan - ok
16:56:29.0702 4044 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
16:56:29.0709 4044 BTHPORT - ok
16:56:29.0811 4044 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:56:29.0813 4044 bthserv - ok
16:56:29.0886 4044 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
16:56:29.0888 4044 BTHUSB - ok
16:56:29.0995 4044 catchme - ok
16:56:30.0093 4044 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:56:30.0094 4044 ccEvtMgr - ok
16:56:30.0105 4044 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:56:30.0106 4044 ccSetMgr - ok
16:56:30.0230 4044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:56:30.0232 4044 cdfs - ok
16:56:30.0305 4044 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:56:30.0308 4044 cdrom - ok
16:56:30.0378 4044 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:56:30.0380 4044 CertPropSvc - ok
16:56:30.0532 4044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:56:30.0533 4044 circlass - ok
16:56:30.0576 4044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:56:30.0582 4044 CLFS - ok
16:56:30.0700 4044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:30.0703 4044 clr_optimization_v2.0.50727_32 - ok
16:56:30.0840 4044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:30.0901 4044 clr_optimization_v4.0.30319_32 - ok
16:56:30.0993 4044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:56:30.0994 4044 CmBatt - ok
16:56:31.0056 4044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:56:31.0058 4044 cmdide - ok
16:56:31.0133 4044 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:56:31.0140 4044 CNG - ok
16:56:31.0213 4044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:56:31.0214 4044 Compbatt - ok
16:56:31.0303 4044 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:56:31.0305 4044 CompositeBus - ok
16:56:31.0363 4044 COMSysApp - ok
16:56:31.0440 4044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:56:31.0441 4044 crcdisk - ok
16:56:31.0560 4044 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:56:31.0564 4044 CryptSvc - ok
16:56:31.0636 4044 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:56:31.0644 4044 CSC - ok
16:56:31.0699 4044 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:56:31.0710 4044 CscService - ok
16:56:31.0819 4044 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:56:31.0828 4044 DcomLaunch - ok
16:56:31.0883 4044 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:56:31.0888 4044 defragsvc - ok
16:56:32.0015 4044 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:56:32.0017 4044 DfsC - ok
16:56:32.0142 4044 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:56:32.0147 4044 Dhcp - ok
16:56:32.0201 4044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:56:32.0202 4044 discache - ok
16:56:32.0308 4044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:56:32.0309 4044 Disk - ok
16:56:32.0368 4044 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:56:32.0371 4044 Dnscache - ok
16:56:32.0452 4044 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:56:32.0457 4044 dot3svc - ok
16:56:32.0553 4044 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
16:56:32.0556 4044 Dot4 - ok
16:56:32.0674 4044 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
16:56:32.0675 4044 Dot4Print - ok
16:56:32.0735 4044 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
16:56:32.0737 4044 dot4usb - ok
16:56:32.0825 4044 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:56:32.0829 4044 DPS - ok
16:56:32.0886 4044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:56:32.0887 4044 drmkaud - ok
16:56:32.0989 4044 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:56:33.0037 4044 DXGKrnl - ok
16:56:33.0197 4044 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:56:33.0200 4044 EapHost - ok
16:56:33.0381 4044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:56:33.0442 4044 ebdrv - ok
16:56:33.0572 4044 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:56:33.0667 4044 eeCtrl - ok
16:56:33.0772 4044 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:56:33.0775 4044 EFS - ok
16:56:33.0868 4044 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:56:33.0879 4044 ehRecvr - ok
16:56:33.0931 4044 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:56:33.0934 4044 ehSched - ok
16:56:34.0074 4044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:56:34.0084 4044 elxstor - ok
16:56:34.0198 4044 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:56:34.0201 4044 EraserUtilRebootDrv - ok
16:56:34.0322 4044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:56:34.0323 4044 ErrDev - ok
16:56:34.0398 4044 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:56:34.0404 4044 EventSystem - ok
16:56:34.0435 4044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:56:34.0438 4044 exfat - ok
16:56:34.0467 4044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:56:34.0471 4044 fastfat - ok
16:56:34.0604 4044 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:56:34.0615 4044 Fax - ok
16:56:34.0672 4044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:56:34.0673 4044 fdc - ok
16:56:34.0707 4044 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:56:34.0709 4044 fdPHost - ok
16:56:34.0739 4044 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:56:34.0741 4044 FDResPub - ok
16:56:34.0809 4044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:56:34.0811 4044 FileInfo - ok
16:56:34.0836 4044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:56:34.0837 4044 Filetrace - ok
16:56:34.0963 4044 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:56:34.0976 4044 FLEXnet Licensing Service - ok
16:56:35.0047 4044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:35.0048 4044 flpydisk - ok
16:56:35.0145 4044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:56:35.0149 4044 FltMgr - ok
16:56:35.0235 4044 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:56:35.0250 4044 FontCache - ok
16:56:35.0321 4044 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:56:35.0323 4044 FontCache3.0.0.0 - ok
16:56:35.0424 4044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:56:35.0426 4044 FsDepends - ok
16:56:35.0455 4044 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:56:35.0457 4044 Fs_Rec - ok
16:56:35.0550 4044 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:56:35.0554 4044 fvevol - ok
16:56:35.0631 4044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:56:35.0633 4044 gagp30kx - ok
16:56:35.0756 4044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:35.0758 4044 GEARAspiWDM - ok
16:56:35.0832 4044 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:56:35.0844 4044 gpsvc - ok
16:56:35.0923 4044 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys
16:56:35.0925 4044 guardian2 - ok
16:56:35.0977 4044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:56:35.0979 4044 hcw85cir - ok
16:56:36.0091 4044 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:56:36.0098 4044 HdAudAddService - ok
16:56:36.0172 4044 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:56:36.0174 4044 HDAudBus - ok
16:56:36.0205 4044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:56:36.0206 4044 HidBatt - ok
16:56:36.0237 4044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:56:36.0239 4044 HidBth - ok
16:56:36.0295 4044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:56:36.0297 4044 HidIr - ok
16:56:36.0383 4044 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:56:36.0385 4044 hidserv - ok
16:56:36.0500 4044 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
16:56:36.0501 4044 HidUsb - ok
16:56:36.0557 4044 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:56:36.0561 4044 hkmsvc - ok
16:56:36.0616 4044 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:56:36.0621 4044 HomeGroupListener - ok
16:56:36.0710 4044 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:56:36.0715 4044 HomeGroupProvider - ok
16:56:36.0803 4044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:56:36.0805 4044 HpSAMD - ok
16:56:36.0980 4044 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:56:36.0995 4044 HPSLPSVC - ok
16:56:37.0121 4044 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:56:37.0131 4044 HTTP - ok
16:56:37.0178 4044 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:56:37.0179 4044 hwpolicy - ok
16:56:37.0236 4044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:56:37.0238 4044 i8042prt - ok
16:56:37.0317 4044 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:56:37.0324 4044 iaStorV - ok
16:56:37.0494 4044 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:56:37.0511 4044 idsvc - ok
16:56:37.0628 4044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:56:37.0630 4044 iirsp - ok
16:56:37.0713 4044 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:56:37.0727 4044 IKEEXT - ok
16:56:37.0772 4044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:56:37.0773 4044 intelide - ok
16:56:37.0824 4044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:56:37.0826 4044 intelppm - ok
16:56:37.0943 4044 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:56:37.0946 4044 IPBusEnum - ok
16:56:38.0016 4044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:38.0018 4044 IpFilterDriver - ok
16:56:38.0126 4044 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:56:38.0136 4044 iphlpsvc - ok
16:56:38.0283 4044 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:56:38.0285 4044 IPMIDRV - ok
16:56:38.0348 4044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:56:38.0350 4044 IPNAT - ok
16:56:38.0459 4044 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
16:56:38.0474 4044 iPod Service - ok
16:56:38.0566 4044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:56:38.0567 4044 IRENUM - ok
16:56:38.0675 4044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:56:38.0677 4044 isapnp - ok
16:56:38.0741 4044 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:56:38.0746 4044 iScsiPrt - ok
16:56:38.0804 4044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:56:38.0805 4044 kbdclass - ok
16:56:38.0896 4044 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:56:38.0897 4044 kbdhid - ok
16:56:38.0984 4044 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:38.0985 4044 KeyIso - ok
16:56:39.0014 4044 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:56:39.0017 4044 KSecDD - ok
16:56:39.0067 4044 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:56:39.0070 4044 KSecPkg - ok
16:56:39.0121 4044 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:56:39.0128 4044 KtmRm - ok
16:56:39.0242 4044 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
16:56:39.0247 4044 LanmanServer - ok
16:56:39.0321 4044 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:56:39.0333 4044 LanmanWorkstation - ok
16:56:39.0554 4044 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:56:39.0613 4044 LiveUpdate - ok
16:56:39.0771 4044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:56:39.0773 4044 lltdio - ok
16:56:39.0822 4044 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:56:39.0827 4044 lltdsvc - ok
16:56:39.0861 4044 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:56:39.0863 4044 lmhosts - ok
16:56:39.0922 4044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:56:39.0924 4044 LSI_FC - ok
16:56:40.0044 4044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:56:40.0046 4044 LSI_SAS - ok
16:56:40.0074 4044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:56:40.0076 4044 LSI_SAS2 - ok
16:56:40.0108 4044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:56:40.0111 4044 LSI_SCSI - ok
16:56:40.0145 4044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:56:40.0147 4044 luafv - ok
16:56:40.0200 4044 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:56:40.0203 4044 Mcx2Svc - ok
16:56:40.0304 4044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:56:40.0306 4044 megasas - ok
16:56:40.0364 4044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:56:40.0370 4044 MegaSR - ok
16:56:40.0412 4044 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:56:40.0415 4044 MMCSS - ok
16:56:40.0435 4044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:56:40.0436 4044 Modem - ok
16:56:40.0574 4044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:56:40.0576 4044 monitor - ok
16:56:40.0637 4044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:56:40.0639 4044 mouclass - ok
16:56:40.0706 4044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:56:40.0708 4044 mouhid - ok
16:56:40.0762 4044 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:56:40.0764 4044 mountmgr - ok
16:56:40.0875 4044 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:56:40.0878 4044 mpio - ok
16:56:40.0908 4044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:56:40.0910 4044 mpsdrv - ok
16:56:41.0017 4044 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:56:41.0029 4044 MpsSvc - ok
16:56:41.0142 4044 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:56:41.0146 4044 MRxDAV - ok
16:56:41.0198 4044 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:41.0201 4044 mrxsmb - ok
16:56:41.0239 4044 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:41.0244 4044 mrxsmb10 - ok
16:56:41.0268 4044 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:41.0270 4044 mrxsmb20 - ok
16:56:41.0398 4044 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:56:41.0400 4044 msahci - ok
16:56:41.0445 4044 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:56:41.0448 4044 msdsm - ok
16:56:41.0495 4044 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:56:41.0499 4044 MSDTC - ok
16:56:41.0575 4044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:56:41.0576 4044 Msfs - ok
16:56:41.0682 4044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:56:41.0683 4044 mshidkmdf - ok
16:56:41.0729 4044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:56:41.0730 4044 msisadrv - ok
16:56:41.0790 4044 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:56:41.0793 4044 MSiSCSI - ok
16:56:41.0806 4044 msiserver - ok
16:56:41.0870 4044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:56:41.0871 4044 MSKSSRV - ok
16:56:41.0907 4044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:41.0915 4044 MSPCLOCK - ok
16:56:41.0940 4044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:56:41.0941 4044 MSPQM - ok
16:56:41.0984 4044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:56:41.0988 4044 MsRPC - ok
16:56:42.0091 4044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:56:42.0092 4044 mssmbios - ok
16:56:42.0120 4044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:56:42.0121 4044 MSTEE - ok
16:56:42.0151 4044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:56:42.0152 4044 MTConfig - ok
16:56:42.0178 4044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:56:42.0179 4044 Mup - ok
16:56:42.0230 4044 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:56:42.0238 4044 napagent - ok
16:56:42.0371 4044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:56:42.0376 4044 NativeWifiP - ok
16:56:42.0536 4044 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVENG.SYS
16:56:42.0537 4044 NAVENG - ok
16:56:42.0624 4044 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120322.019\NAVEX15.SYS
16:56:42.0636 4044 NAVEX15 - ok
16:56:42.0780 4044 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:56:42.0794 4044 NDIS - ok
16:56:42.0861 4044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:56:42.0863 4044 NdisCap - ok
16:56:42.0922 4044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:42.0923 4044 NdisTapi - ok
16:56:43.0104 4044 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:43.0106 4044 Ndisuio - ok
16:56:43.0168 4044 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:43.0171 4044 NdisWan - ok
16:56:43.0220 4044 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:56:43.0222 4044 NDProxy - ok
16:56:43.0351 4044 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
16:56:43.0353 4044 Net Driver HPZ12 - ok
16:56:43.0432 4044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:56:43.0434 4044 NetBIOS - ok
16:56:43.0498 4044 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:56:43.0502 4044 NetBT - ok
16:56:43.0561 4044 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:43.0563 4044 Netlogon - ok
16:56:43.0690 4044 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:56:43.0697 4044 Netman - ok
16:56:43.0857 4044 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:56:43.0879 4044 netprofm - ok
16:56:43.0985 4044 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:56:43.0988 4044 NetTcpPortSharing - ok
16:56:44.0125 4044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:56:44.0126 4044 nfrd960 - ok
16:56:44.0196 4044 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:56:44.0202 4044 NlaSvc - ok
16:56:44.0225 4044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:56:44.0226 4044 Npfs - ok
16:56:44.0278 4044 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:56:44.0280 4044 nsi - ok
16:56:44.0357 4044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:56:44.0358 4044 nsiproxy - ok
16:56:44.0517 4044 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:56:44.0540 4044 Ntfs - ok
16:56:44.0573 4044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:56:44.0574 4044 Null - ok
16:56:44.0916 4044 nvlddmkm (dc89868592d74de404406c9420c3f277) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:45.0198 4044 nvlddmkm - ok
16:56:45.0352 4044 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:56:45.0355 4044 nvraid - ok
16:56:45.0387 4044 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:56:45.0392 4044 nvstor - ok
16:56:45.0458 4044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:56:45.0461 4044 nv_agp - ok
16:56:45.0892 4044 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:56:45.0902 4044 odserv - ok
16:56:46.0030 4044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:56:46.0032 4044 ohci1394 - ok
16:56:46.0234 4044 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:56:46.0290 4044 ose - ok
16:56:46.0513 4044 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:56:46.0521 4044 p2pimsvc - ok
16:56:46.0575 4044 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:56:46.0585 4044 p2psvc - ok
16:56:46.0656 4044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:56:46.0658 4044 Parport - ok
16:56:46.0723 4044 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:56:46.0725 4044 partmgr - ok
16:56:46.0777 4044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:56:46.0778 4044 Parvdm - ok
16:56:46.0822 4044 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:56:46.0827 4044 PcaSvc - ok
16:56:46.0893 4044 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:56:46.0896 4044 pci - ok
16:56:46.0945 4044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:56:46.0946 4044 pciide - ok
16:56:46.0998 4044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:56:47.0002 4044 pcmcia - ok
16:56:47.0060 4044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:56:47.0062 4044 pcw - ok
16:56:47.0111 4044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:56:47.0122 4044 PEAUTH - ok
16:56:47.0332 4044 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:56:47.0354 4044 PeerDistSvc - ok
16:56:47.0526 4044 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:56:47.0556 4044 pla - ok
16:56:47.0666 4044 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:56:47.0674 4044 PlugPlay - ok
16:56:47.0763 4044 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
16:56:47.0766 4044 Pml Driver HPZ12 - ok
16:56:47.0800 4044 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:56:47.0803 4044 PNRPAutoReg - ok
16:56:47.0848 4044 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:56:47.0852 4044 PNRPsvc - ok
16:56:47.0924 4044 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:56:47.0932 4044 PolicyAgent - ok
16:56:48.0055 4044 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:56:48.0085 4044 Power - ok
16:56:48.0186 4044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:56:48.0188 4044 PptpMiniport - ok
16:56:48.0233 4044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:56:48.0235 4044 Processor - ok
16:56:48.0292 4044 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:56:48.0297 4044 ProfSvc - ok
16:56:48.0372 4044 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:48.0374 4044 ProtectedStorage - ok
16:56:48.0473 4044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:56:48.0476 4044 Psched - ok
16:56:48.0609 4044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:56:48.0635 4044 ql2300 - ok
16:56:48.0687 4044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:56:48.0690 4044 ql40xx - ok
16:56:48.0781 4044 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:56:48.0787 4044 QWAVE - ok
16:56:48.0834 4044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:56:48.0861 4044 QWAVEdrv - ok
16:56:48.0915 4044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:56:48.0916 4044 RasAcd - ok
16:56:48.0978 4044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:56:48.0980 4044 RasAgileVpn - ok
16:56:49.0046 4044 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:56:49.0050 4044 RasAuto - ok
16:56:49.0089 4044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:49.0091 4044 Rasl2tp - ok
16:56:49.0151 4044 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:56:49.0159 4044 RasMan - ok
16:56:49.0229 4044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:49.0232 4044 RasPppoe - ok
16:56:49.0289 4044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:56:49.0291 4044 RasSstp - ok
16:56:49.0362 4044 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:56:49.0367 4044 rdbss - ok
16:56:49.0418 4044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:56:49.0420 4044 rdpbus - ok
16:56:49.0545 4044 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:49.0546 4044 RDPCDD - ok
16:56:49.0661 4044 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:56:49.0664 4044 RDPDR - ok
16:56:49.0725 4044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:56:49.0727 4044 RDPENCDD - ok
16:56:49.0774 4044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:56:49.0775 4044 RDPREFMP - ok
16:56:49.0852 4044 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
16:56:49.0853 4044 RdpVideoMiniport - ok
16:56:49.0907 4044 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:56:49.0912 4044 RDPWD - ok
16:56:50.0057 4044 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:56:50.0062 4044 rdyboost - ok
16:56:50.0139 4044 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:56:50.0143 4044 RemoteAccess - ok
16:56:50.0195 4044 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:56:50.0200 4044 RemoteRegistry - ok
16:56:50.0456 4044 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:56:50.0460 4044 RFCOMM - ok
16:56:50.0534 4044 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:56:50.0537 4044 RpcEptMapper - ok
16:56:50.0577 4044 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:56:50.0579 4044 RpcLocator - ok
16:56:50.0687 4044 rpcnetp (ac1a85d3ca1b6265cad4ed41b696f9b7) C:\Windows\System32\rpcnetp.exe
16:56:50.0690 4044 rpcnetp - ok
16:56:50.0752 4044 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:56:50.0757 4044 RpcSs - ok
16:56:50.0933 4044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:56:50.0935 4044 rspndr - ok
16:56:51.0014 4044 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:56:51.0015 4044 s3cap - ok
16:56:51.0061 4044 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:56:51.0063 4044 SamSs - ok
16:56:51.0102 4044 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:56:51.0104 4044 sbp2port - ok
16:56:51.0138 4044 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:56:51.0143 4044 SCardSvr - ok
16:56:51.0238 4044 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:56:51.0239 4044 scfilter - ok
16:56:51.0341 4044 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:56:51.0358 4044 Schedule - ok
16:56:51.0422 4044 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:56:51.0423 4044 SCPolicySvc - ok
16:56:51.0506 4044 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:56:51.0512 4044 SDRSVC - ok
16:56:51.0870 4044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:56:51.0871 4044 secdrv - ok
16:56:51.0924 4044 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:56:51.0927 4044 seclogon - ok
16:56:51.0951 4044 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
16:56:51.0954 4044 SENS - ok
16:56:52.0013 4044 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:56:52.0016 4044 SensrSvc - ok
16:56:52.0051 4044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:56:52.0053 4044 Serenum - ok
16:56:52.0111 4044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:56:52.0114 4044 Serial - ok
16:56:52.0203 4044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:56:52.0205 4044 sermouse - ok
16:56:52.0313 4044 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:56:52.0318 4044 SessionEnv - ok
16:56:52.0363 4044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:56:52.0365 4044 sffdisk - ok
16:56:52.0384 4044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:56:52.0385 4044 sffp_mmc - ok
16:56:52.0415 4044 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:56:52.0416 4044 sffp_sd - ok
16:56:52.0497 4044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:56:52.0509 4044 sfloppy - ok
16:56:52.0588 4044 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:56:52.0595 4044 SharedAccess - ok
16:56:52.0669 4044 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:56:52.0678 4044 ShellHWDetection - ok
16:56:52.0738 4044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:56:52.0740 4044 sisagp - ok
16:56:52.0852 4044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:56:52.0854 4044 SiSRaid2 - ok
16:56:52.0899 4044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:56:52.0901 4044 SiSRaid4 - ok
16:56:52.0986 4044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:56:52.0989 4044 Smb - ok
16:56:53.0132 4044 SmcService (a58c1a086d9c09c6572c948f22cc0e94) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:56:53.0167 4044 SmcService - ok
16:56:53.0201 4044 SNAC (d2c222441255131e29de351475f98f6d) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
16:56:53.0210 4044 SNAC - ok
16:56:53.0359 4044 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:56:53.0388 4044 SNMPTRAP - ok
16:56:53.0618 4044 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:56:53.0630 4044 SPBBCDrv - ok
16:56:53.0815 4044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:56:53.0816 4044 spldr - ok
16:56:53.0874 4044 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:56:53.0884 4044 Spooler - ok
16:56:54.0402 4044 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:56:54.0473 4044 sppsvc - ok
16:56:54.0591 4044 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:56:54.0595 4044 sppuinotify - ok
16:56:54.0681 4044 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
16:56:54.0687 4044 SRTSP - ok
16:56:54.0744 4044 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
16:56:54.0751 4044 SRTSPL - ok
16:56:54.0817 4044 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
16:56:54.0819 4044 SRTSPX - ok
16:56:54.0956 4044 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:56:54.0967 4044 srv - ok
16:56:55.0001 4044 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:56:55.0008 4044 srv2 - ok
16:56:55.0157 4044 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:56:55.0162 4044 SrvHsfHDA - ok
16:56:55.0236 4044 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:56:55.0256 4044 SrvHsfV92 - ok
16:56:55.0316 4044 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:56:55.0330 4044 SrvHsfWinac - ok
16:56:55.0483 4044 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:56:55.0486 4044 srvnet - ok
16:56:55.0599 4044 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:56:55.0604 4044 SSDPSRV - ok
16:56:55.0674 4044 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:56:55.0678 4044 SstpSvc - ok
16:56:55.0718 4044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:56:55.0719 4044 stexstor - ok
16:56:55.0807 4044 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:56:55.0819 4044 StiSvc - ok
16:56:55.0945 4044 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:56:55.0947 4044 storflt - ok
16:56:55.0998 4044 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:56:55.0999 4044 storvsc - ok
16:56:56.0067 4044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:56:56.0068 4044 swenum - ok
16:56:56.0194 4044 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:56:56.0203 4044 swprv - ok
16:56:56.0384 4044 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:56:56.0402 4044 Symantec AntiVirus - ok
16:56:56.0606 4044 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
16:56:56.0623 4044 SymEvent - ok
16:56:56.0664 4044 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
16:56:56.0666 4044 SYMREDRV - ok
16:56:56.0751 4044 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
16:56:56.0756 4044 SYMTDI - ok
16:56:57.0103 4044 Synth3dVsc - ok
16:56:57.0616 4044 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:56:57.0652 4044 SysMain - ok
16:56:57.0838 4044 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:56:57.0855 4044 TabletInputService - ok
16:56:57.0970 4044 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:56:57.0977 4044 TapiSrv - ok
16:56:58.0125 4044 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:56:58.0129 4044 TBS - ok
16:56:58.0392 4044 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:56:58.0422 4044 Tcpip - ok
16:56:58.0715 4044 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:56:58.0724 4044 TCPIP6 - ok
16:56:58.0900 4044 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:56:58.0902 4044 tcpipreg - ok
16:56:58.0997 4044 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:56:58.0999 4044 TDPIPE - ok
16:56:59.0099 4044 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:56:59.0103 4044 TDTCP - ok
16:56:59.0310 4044 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:56:59.0322 4044 tdx - ok
16:56:59.0386 4044 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:56:59.0388 4044 TermDD - ok
16:56:59.0661 4044 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:56:59.0740 4044 TermService - ok
16:57:00.0080 4044 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:57:00.0084 4044 Themes - ok
16:57:00.0134 4044 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:00.0136 4044 THREADORDER - ok
16:57:00.0199 4044 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:57:00.0203 4044 TrkWks - ok
16:57:00.0277 4044 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
16:57:00.0279 4044 TrueSight - ok
16:57:00.0423 4044 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:57:00.0428 4044 TrustedInstaller - ok
16:57:00.0513 4044 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:00.0515 4044 tssecsrv - ok
16:57:00.0627 4044 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:57:00.0630 4044 TsUsbFlt - ok
16:57:00.0678 4044 tsusbhub - ok
16:57:00.0770 4044 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:00.0773 4044 tunnel - ok
16:57:00.0879 4044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:57:00.0881 4044 uagp35 - ok
16:57:00.0967 4044 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:57:00.0972 4044 udfs - ok
16:57:01.0052 4044 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:57:01.0056 4044 UI0Detect - ok
16:57:01.0220 4044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:57:01.0251 4044 uliagpkx - ok
16:57:01.0384 4044 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:57:01.0397 4044 umbus - ok
16:57:01.0480 4044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:57:01.0482 4044 UmPass - ok
16:57:01.0634 4044 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:57:01.0640 4044 UmRdpService - ok
16:57:01.0721 4044 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:57:01.0729 4044 upnphost - ok
16:57:01.0891 4044 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
16:57:01.0893 4044 USBAAPL - ok
16:57:01.0947 4044 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
16:57:01.0986 4044 usbccgp - ok
16:57:02.0096 4044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:57:02.0099 4044 usbcir - ok
16:57:02.0190 4044 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:02.0192 4044 usbehci - ok
16:57:02.0266 4044 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:02.0271 4044 usbhub - ok
16:57:02.0311 4044 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:57:02.0313 4044 usbohci - ok
16:57:02.0343 4044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:57:02.0345 4044 usbprint - ok
16:57:02.0391 4044 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:57:02.0393 4044 usbscan - ok
16:57:02.0491 4044 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:02.0493 4044 USBSTOR - ok
16:57:02.0558 4044 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:02.0559 4044 usbuhci - ok
16:57:02.0600 4044 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:57:02.0605 4044 UxSms - ok
16:57:02.0750 4044 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:57:02.0752 4044 VaultSvc - ok
16:57:02.0876 4044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:57:02.0877 4044 vdrvroot - ok
16:57:02.0952 4044 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:57:02.0964 4044 vds - ok
16:57:03.0006 4044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:03.0008 4044 vga - ok
16:57:03.0061 4044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:57:03.0063 4044 VgaSave - ok
16:57:03.0166 4044 VGPU - ok
16:57:03.0243 4044 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:57:03.0247 4044 vhdmp - ok
16:57:03.0317 4044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:57:03.0319 4044 viaagp - ok
16:57:03.0359 4044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:57:03.0362 4044 ViaC7 - ok
16:57:03.0491 4044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:57:03.0518 4044 viaide - ok
16:57:03.0618 4044 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:57:03.0622 4044 vmbus - ok
16:57:03.0673 4044 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:57:03.0675 4044 VMBusHID - ok
16:57:03.0710 4044 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:57:03.0712 4044 volmgr - ok
16:57:03.0760 4044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:57:03.0767 4044 volmgrx - ok
16:57:03.0919 4044 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:57:03.0925 4044 volsnap - ok
16:57:04.0107 4044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:04.0111 4044 vsmraid - ok
16:57:04.0225 4044 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:57:04.0247 4044 VSS - ok
16:57:04.0313 4044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:57:04.0314 4044 vwifibus - ok
16:57:04.0398 4044 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:57:04.0400 4044 vwififlt - ok
16:57:04.0513 4044 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
16:57:04.0514 4044 vwifimp - ok
16:57:04.0576 4044 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:57:04.0610 4044 W32Time - ok
16:57:04.0708 4044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:57:04.0710 4044 WacomPen - ok
16:57:04.0781 4044 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:04.0783 4044 WANARP - ok
16:57:04.0797 4044 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:04.0798 4044 Wanarpv6 - ok
16:57:05.0058 4044 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:57:05.0090 4044 WatAdminSvc - ok
16:57:05.0183 4044 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:57:05.0208 4044 wbengine - ok
16:57:05.0320 4044 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:57:05.0326 4044 WbioSrvc - ok
16:57:05.0403 4044 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:57:05.0413 4044 wcncsvc - ok
16:57:05.0461 4044 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:57:05.0464 4044 WcsPlugInService - ok
16:57:05.0534 4044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:57:05.0536 4044 Wd - ok
16:57:05.0614 4044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:57:05.0623 4044 Wdf01000 - ok
16:57:05.0694 4044 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:05.0698 4044 WdiServiceHost - ok
16:57:05.0705 4044 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:05.0708 4044 WdiSystemHost - ok
16:57:05.0781 4044 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:57:05.0788 4044 WebClient - ok
16:57:05.0861 4044 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:57:05.0889 4044 Wecsvc - ok
16:57:05.0975 4044 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:57:05.0979 4044 wercplsupport - ok
16:57:06.0065 4044 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:57:06.0069 4044 WerSvc - ok
16:57:06.0183 4044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:06.0184 4044 WfpLwf - ok
16:57:06.0220 4044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:57:06.0221 4044 WIMMount - ok
16:57:06.0348 4044 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:57:06.0361 4044 WinDefend - ok
16:57:06.0377 4044 WinHttpAutoProxySvc - ok
16:57:06.0522 4044 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:57:06.0526 4044 Winmgmt - ok
16:57:06.0623 4044 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:57:06.0648 4044 WinRM - ok
16:57:06.0808 4044 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:57:06.0810 4044 WinUsb - ok
16:57:06.0864 4044 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:57:06.0882 4044 Wlansvc - ok
16:57:07.0090 4044 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:57:07.0123 4044 wlidsvc - ok
16:57:07.0272 4044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:57:07.0273 4044 WmiAcpi - ok
16:57:07.0413 4044 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:57:07.0417 4044 wmiApSrv - ok
16:57:07.0566 4044 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:07.0587 4044 WMPNetworkSvc - ok
16:57:07.0677 4044 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:57:07.0682 4044 WPCSvc - ok
16:57:07.0939 4044 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:57:07.0954 4044 WPDBusEnum - ok
16:57:08.0042 4044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:08.0043 4044 ws2ifsl - ok
16:57:08.0101 4044 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
16:57:08.0105 4044 wscsvc - ok
16:57:08.0117 4044 WSearch - ok
16:57:08.0290 4044 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:57:08.0334 4044 wuauserv - ok
16:57:08.0392 4044 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:57:08.0394 4044 WudfPf - ok
16:57:08.0516 4044 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:08.0520 4044 WUDFRd - ok
16:57:08.0567 4044 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:57:08.0572 4044 wudfsvc - ok
16:57:08.0613 4044 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:57:08.0619 4044 WwanSvc - ok
16:57:08.0774 4044 x3UpdateSvc (0111b320cdc08439c626cf5c5981cac6) C:\Program Files\Internet Content Filter\UpdateService.exe
16:57:08.0779 4044 x3UpdateSvc - ok
16:57:08.0853 4044 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
16:57:08.0876 4044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:57:08.0876 4044 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:57:08.0901 4044 Boot (0x1200) (f143e7eb052ff2a23808cc9389537b2c) \Device\Harddisk0\DR0\Partition0
16:57:08.0902 4044 \Device\Harddisk0\DR0\Partition0 - ok
16:57:08.0932 4044 Boot (0x1200) (90f7c297eba248ba108c1ee5602e5fcd) \Device\Harddisk0\DR0\Partition1
16:57:08.0934 4044 \Device\Harddisk0\DR0\Partition1 - ok
16:57:08.0934 4044 ============================================================
16:57:08.0934 4044 Scan finished
16:57:08.0934 4044 ============================================================
16:57:08.0947 3876 Detected object count: 2
16:57:08.0947 3876 Actual detected object count: 2
17:08:10.0185 3876 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:08:10.0185 3876 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:08:10.0322 3876 \Device\Harddisk0\DR0\# - copied to quarantine
17:08:10.0322 3876 \Device\Harddisk0\DR0 - copied to quarantine
17:08:10.0387 3876 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:08:10.0402 3876 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:08:10.0405 3876 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:08:10.0406 3876 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:08:10.0409 3876 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:08:10.0412 3876 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:08:10.0420 3876 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:08:10.0426 3876 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:08:10.0427 3876 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:08:10.0428 3876 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:08:10.0430 3876 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:08:10.0432 3876 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:08:10.0451 3876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:08:10.0452 3876 \Device\Harddisk0\DR0 - ok
17:08:10.0457 3876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:08:16.0308 2200 Deinitialize success

#10 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 March 2012 - 04:59 PM

Now the aswMBR log, but I'll first note that I booted to Windows after running TDSSKiller and it appeared that the system-check virus was still present:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 17:29:50
-----------------------------
17:29:50.337 OS Version: Windows 6.1.7601 Service Pack 1
17:29:50.337 Number of processors: 2 586 0xF0D
17:29:50.337 ComputerName: TIM-PC UserName: Tim
17:30:10.820 Initialize success
17:35:12.992 AVAST engine defs: 12032501
17:36:51.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:36:51.912 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
17:36:51.943 Disk 0 MBR read successfully
17:36:51.943 Disk 0 MBR scan
17:36:51.959 Disk 0 Windows 7 default MBR code
17:36:51.974 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
17:36:51.974 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 178176
17:36:52.006 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 112337 MB offset 4372480
17:36:52.006 Disk 0 scanning sectors +234438656
17:36:52.099 Disk 0 scanning C:\Windows\system32\drivers
17:37:03.425 Service scanning
17:37:04.236 Service .csc \? **LOCKED** 123
17:37:33.767 Modules scanning
17:37:39.383 Disk 0 trace - called modules:
17:37:39.414 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:37:39.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e1a0e8]
17:37:39.430 3 CLASSPNP.SYS[8820459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84986030]
17:37:39.929 AVAST engine scan C:\Windows
17:37:43.080 AVAST engine scan C:\Windows\system32
17:37:48.072 File: C:\Windows\system32\autochk.exe **INFECTED** Win32:Malware-gen
17:37:51.644 File: C:\Windows\system32\calcnfig.dll **INFECTED** Win32:Trojan-gen
17:37:57.713 File: C:\Windows\system32\CsY4H.com **INFECTED** Win32:Malware-gen
17:40:44.602 AVAST engine scan C:\Windows\system32\drivers
17:40:58.346 AVAST engine scan C:\Users\Tim
17:44:17.870 File: C:\Users\Tim\AppData\Roaming\Wuysi\vufi.exe **INFECTED** Win32:Kryptik-IDX [Trj]
17:44:17.948 File: C:\Users\Tim\AppData\Roaming\Ybmue\opxuy.exe **INFECTED** Win32:Kryptik-IDX [Trj]
17:48:23.648 AVAST engine scan C:\ProgramData
17:48:23.742 File: C:\ProgramData\3YAxIso83QW0nz.exe **INFECTED** Win32:FakeSysdefs-A [Trj]
17:48:24.772 File: C:\ProgramData\bQBDimwbRmHtD.exe **INFECTED** Win32:FakeSysdefs-A [Trj]
17:48:40.652 File: C:\ProgramData\Microsoft\Windows\DRM\D588.tmp **INFECTED** Win32:Rootkit-gen [Rtk]
17:49:25.705 Scan finished successfully
17:52:03.625 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
17:52:03.641 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 25 March 2012 - 08:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::
Folder::
C:\ProgramData\Microsoft\Windows\DRM
c:\users\Tim\AppData\Roaming\Uqvuuz
c:\users\Tim\AppData\Roaming\Ybmue
c:\users\Tim\AppData\Roaming\Teuhh
c:\users\Tim\AppData\Roaming\Ixobo

File::
C:\Users\Tim\AppData\Roaming\Wuysi\vufi.exe
C:\Users\Tim\AppData\Roaming\Ybmue\opxuy.exe
C:\ProgramData\3YAxIso83QW0nz.exe
C:\ProgramData\bQBDimwbRmHtD.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vion.exe
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yburo.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\leope.exe
c:\windows\system32\CsY4H.com


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 25 March 2012 - 11:33 PM

Ok, had some problems with ComboFix telling me that Symantec Endpoint Protection was running, but after restarting once or twice it went away. I'm not in safemode and there's no sign of the system check virus (no popup windows, no icons, no hijacking other programs). My start menu has still been wiped of shortcuts, though the folders are still there, and my CPU isn't constantly running at 100%. Things seem to be running fine. Here's the log:

ComboFix 12-03-25.01 - Tim 03/25/2012 23:58:59.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1502 [GMT -4:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
Command switches used :: c:\users\Tim\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\3YAxIso83QW0nz.exe"
"c:\programdata\bQBDimwbRmHtD.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\leope.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vion.exe"
"c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yburo.exe"
"c:\users\Tim\AppData\Roaming\Wuysi\vufi.exe"
"c:\users\Tim\AppData\Roaming\Ybmue\opxuy.exe"
"c:\windows\system32\CsY4H.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~3YAxIso83QW0nz
c:\programdata\~3YAxIso83QW0nzr
c:\programdata\3YAxIso83QW0nz.exe
c:\programdata\bQBDimwbRmHtD.exe
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-3178925919-3063591098-2084195045-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\D588.tmp
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\DRMv1.bak
c:\programdata\Microsoft\Windows\DRM\DRMv1.key
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\migration.log
c:\programdata\Microsoft\Windows\DRM\migration.log.source
c:\programdata\Microsoft\Windows\DRM\preupgrade\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\preupgrade\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\preupgrade\DRMv1.bak
c:\programdata\Microsoft\Windows\DRM\preupgrade\DRMv1.key
c:\programdata\Microsoft\Windows\DRM\preupgrade\migration.log
c:\programdata\Microsoft\Windows\DRM\preupgrade\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\preupgrade\v3ks.sec
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\leope.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vion.exe
c:\users\Tim\AppData\Roaming\Ixobo
c:\users\Tim\AppData\Roaming\Lepy
c:\users\Tim\AppData\Roaming\Lepy\urosh.ibe
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\m58jnm5n.default\searchplugins\bing-zugo.xml
c:\users\Tim\AppData\Roaming\Teuhh
c:\users\Tim\AppData\Roaming\Teuhh\riog.hic
c:\users\Tim\AppData\Roaming\Uqvuuz
c:\users\Tim\AppData\Roaming\Uqvuuz\nycug.ydq
c:\users\Tim\AppData\Roaming\Wuysi
c:\users\Tim\AppData\Roaming\Wuysi\vufi.exe
c:\users\Tim\AppData\Roaming\Ybmue
c:\users\Tim\AppData\Roaming\Ybmue\opxuy.exe
c:\users\Tim\Desktop\System Check.lnk
c:\windows\system32\CsY4H.com
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At9.job
.
c:\windows\System32\autochk.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 04:06 . 2012-03-26 04:11 -------- d-----w- c:\users\Tim\AppData\Local\temp
2012-03-26 04:06 . 2012-03-26 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 21:08 . 2012-03-25 21:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 05:07 . 2012-03-26 02:45 -------- d--h--w- c:\users\Tim\AppData\Roaming\Daogfy
2012-03-25 04:22 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-24 23:47 . 2012-03-24 23:47 -------- d--h--w- c:\users\Tim\AppData\Local\{D3F9D139-7534-11E1-826D-B8AC6F996F26}
2012-03-24 23:47 . 2012-03-24 23:47 -------- d--h--w- c:\users\Tim\AppData\Local\{D3F99AFF-7534-11E1-826D-B8AC6F996F26}
2012-03-23 23:16 . 2012-03-23 23:18 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-23 22:14 . 2012-03-23 22:14 63488 --sha-w- c:\windows\system32\logn33.exe
2012-03-23 12:38 . 2012-03-26 04:09 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-03-23 12:37 . 2012-03-26 04:07 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-23 05:14 . 2012-03-23 05:14 84992 ----a-w- c:\windows\system32\CsY4H.com__
2012-03-23 02:25 . 2012-03-23 02:25 -------- d-----w- C:\found.000
2012-03-22 19:44 . 2012-03-22 19:44 89088 ----a-w- c:\windows\system32\calcnfig.dll
2012-03-22 17:26 . 2012-03-22 17:26 -------- d-----w- c:\windows\Sun
2012-03-20 19:32 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FA8492E-BB5C-402A-997C-37F762535CEE}\mpengine.dll
2012-03-14 07:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 20:32 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:29 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:29 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:29 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:29 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:29 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:29 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 03:50 . 2011-12-16 20:46 44544 ----a-w- c:\windows\system32\agremove.exe
2012-02-23 14:18 . 2009-10-06 18:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-17 20:06 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-17 20:07 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-04-03 79872]
"Akamai NetSession Interface"="c:\users\Tim\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Vyeryfant"="c:\users\Tim\AppData\Roaming\Exuk\neumy.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2009-04-30 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-30 296056]
"ICF"="c:\program files\Internet Content Filter\X3watchPRO.exe" [2011-03-21 1654504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe" [2011-10-24 247968]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-05 01:24 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S0 rpcnetp;rpcnetp; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 106104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178925919-3063591098-2084195045-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 22:48]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178925919-3063591098-2084195045-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-03 22:48]
.
2012-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178925919-3063591098-2084195045-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\System32\icf.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\m58jnm5n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Tim\AppData\Roaming\Move Networks
FF - Ext: Translate This!: {D3F99AFF-7534-11E1-826D-B8AC6F996F26} - c:\users\Tim\AppData\Local\{D3F99AFF-7534-11E1-826D-B8AC6F996F26}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKCU-Run-Leefcap - c:\users\Tim\AppData\Roaming\Wuysi\vufi.exe
HKLM-Run-bQBDimwbRmHtD.exe - c:\programdata\bQBDimwbRmHtD.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Internet Content Filter\UpdateService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-03-26 00:22:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 04:22
ComboFix2.txt 2012-03-25 05:00
.
Pre-Run: 54,368,722,944 bytes free
Post-Run: 54,409,682,944 bytes free
.
- - End Of File - - 8052B5CBF5B9F6098AA922F3FB0627A0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 26 March 2012 - 09:23 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.2
Java™ 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 27 March 2012 - 09:58 PM

No major problems. Things seem to be running much as they were before this step--i.e. no noticeable problems other than my start menu has no shortcuts on it. Here's the logs:

MBAM:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tim :: TIM-PC [administrator]

Protection: Enabled

3/27/2012 9:57:21 PM
mbam-log-2012-03-27 (21-57-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196521
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\oexuquj.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\CsY4H.com__ (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Users\Tim\Downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Tim\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:27 PM, on 3/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Content Filter\X3WatchPRO.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Content Filter\X3WatchPRO.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\X3watchPRO.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Vyeryfant] C:\Users\Tim\AppData\Roaming\Exuk\neumy.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: X3WatchPRO Update Service (x3UpdateSvc) - InternetSafety.com, Inc. - C:\Program Files\Internet Content Filter\UpdateService.exe

--
End of file - 10319 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 27 March 2012 - 10:31 PM

Hello

to put back the shortcuts you will have to do this

using avast as an example

In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast




These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Vyeryfant] C:\Users\Tim\AppData\Roaming\Exuk\neumy.exe
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users