Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assistance with a link hi-jacking issue.


  • This topic is locked This topic is locked
12 replies to this topic

#1 melomaniac

melomaniac

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 24 March 2012 - 09:52 PM

I have noticed the issue in Firefox and Chrome, not Internet Explorer (as of yet, I have not tested this extensively). When searching via google.com and clicking a link, it takes me to happili.com or gimmeanswers.com with results similar to my query. I noticed this about 1 week ago. Prior to the issue I was using BitDefender AV 2011. This expired so I used AVG free for about 2 weeks. This is when I noticed the issue. I then purchased Norton Internet Security 2012. I have ran 2 full system scans since noticing the issue, all threats removed. The issue persisted so I got MalwareBytes and Spybot S&D, both find nothing on full scans. If someone could help me resolve this, I would be glad to compensate for your troubles.

I read a guide from a similar issue in which Gringp instructed to first run DeFogger, then DDS. I did so, my log from DDS is as follows:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Timothy at 22:44:55 on 2012-03-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1140 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\atibtmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
uRun: [Google Update] "C:\Users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFB8CB99-583E-4B61-86D2-E238F509B361} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFB8CB99-583E-4B61-86D2-E238F509B361}\4457E6563794E6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFB8CB99-583E-4B61-86D2-E238F509B361}\841607079774962716666656D27657563747 : DhcpNameServer = 192.168.33.1 192.168.2.1
TCP: Interfaces\{BFB8CB99-583E-4B61-86D2-E238F509B361}\84741434 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{BFB8CB99-583E-4B61-86D2-E238F509B361}\C696E6B6379737 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DhcpNameServer = 192.168.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\h03azkz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Timothy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Timothy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-8 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-24 138232]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-1-25 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-1-25 487280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-17 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-3-6 131912]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys --> C:\Windows\system32\DRIVERS\s1018bus.sys [?]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys --> C:\Windows\system32\DRIVERS\s1018mdfl.sys [?]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys --> C:\Windows\system32\DRIVERS\s1018mdm.sys [?]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys --> C:\Windows\system32\DRIVERS\s1018mgmt.sys [?]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys --> C:\Windows\system32\DRIVERS\s1018nd5.sys [?]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys --> C:\Windows\system32\DRIVERS\s1018obex.sys [?]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys --> C:\Windows\system32\DRIVERS\s1018unic.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-25 02:07:55 -------- d-s---w- C:\ComboFix
2012-03-24 18:37:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-24 18:37:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-24 18:31:43 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-24 18:31:43 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-24 18:31:43 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-24 18:31:43 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-24 18:31:43 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-24 18:31:43 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-24 18:31:43 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-24 18:31:26 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-23 23:25:59 -------- d-----w- C:\Users\Timothy\AppData\Roaming\Malwarebytes
2012-03-23 23:25:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 23:25:46 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-23 23:25:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 23:14:50 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-03-19 18:52:52 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
2012-03-19 18:52:52 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
2012-03-19 18:52:51 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
2012-03-19 18:52:48 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
2012-03-19 18:52:48 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
2012-03-19 18:52:47 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
2012-03-19 18:52:46 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
2012-03-18 19:33:13 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306010.008
2012-03-17 18:24:50 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 18:24:50 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 20:25:58 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-15 20:25:58 -------- d-----w- C:\Program Files\Symantec
2012-03-15 20:25:58 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-03-15 20:25:07 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-03-15 20:25:05 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-03-15 20:25:04 -------- d-----w- C:\ProgramData\Norton
2012-03-15 20:22:10 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-03-10 00:21:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1870.tmp
2012-03-08 00:38:05 -------- d-----w- C:\Users\Timothy\.towns
2012-03-07 02:10:54 -------- d-----w- C:\Users\Timothy\AppData\Roaming\OpenOffice.org
2012-03-07 02:09:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-06 23:43:57 -------- d-----w- C:\Users\Timothy\AppData\Local\Desura
2012-03-06 23:35:40 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-03-06 23:34:31 -------- d-----w- C:\ProgramData\Desura
2012-03-06 23:33:31 -------- d-----w- C:\Program Files (x86)\Desura
2012-03-04 02:04:55 -------- d--h--w- C:\ProgramData\Common Files
2012-03-04 02:03:20 -------- d-----w- C:\Program Files (x86)\AVG
.
==================== Find3M ====================
.
2012-03-10 00:22:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-04 02:09:34 857409 ----a-w- C:\ProgramData\bdinstall.bin
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 22:46:12.02 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:26 AM

Posted 24 March 2012 - 10:40 PM

Hello melomaniac,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need a little more information before we start.



1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 March 2012 - 11:24 AM

Thanks for the quick response! Here's my log from aswMBR, which I saved to a folder on my desktop rather than directly to desktop (let me know if small things like this matter during this process):

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 12:16:00
-----------------------------
12:16:00.432 OS Version: Windows x64 6.1.7601 Service Pack 1
12:16:00.432 Number of processors: 2 586 0x603
12:16:00.433 ComputerName: A-HP UserName:
12:16:01.228 Initialize success
12:16:04.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
12:16:04.411 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
12:16:04.453 Disk 0 MBR read successfully
12:16:04.455 Disk 0 MBR scan
12:16:04.457 Disk 0 unknown MBR code
12:16:04.462 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:16:04.476 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287179 MB offset

409600
12:16:04.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17762 MB offset

588552192
12:16:04.522 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset

624928768
12:16:04.582 Disk 0 scanning C:\Windows\system32\drivers
12:16:15.232 Service scanning
12:16:50.956 Modules scanning
12:16:50.963 Disk 0 trace - called modules:
12:16:50.983 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll

amdsata.sys
12:16:50.988 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800430c060]
12:16:50.994 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver ->

[0xfffffa8004297870]
12:16:50.999 5 amdxata.sys[fffff880011087a8] -> nt!IofCallDriver -> \Device\0000006a

[0xfffffa8004295060]
12:16:51.007 Scan finished successfully
12:17:16.240 Disk 0 MBR has been saved successfully to "C:\Users\Timothy\Desktop\folder

for getting rid of this stupid hijacking thing\logs\MBR.dat"
12:17:16.246 The log file has been saved successfully to "C:\Users\Timothy\Desktop

\folder for getting rid of this stupid hijacking thing\logs\aswMBR.txt"

**END aswMBR log**

Here is my log from ListParts64:

ListParts by Farbar Version: 12-03-2012 03
Ran by Timothy (administrator) on 25-03-2012 at 12:17:31
Windows 7 (X64)
Running From: C:\Users\Timothy\Desktop\folder for getting rid of this stupid hijacking

thing
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 61%
Total physical RAM: 3834.9 MB
Available physical RAM: 1479.46 MB
Total Pagefile: 7668 MB
Available Pagefile: 4758.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:280.45 GB) (Free:77.42 GB) NTFS ==>[System with boot

components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:17.35 GB) (Free:2.48 GB) NTFS ==>[System with boot

components (obtained from reading drive)]
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 280 GB 200 MB
Partition 3 Primary 17 GB 280 GB
Partition 4 Primary 103 MB 297 GB

===========================================================================================

===========

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition

with boot components)

===========================================================================================

===========

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 280 GB Healthy Boot

===========================================================================================

===========

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 17 GB Healthy

===========================================================================================

===========

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

===========================================================================================

===========

****** End Of Log ******

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:26 AM

Posted 25 March 2012 - 03:15 PM

Hello,

Please run the following tools and post there results.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 March 2012 - 04:59 PM

So, the issue still persists along with a new issue. I think I will have to run a system restore to take care of that, I don't know yet. I only have the log for combofix because I cannot open the log for the other program. Here's the combofix log:

ComboFix 12-03-22.01 - Timothy 03/25/2012 17:26:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1904 [GMT -4:00]
Running from: c:\users\Timothy\Desktop\A1B23c.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 21:36 . 2012-03-25 21:36 -------- d-----w- c:\users\Mcx1-A-HP\AppData\Local\temp
2012-03-24 18:37 . 2012-03-24 18:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-24 18:37 . 2012-03-24 18:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-23 23:25 . 2012-03-23 23:25 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2012-03-23 23:25 . 2012-03-23 23:25 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 23:25 . 2012-03-23 23:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 23:25 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 23:14 . 2012-03-23 23:14 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-03-23 23:14 . 2012-03-23 23:14 -------- d-----w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab
2012-03-17 18:24 . 2012-03-17 18:24 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 18:24 . 2012-03-17 18:24 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 20:25 . 2012-03-24 18:32 -------- d-----w- c:\program files\Symantec
2012-03-15 20:25 . 2012-03-24 18:31 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-15 20:25 . 2012-03-15 20:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-15 20:25 . 2012-03-25 18:07 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-03-15 20:25 . 2012-03-15 20:25 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-03-15 20:25 . 2012-03-15 20:26 -------- d-----w- c:\programdata\Norton
2012-03-15 20:22 . 2012-03-15 20:22 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-03-10 00:21 . 2012-03-10 00:21 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\1870.tmp
2012-03-08 00:38 . 2012-03-08 00:39 -------- d-----w- c:\users\Timothy\.towns
2012-03-07 02:10 . 2012-03-07 02:10 -------- d-----w- c:\users\Timothy\AppData\Roaming\OpenOffice.org
2012-03-07 02:09 . 2012-03-07 02:09 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-06 23:43 . 2012-03-06 23:43 -------- d-----w- c:\users\Timothy\AppData\Local\Desura
2012-03-06 23:35 . 2012-03-06 23:35 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-03-06 23:34 . 2012-03-06 23:34 -------- d-----w- c:\programdata\Desura
2012-03-06 23:33 . 2012-03-23 22:04 -------- d-----w- c:\program files (x86)\Desura
2012-03-04 02:04 . 2012-03-04 02:04 -------- d--h--w- c:\programdata\Common Files
2012-03-04 02:03 . 2012-03-06 23:24 -------- d-----w- c:\program files (x86)\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 16:44 . 2011-06-07 15:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-04 02:09 . 2011-03-04 02:24 857409 ----a-w- c:\programdata\bdinstall.bin
2012-01-14 04:06 . 2012-02-22 01:45 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 10:44 . 2012-02-22 01:45 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-22 01:45 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-22 01:45 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-22 01:45 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-22 01:45 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-03-06 131912]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-17 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636476777-4275213531-398346431-1001Core.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:32]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636476777-4275213531-398346431-1001Core1cc919d27af4fc0.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:32]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636476777-4275213531-398346431-1001UA.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:32]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636476777-4275213531-398346431-1001UA1cc919d2cc4f5ef.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:32]
.
2012-03-25 c:\windows\Tasks\HPCeeScheduleFora.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-03-15 c:\windows\Tasks\HPCeeScheduleForTimothy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-14 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\h03azkz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2636476777-4275213531-398346431-1001\Software\SecuROM\License information*]
"datasecu"=hex:b8,7c,fa,39,a7,6a,8a,75,69,3a,c6,5e,9c,5a,73,1b,d2,3d,de,92,53,
fe,a4,8c,45,cc,a7,e2,7a,47,f8,e7,2e,8c,1a,f2,13,5d,ae,62,3a,9a,f3,d3,2f,18,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-25 17:47:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 21:47
.
Pre-Run: 83,345,289,216 bytes free
Post-Run: 100,913,004,544 bytes free
.
- - End Of File - - FC2250A94251DCA6E5701AD9D1E1698D


The new issue is as follows.

So, when I try to open any program or file, it displays the following:

"C:\Program Files\Internet Explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion."

I am still able to open software by right-clicking and choosing run as administrator, this is how I am using IE now and replying to you. It is for this reason that I cannot open the log from the other program, because I cannot run a text file as admin... Should I run a system restore? As a note, I had to rename combofix to A1B23c.exe before it would run for whatever reason.

#6 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 March 2012 - 05:02 PM

I don't know why it did not occur to me to run notepad as admin and open the TDSSKiller log... Anyway, here's that log as well:

17:10:14.0078 1412 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:10:15.0046 1412 ============================================================
17:10:15.0046 1412 Current date / time: 2012/03/25 17:10:15.0046
17:10:15.0046 1412 SystemInfo:
17:10:15.0046 1412
17:10:15.0046 1412 OS Version: 6.1.7601 ServicePack: 1.0
17:10:15.0046 1412 Product type: Workstation
17:10:15.0046 1412 ComputerName: A-HP
17:10:15.0046 1412 UserName: Timothy
17:10:15.0046 1412 Windows directory: C:\Windows
17:10:15.0046 1412 System windows directory: C:\Windows
17:10:15.0046 1412 Running under WOW64
17:10:15.0046 1412 Processor architecture: Intel x64
17:10:15.0046 1412 Number of processors: 2
17:10:15.0046 1412 Page size: 0x1000
17:10:15.0046 1412 Boot type: Normal boot
17:10:15.0046 1412 ============================================================
17:10:19.0318 1412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:19.0318 1412 \Device\Harddisk0\DR0:
17:10:19.0318 1412 MBR used
17:10:19.0318 1412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:10:19.0318 1412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x230E5000
17:10:19.0318 1412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23149800, BlocksNum 0x22B1000
17:10:19.0318 1412 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
17:10:19.0427 1412 Initialize success
17:10:19.0427 1412 ============================================================
17:10:24.0809 5928 ============================================================
17:10:24.0809 5928 Scan started
17:10:24.0809 5928 Mode: Manual;
17:10:24.0809 5928 ============================================================
17:10:26.0775 5928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:10:26.0775 5928 1394ohci - ok
17:10:26.0868 5928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:10:26.0868 5928 ACPI - ok
17:10:26.0931 5928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:10:26.0931 5928 AcpiPmi - ok
17:10:27.0102 5928 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
17:10:27.0102 5928 AdobeActiveFileMonitor9.0 - ok
17:10:27.0258 5928 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:10:27.0258 5928 AdobeARMservice - ok
17:10:27.0383 5928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:10:27.0399 5928 adp94xx - ok
17:10:27.0523 5928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:10:27.0523 5928 adpahci - ok
17:10:27.0633 5928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:10:27.0648 5928 adpu320 - ok
17:10:27.0742 5928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:10:27.0742 5928 AeLookupSvc - ok
17:10:27.0820 5928 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:10:27.0835 5928 AERTFilters - ok
17:10:27.0960 5928 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:10:27.0976 5928 AFD - ok
17:10:28.0194 5928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:10:28.0194 5928 agp440 - ok
17:10:28.0241 5928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:10:28.0241 5928 ALG - ok
17:10:28.0350 5928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:10:28.0366 5928 aliide - ok
17:10:28.0428 5928 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe
17:10:28.0428 5928 AMD External Events Utility - ok
17:10:28.0506 5928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:10:28.0506 5928 amdide - ok
17:10:28.0600 5928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:10:28.0600 5928 AmdK8 - ok
17:10:28.0881 5928 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
17:10:29.0037 5928 amdkmdag - ok
17:10:29.0364 5928 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
17:10:29.0458 5928 amdkmdap - ok
17:10:29.0629 5928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:10:29.0629 5928 AmdPPM - ok
17:10:29.0661 5928 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
17:10:29.0661 5928 amdsata - ok
17:10:29.0785 5928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:10:29.0801 5928 amdsbs - ok
17:10:29.0832 5928 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
17:10:29.0832 5928 amdxata - ok
17:10:29.0957 5928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:10:29.0957 5928 AppID - ok
17:10:29.0988 5928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:10:29.0988 5928 AppIDSvc - ok
17:10:30.0097 5928 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:10:30.0097 5928 Appinfo - ok
17:10:30.0238 5928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:10:30.0238 5928 arc - ok
17:10:30.0347 5928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:10:30.0347 5928 arcsas - ok
17:10:30.0487 5928 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:10:30.0487 5928 aspnet_state - ok
17:10:30.0581 5928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:30.0581 5928 AsyncMac - ok
17:10:30.0706 5928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:10:30.0706 5928 atapi - ok
17:10:30.0877 5928 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
17:10:30.0971 5928 athr - ok
17:10:31.0127 5928 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
17:10:31.0127 5928 AtiHdmiService - ok
17:10:31.0252 5928 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:10:31.0252 5928 AtiPcie - ok
17:10:31.0330 5928 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:31.0330 5928 AudioEndpointBuilder - ok
17:10:31.0345 5928 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:31.0345 5928 AudioSrv - ok
17:10:31.0439 5928 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:10:31.0455 5928 AxInstSV - ok
17:10:31.0579 5928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:10:31.0611 5928 b06bdrv - ok
17:10:31.0720 5928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:31.0735 5928 b57nd60a - ok
17:10:31.0798 5928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:10:31.0798 5928 BDESVC - ok
17:10:31.0860 5928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:10:31.0860 5928 Beep - ok
17:10:31.0985 5928 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:10:31.0985 5928 BFE - ok
17:10:32.0219 5928 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
17:10:32.0266 5928 BHDrvx64 - ok
17:10:32.0453 5928 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:10:32.0469 5928 BITS - ok
17:10:32.0531 5928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:32.0562 5928 blbdrive - ok
17:10:32.0687 5928 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:10:32.0687 5928 Bonjour Service - ok
17:10:32.0827 5928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:10:32.0827 5928 bowser - ok
17:10:32.0874 5928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:10:32.0874 5928 BrFiltLo - ok
17:10:32.0937 5928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:10:32.0952 5928 BrFiltUp - ok
17:10:33.0124 5928 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:10:33.0124 5928 BridgeMP - ok
17:10:33.0217 5928 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:10:33.0217 5928 Browser - ok
17:10:33.0264 5928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:10:33.0264 5928 Brserid - ok
17:10:33.0373 5928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:33.0389 5928 BrSerWdm - ok
17:10:33.0498 5928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:33.0514 5928 BrUsbMdm - ok
17:10:33.0592 5928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:33.0607 5928 BrUsbSer - ok
17:10:33.0685 5928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:10:33.0685 5928 BTHMODEM - ok
17:10:33.0763 5928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:10:33.0795 5928 bthserv - ok
17:10:33.0966 5928 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
17:10:33.0966 5928 ccSet_NIS - ok
17:10:34.0169 5928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:10:34.0185 5928 cdfs - ok
17:10:34.0294 5928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:10:34.0294 5928 cdrom - ok
17:10:34.0356 5928 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:10:34.0356 5928 CertPropSvc - ok
17:10:34.0419 5928 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
17:10:34.0419 5928 CinemaNow Service - ok
17:10:34.0512 5928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:10:34.0512 5928 circlass - ok
17:10:34.0637 5928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:10:34.0653 5928 CLFS - ok
17:10:34.0715 5928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:34.0715 5928 clr_optimization_v2.0.50727_32 - ok
17:10:34.0762 5928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:34.0762 5928 clr_optimization_v2.0.50727_64 - ok
17:10:34.0902 5928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:34.0902 5928 clr_optimization_v4.0.30319_32 - ok
17:10:34.0933 5928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:34.0933 5928 clr_optimization_v4.0.30319_64 - ok
17:10:35.0058 5928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:35.0058 5928 CmBatt - ok
17:10:35.0183 5928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:10:35.0183 5928 cmdide - ok
17:10:35.0261 5928 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:10:35.0292 5928 CNG - ok
17:10:35.0417 5928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:10:35.0417 5928 Compbatt - ok
17:10:35.0526 5928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:10:35.0526 5928 CompositeBus - ok
17:10:35.0589 5928 COMSysApp - ok
17:10:35.0635 5928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:10:35.0635 5928 crcdisk - ok
17:10:35.0745 5928 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:10:35.0745 5928 CryptSvc - ok
17:10:35.0901 5928 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:10:35.0916 5928 cvhsvc - ok
17:10:36.0103 5928 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:10:36.0119 5928 DcomLaunch - ok
17:10:36.0213 5928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:10:36.0228 5928 defragsvc - ok
17:10:36.0275 5928 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
17:10:36.0291 5928 Desura Install Service - ok
17:10:36.0384 5928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:10:36.0384 5928 DfsC - ok
17:10:36.0509 5928 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:10:36.0509 5928 Dhcp - ok
17:10:36.0556 5928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:10:36.0556 5928 discache - ok
17:10:36.0665 5928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:10:36.0681 5928 Disk - ok
17:10:36.0805 5928 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:10:36.0805 5928 Dnscache - ok
17:10:36.0868 5928 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:10:36.0868 5928 dot3svc - ok
17:10:36.0946 5928 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:10:36.0961 5928 DPS - ok
17:10:37.0008 5928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:10:37.0024 5928 drmkaud - ok
17:10:37.0211 5928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:10:37.0227 5928 DXGKrnl - ok
17:10:37.0258 5928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:10:37.0258 5928 EapHost - ok
17:10:37.0351 5928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:10:37.0445 5928 ebdrv - ok
17:10:37.0554 5928 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:10:37.0570 5928 eeCtrl - ok
17:10:37.0679 5928 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:10:37.0679 5928 EFS - ok
17:10:37.0757 5928 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:10:37.0757 5928 ehRecvr - ok
17:10:37.0804 5928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:10:37.0804 5928 ehSched - ok
17:10:37.0897 5928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:10:37.0897 5928 elxstor - ok
17:10:38.0007 5928 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:10:38.0022 5928 EraserUtilRebootDrv - ok
17:10:38.0131 5928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:10:38.0147 5928 ErrDev - ok
17:10:38.0256 5928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:10:38.0256 5928 EventSystem - ok
17:10:38.0319 5928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:10:38.0319 5928 exfat - ok
17:10:38.0350 5928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:10:38.0350 5928 fastfat - ok
17:10:38.0490 5928 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:10:38.0490 5928 Fax - ok
17:10:38.0693 5928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:10:38.0693 5928 fdc - ok
17:10:38.0771 5928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:10:38.0771 5928 fdPHost - ok
17:10:38.0818 5928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:10:38.0818 5928 FDResPub - ok
17:10:38.0896 5928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:10:38.0911 5928 FileInfo - ok
17:10:39.0005 5928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:10:39.0005 5928 Filetrace - ok
17:10:39.0083 5928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:39.0083 5928 flpydisk - ok
17:10:39.0208 5928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:10:39.0223 5928 FltMgr - ok
17:10:39.0364 5928 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:10:39.0379 5928 FontCache - ok
17:10:39.0551 5928 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:39.0551 5928 FontCache3.0.0.0 - ok
17:10:39.0629 5928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:10:39.0645 5928 FsDepends - ok
17:10:39.0723 5928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:10:39.0723 5928 Fs_Rec - ok
17:10:39.0863 5928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:10:39.0863 5928 fvevol - ok
17:10:40.0003 5928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:10:40.0003 5928 gagp30kx - ok
17:10:40.0097 5928 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:10:40.0113 5928 GameConsoleService - ok
17:10:40.0237 5928 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:10:40.0237 5928 gpsvc - ok
17:10:40.0362 5928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:10:40.0362 5928 hcw85cir - ok
17:10:40.0503 5928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:10:40.0503 5928 HdAudAddService - ok
17:10:40.0643 5928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:10:40.0643 5928 HDAudBus - ok
17:10:40.0768 5928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:10:40.0768 5928 HidBatt - ok
17:10:40.0861 5928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:10:40.0861 5928 HidBth - ok
17:10:40.0955 5928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:10:40.0955 5928 HidIr - ok
17:10:41.0189 5928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:10:41.0189 5928 hidserv - ok
17:10:41.0329 5928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:10:41.0329 5928 HidUsb - ok
17:10:41.0407 5928 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:10:41.0407 5928 hkmsvc - ok
17:10:41.0517 5928 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:10:41.0517 5928 HomeGroupListener - ok
17:10:41.0626 5928 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:10:41.0641 5928 HomeGroupProvider - ok
17:10:41.0782 5928 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:10:41.0782 5928 HP Support Assistant Service - ok
17:10:41.0860 5928 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:10:41.0875 5928 HP Wireless Assistant Service - ok
17:10:42.0000 5928 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:10:42.0000 5928 HPDrvMntSvc.exe - ok
17:10:42.0156 5928 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:10:42.0156 5928 hpqwmiex - ok
17:10:42.0297 5928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:10:42.0297 5928 HpSAMD - ok
17:10:42.0453 5928 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:10:42.0453 5928 HPWMISVC - ok
17:10:42.0593 5928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:10:42.0593 5928 HTTP - ok
17:10:42.0733 5928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:10:42.0733 5928 hwpolicy - ok
17:10:42.0874 5928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:10:42.0889 5928 i8042prt - ok
17:10:43.0030 5928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:10:43.0045 5928 iaStorV - ok
17:10:43.0155 5928 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:43.0170 5928 idsvc - ok
17:10:43.0420 5928 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys
17:10:43.0420 5928 IDSVia64 - ok
17:10:43.0654 5928 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:10:43.0810 5928 igfx - ok
17:10:43.0966 5928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:10:43.0966 5928 iirsp - ok
17:10:44.0059 5928 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:10:44.0075 5928 IKEEXT - ok
17:10:44.0262 5928 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
17:10:44.0325 5928 IntcAzAudAddService - ok
17:10:44.0371 5928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:10:44.0371 5928 intelide - ok
17:10:44.0418 5928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:10:44.0418 5928 intelppm - ok
17:10:44.0465 5928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:10:44.0465 5928 IPBusEnum - ok
17:10:44.0527 5928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:44.0527 5928 IpFilterDriver - ok
17:10:44.0590 5928 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:10:44.0590 5928 iphlpsvc - ok
17:10:44.0652 5928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:10:44.0652 5928 IPMIDRV - ok
17:10:44.0683 5928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:10:44.0699 5928 IPNAT - ok
17:10:44.0824 5928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:10:44.0824 5928 IRENUM - ok
17:10:44.0949 5928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:10:44.0949 5928 isapnp - ok
17:10:44.0995 5928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:10:44.0995 5928 iScsiPrt - ok
17:10:45.0089 5928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:45.0105 5928 kbdclass - ok
17:10:45.0229 5928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:45.0229 5928 kbdhid - ok
17:10:45.0354 5928 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:45.0354 5928 KeyIso - ok
17:10:45.0418 5928 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:10:45.0438 5928 KSecDD - ok
17:10:45.0578 5928 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:10:45.0598 5928 KSecPkg - ok
17:10:45.0702 5928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:10:45.0703 5928 ksthunk - ok
17:10:45.0809 5928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:10:45.0842 5928 KtmRm - ok
17:10:45.0982 5928 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:10:45.0982 5928 LanmanServer - ok
17:10:46.0185 5928 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:10:46.0185 5928 LanmanWorkstation - ok
17:10:46.0232 5928 libusb0 - ok
17:10:46.0326 5928 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:10:46.0326 5928 LightScribeService - ok
17:10:46.0450 5928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:10:46.0450 5928 lltdio - ok
17:10:46.0482 5928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:10:46.0513 5928 lltdsvc - ok
17:10:46.0606 5928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:10:46.0606 5928 lmhosts - ok
17:10:46.0731 5928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:10:46.0747 5928 LSI_FC - ok
17:10:46.0856 5928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:10:46.0856 5928 LSI_SAS - ok
17:10:46.0965 5928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:10:46.0965 5928 LSI_SAS2 - ok
17:10:47.0090 5928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:10:47.0090 5928 LSI_SCSI - ok
17:10:47.0184 5928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:10:47.0184 5928 luafv - ok
17:10:47.0355 5928 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:10:47.0355 5928 MBAMProtector - ok
17:10:47.0511 5928 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:10:47.0527 5928 MBAMService - ok
17:10:47.0636 5928 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:10:47.0636 5928 Mcx2Svc - ok
17:10:47.0745 5928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:10:47.0745 5928 megasas - ok
17:10:47.0870 5928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:10:47.0886 5928 MegaSR - ok
17:10:48.0026 5928 MHIKEY10 (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
17:10:48.0073 5928 MHIKEY10 - ok
17:10:48.0182 5928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:48.0182 5928 MMCSS - ok
17:10:48.0244 5928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:10:48.0260 5928 Modem - ok
17:10:48.0385 5928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:10:48.0385 5928 monitor - ok
17:10:48.0525 5928 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
17:10:48.0556 5928 MotioninJoyXFilter - ok
17:10:48.0697 5928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:10:48.0712 5928 mouclass - ok
17:10:48.0837 5928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:10:48.0837 5928 mouhid - ok
17:10:48.0946 5928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:10:48.0946 5928 mountmgr - ok
17:10:49.0056 5928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:10:49.0056 5928 mpio - ok
17:10:49.0165 5928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:10:49.0165 5928 mpsdrv - ok
17:10:49.0368 5928 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:10:49.0383 5928 MpsSvc - ok
17:10:49.0524 5928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:10:49.0524 5928 MRxDAV - ok
17:10:49.0664 5928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:49.0664 5928 mrxsmb - ok
17:10:49.0789 5928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:49.0789 5928 mrxsmb10 - ok
17:10:49.0929 5928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:49.0929 5928 mrxsmb20 - ok
17:10:50.0070 5928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:10:50.0101 5928 msahci - ok
17:10:50.0257 5928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:10:50.0257 5928 msdsm - ok
17:10:50.0350 5928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:10:50.0350 5928 MSDTC - ok
17:10:50.0475 5928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:10:50.0475 5928 Msfs - ok
17:10:50.0584 5928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:10:50.0584 5928 mshidkmdf - ok
17:10:50.0725 5928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:10:50.0725 5928 msisadrv - ok
17:10:50.0834 5928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:10:50.0850 5928 MSiSCSI - ok
17:10:50.0896 5928 msiserver - ok
17:10:51.0021 5928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:10:51.0021 5928 MSKSSRV - ok
17:10:51.0146 5928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:51.0146 5928 MSPCLOCK - ok
17:10:51.0302 5928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:10:51.0302 5928 MSPQM - ok
17:10:51.0411 5928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:10:51.0411 5928 MsRPC - ok
17:10:51.0567 5928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:10:51.0567 5928 mssmbios - ok
17:10:51.0708 5928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:10:51.0708 5928 MSTEE - ok
17:10:51.0786 5928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:10:51.0786 5928 MTConfig - ok
17:10:51.0926 5928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:10:51.0926 5928 Mup - ok
17:10:52.0160 5928 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:10:52.0160 5928 napagent - ok
17:10:52.0316 5928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:10:52.0316 5928 NativeWifiP - ok
17:10:52.0550 5928 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\ENG64.SYS
17:10:52.0550 5928 NAVENG - ok
17:10:52.0628 5928 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\EX64.SYS
17:10:52.0675 5928 NAVEX15 - ok
17:10:52.0831 5928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:10:52.0846 5928 NDIS - ok
17:10:52.0987 5928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:10:52.0987 5928 NdisCap - ok
17:10:53.0049 5928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:53.0049 5928 NdisTapi - ok
17:10:53.0205 5928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:53.0205 5928 Ndisuio - ok
17:10:53.0314 5928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:53.0314 5928 NdisWan - ok
17:10:53.0439 5928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:10:53.0439 5928 NDProxy - ok
17:10:53.0564 5928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:10:53.0564 5928 NetBIOS - ok
17:10:53.0673 5928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:10:53.0689 5928 NetBT - ok
17:10:53.0782 5928 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:53.0782 5928 Netlogon - ok
17:10:53.0892 5928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:10:53.0907 5928 Netman - ok
17:10:54.0032 5928 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0032 5928 NetMsmqActivator - ok
17:10:54.0094 5928 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0094 5928 NetPipeActivator - ok
17:10:54.0219 5928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:10:54.0235 5928 netprofm - ok
17:10:54.0375 5928 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0375 5928 NetTcpActivator - ok
17:10:54.0375 5928 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:54.0375 5928 NetTcpPortSharing - ok
17:10:54.0594 5928 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:10:54.0718 5928 netw5v64 - ok
17:10:54.0874 5928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:10:54.0874 5928 nfrd960 - ok
17:10:55.0077 5928 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
17:10:55.0077 5928 NIS - ok
17:10:55.0202 5928 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:10:55.0202 5928 NlaSvc - ok
17:10:55.0264 5928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:10:55.0264 5928 Npfs - ok
17:10:55.0296 5928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:10:55.0311 5928 nsi - ok
17:10:55.0405 5928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:10:55.0405 5928 nsiproxy - ok
17:10:55.0561 5928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:10:55.0592 5928 Ntfs - ok
17:10:55.0764 5928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:10:55.0764 5928 Null - ok
17:10:55.0888 5928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:10:55.0888 5928 nvraid - ok
17:10:55.0998 5928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:10:55.0998 5928 nvstor - ok
17:10:56.0200 5928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:10:56.0200 5928 nv_agp - ok
17:10:56.0247 5928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:10:56.0263 5928 ohci1394 - ok
17:10:56.0388 5928 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:56.0388 5928 ose - ok
17:10:56.0887 5928 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:10:56.0965 5928 osppsvc - ok
17:10:57.0074 5928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:57.0074 5928 p2pimsvc - ok
17:10:57.0183 5928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:10:57.0199 5928 p2psvc - ok
17:10:57.0417 5928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:10:57.0433 5928 Parport - ok
17:10:57.0526 5928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:10:57.0542 5928 partmgr - ok
17:10:57.0636 5928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:10:57.0636 5928 PcaSvc - ok
17:10:57.0760 5928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:10:57.0760 5928 pci - ok
17:10:57.0870 5928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:10:57.0870 5928 pciide - ok
17:10:57.0963 5928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:10:57.0963 5928 pcmcia - ok
17:10:58.0197 5928 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
17:10:58.0213 5928 pcouffin - ok
17:10:58.0260 5928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:10:58.0291 5928 pcw - ok
17:10:58.0369 5928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:10:58.0369 5928 PEAUTH - ok
17:10:58.0447 5928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:10:58.0447 5928 PerfHost - ok
17:10:58.0556 5928 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:10:58.0587 5928 pla - ok
17:10:58.0696 5928 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:10:58.0712 5928 PlugPlay - ok
17:10:58.0821 5928 PnkBstrA - ok
17:10:58.0868 5928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:10:58.0868 5928 PNRPAutoReg - ok
17:10:58.0899 5928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:58.0915 5928 PNRPsvc - ok
17:10:58.0962 5928 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:10:58.0977 5928 PolicyAgent - ok
17:10:59.0086 5928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:10:59.0086 5928 Power - ok
17:10:59.0211 5928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:10:59.0211 5928 PptpMiniport - ok
17:10:59.0320 5928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:10:59.0336 5928 Processor - ok
17:10:59.0430 5928 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:10:59.0430 5928 ProfSvc - ok
17:10:59.0476 5928 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:59.0476 5928 ProtectedStorage - ok
17:10:59.0617 5928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:10:59.0632 5928 Psched - ok
17:10:59.0757 5928 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:10:59.0773 5928 PxHlpa64 - ok
17:10:59.0913 5928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:10:59.0944 5928 ql2300 - ok
17:11:00.0163 5928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:11:00.0163 5928 ql40xx - ok
17:11:00.0272 5928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:11:00.0288 5928 QWAVE - ok
17:11:00.0381 5928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:11:00.0381 5928 QWAVEdrv - ok
17:11:00.0522 5928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:11:00.0522 5928 RasAcd - ok
17:11:00.0662 5928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:11:00.0662 5928 RasAgileVpn - ok
17:11:00.0787 5928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:11:00.0787 5928 RasAuto - ok
17:11:00.0927 5928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:11:00.0927 5928 Rasl2tp - ok
17:11:01.0021 5928 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:11:01.0021 5928 RasMan - ok
17:11:01.0161 5928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:11:01.0161 5928 RasPppoe - ok
17:11:01.0286 5928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:11:01.0286 5928 RasSstp - ok
17:11:01.0551 5928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:11:01.0582 5928 rdbss - ok
17:11:01.0863 5928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:11:01.0879 5928 rdpbus - ok
17:11:02.0004 5928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:11:02.0004 5928 RDPCDD - ok
17:11:02.0144 5928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:11:02.0144 5928 RDPENCDD - ok
17:11:02.0269 5928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:11:02.0269 5928 RDPREFMP - ok
17:11:02.0409 5928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:11:02.0409 5928 RDPWD - ok
17:11:02.0550 5928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:11:02.0550 5928 rdyboost - ok
17:11:02.0659 5928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:11:02.0674 5928 RemoteAccess - ok
17:11:02.0768 5928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:11:02.0768 5928 RemoteRegistry - ok
17:11:02.0877 5928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:11:02.0877 5928 RpcEptMapper - ok
17:11:02.0971 5928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:11:02.0986 5928 RpcLocator - ok
17:11:03.0174 5928 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:11:03.0174 5928 RpcSs - ok
17:11:03.0314 5928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:11:03.0330 5928 rspndr - ok
17:11:03.0501 5928 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
17:11:03.0501 5928 RSUSBSTOR - ok
17:11:03.0673 5928 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:11:03.0673 5928 RTL8167 - ok
17:11:03.0798 5928 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
17:11:03.0798 5928 RtVOsdService - ok
17:11:03.0922 5928 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
17:11:03.0954 5928 s1018bus - ok
17:11:04.0032 5928 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
17:11:04.0047 5928 s1018mdfl - ok
17:11:04.0094 5928 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
17:11:04.0094 5928 s1018mdm - ok
17:11:04.0219 5928 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
17:11:04.0219 5928 s1018mgmt - ok
17:11:04.0312 5928 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
17:11:04.0328 5928 s1018nd5 - ok
17:11:04.0437 5928 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
17:11:04.0437 5928 s1018obex - ok
17:11:04.0484 5928 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
17:11:04.0515 5928 s1018unic - ok
17:11:04.0609 5928 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:11:04.0609 5928 SamSs - ok
17:11:04.0656 5928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:11:04.0656 5928 sbp2port - ok
17:11:04.0749 5928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:11:04.0765 5928 SCardSvr - ok
17:11:04.0874 5928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:11:04.0874 5928 scfilter - ok
17:11:04.0983 5928 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:11:04.0999 5928 Schedule - ok
17:11:05.0202 5928 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:11:05.0202 5928 SCPolicySvc - ok
17:11:05.0280 5928 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:11:05.0280 5928 sdbus - ok
17:11:05.0326 5928 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:11:05.0342 5928 SDRSVC - ok
17:11:05.0451 5928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:11:05.0451 5928 secdrv - ok
17:11:05.0545 5928 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:11:05.0545 5928 seclogon - ok
17:11:05.0576 5928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:11:05.0576 5928 SENS - ok
17:11:05.0623 5928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:11:05.0623 5928 SensrSvc - ok
17:11:05.0685 5928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:11:05.0685 5928 Serenum - ok
17:11:05.0716 5928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:11:05.0716 5928 Serial - ok
17:11:05.0779 5928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:11:05.0779 5928 sermouse - ok
17:11:05.0841 5928 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:11:05.0841 5928 SessionEnv - ok
17:11:05.0904 5928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:11:05.0904 5928 sffdisk - ok
17:11:05.0935 5928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:11:05.0935 5928 sffp_mmc - ok
17:11:05.0950 5928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:11:05.0966 5928 sffp_sd - ok
17:11:06.0013 5928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:11:06.0013 5928 sfloppy - ok
17:11:06.0106 5928 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:11:06.0122 5928 Sftfs - ok
17:11:06.0294 5928 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:11:06.0294 5928 sftlist - ok
17:11:06.0372 5928 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:11:06.0403 5928 Sftplay - ok
17:11:06.0481 5928 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:11:06.0481 5928 Sftredir - ok
17:11:06.0559 5928 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:11:06.0559 5928 Sftvol - ok
17:11:06.0668 5928 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:11:06.0668 5928 sftvsa - ok
17:11:06.0777 5928 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:11:06.0777 5928 SharedAccess - ok
17:11:06.0886 5928 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:11:06.0964 5928 ShellHWDetection - ok
17:11:07.0074 5928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:11:07.0074 5928 SiSRaid2 - ok
17:11:07.0198 5928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:11:07.0198 5928 SiSRaid4 - ok
17:11:07.0323 5928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:11:07.0339 5928 Smb - ok
17:11:07.0448 5928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:11:07.0448 5928 SNMPTRAP - ok
17:11:07.0557 5928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:11:07.0557 5928 spldr - ok
17:11:07.0682 5928 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:11:07.0698 5928 Spooler - ok
17:11:07.0869 5928 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:11:08.0010 5928 sppsvc - ok
17:11:08.0119 5928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:11:08.0119 5928 sppuinotify - ok
17:11:08.0306 5928 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
17:11:08.0322 5928 SRTSP - ok
17:11:08.0509 5928 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
17:11:08.0509 5928 SRTSPX - ok
17:11:08.0634 5928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:11:08.0649 5928 srv - ok
17:11:08.0821 5928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:11:08.0821 5928 srv2 - ok
17:11:08.0914 5928 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:11:08.0930 5928 SrvHsfHDA - ok
17:11:09.0039 5928 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:11:09.0070 5928 SrvHsfV92 - ok
17:11:09.0226 5928 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:11:09.0242 5928 SrvHsfWinac - ok
17:11:09.0320 5928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:11:09.0320 5928 srvnet - ok
17:11:09.0398 5928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:11:09.0398 5928 SSDPSRV - ok
17:11:09.0414 5928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:11:09.0429 5928 SstpSvc - ok
17:11:09.0523 5928 Steam Client Service - ok
17:11:09.0632 5928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:11:09.0632 5928 stexstor - ok
17:11:09.0788 5928 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:11:09.0788 5928 stisvc - ok
17:11:09.0882 5928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:11:09.0882 5928 swenum - ok
17:11:09.0913 5928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:11:09.0913 5928 swprv - ok
17:11:10.0022 5928 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
17:11:10.0053 5928 SymDS - ok
17:11:10.0256 5928 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
17:11:10.0287 5928 SymEFA - ok
17:11:10.0474 5928 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:11:10.0474 5928 SymEvent - ok
17:11:10.0615 5928 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
17:11:10.0630 5928 SymIRON - ok
17:11:10.0724 5928 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
17:11:10.0724 5928 SymNetS - ok
17:11:10.0849 5928 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
17:11:10.0880 5928 SynTP - ok
17:11:10.0974 5928 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:11:11.0005 5928 SysMain - ok
17:11:11.0114 5928 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:11:11.0114 5928 TabletInputService - ok
17:11:11.0301 5928 TabletServicePen (45c9720e43adf60e31a018fbc3321608) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
17:11:11.0457 5928 TabletServicePen - ok
17:11:11.0582 5928 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:11:11.0582 5928 TapiSrv - ok
17:11:11.0629 5928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:11:11.0644 5928 TBS - ok
17:11:11.0800 5928 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:11:11.0847 5928 Tcpip - ok
17:11:11.0988 5928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:11:12.0003 5928 TCPIP6 - ok
17:11:12.0081 5928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:11:12.0081 5928 tcpipreg - ok
17:11:12.0175 5928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:11:12.0175 5928 TDPIPE - ok
17:11:12.0268 5928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:11:12.0268 5928 TDTCP - ok
17:11:12.0362 5928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:11:12.0362 5928 tdx - ok
17:11:12.0471 5928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:11:12.0471 5928 TermDD - ok
17:11:12.0596 5928 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:11:12.0596 5928 TermService - ok
17:11:12.0752 5928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:11:12.0752 5928 Themes - ok
17:11:12.0799 5928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:11:12.0799 5928 THREADORDER - ok
17:11:12.0939 5928 TouchServicePen (b623380aa85a84c836c395b873d6d20c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
17:11:12.0939 5928 TouchServicePen - ok
17:11:13.0033 5928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:11:13.0033 5928 TrkWks - ok
17:11:13.0111 5928 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:11:13.0111 5928 TrustedInstaller - ok
17:11:13.0220 5928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:11:13.0236 5928 tssecsrv - ok
17:11:13.0360 5928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:11:13.0376 5928 TsUsbFlt - ok
17:11:13.0563 5928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:11:13.0563 5928 tunnel - ok
17:11:13.0610 5928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:11:13.0610 5928 uagp35 - ok
17:11:13.0672 5928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:11:13.0672 5928 udfs - ok
17:11:13.0735 5928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:11:13.0750 5928 UI0Detect - ok
17:11:13.0828 5928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:11:13.0828 5928 uliagpkx - ok
17:11:13.0891 5928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:11:13.0891 5928 umbus - ok
17:11:13.0953 5928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:11:13.0953 5928 UmPass - ok
17:11:14.0000 5928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:11:14.0000 5928 upnphost - ok
17:11:14.0078 5928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:11:14.0078 5928 usbaudio - ok
17:11:14.0125 5928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:11:14.0125 5928 usbccgp - ok
17:11:14.0172 5928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:11:14.0187 5928 usbcir - ok
17:11:14.0234 5928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:11:14.0234 5928 usbehci - ok
17:11:14.0281 5928 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:11:14.0281 5928 usbfilter - ok
17:11:14.0328 5928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:11:14.0343 5928 usbhub - ok
17:11:14.0390 5928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:11:14.0406 5928 usbohci - ok
17:11:14.0452 5928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:11:14.0452 5928 usbprint - ok
17:11:14.0468 5928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:11:14.0468 5928 USBSTOR - ok
17:11:14.0499 5928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:11:14.0499 5928 usbuhci - ok
17:11:14.0562 5928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:11:14.0562 5928 usbvideo - ok
17:11:14.0593 5928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:11:14.0608 5928 UxSms - ok
17:11:14.0655 5928 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:11:14.0655 5928 VaultSvc - ok
17:11:14.0749 5928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:11:14.0764 5928 vdrvroot - ok
17:11:14.0811 5928 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:11:14.0811 5928 vds - ok
17:11:14.0858 5928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:11:14.0858 5928 vga - ok
17:11:14.0889 5928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:11:14.0889 5928 VgaSave - ok
17:11:14.0936 5928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:11:14.0936 5928 vhdmp - ok
17:11:14.0983 5928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:11:14.0983 5928 viaide - ok
17:11:15.0030 5928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:11:15.0030 5928 volmgr - ok
17:11:15.0092 5928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:11:15.0092 5928 volmgrx - ok
17:11:15.0154 5928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:11:15.0154 5928 volsnap - ok
17:11:15.0201 5928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:11:15.0201 5928 vsmraid - ok
17:11:15.0279 5928 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:11:15.0310 5928 VSS - ok
17:11:15.0357 5928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:11:15.0357 5928 vwifibus - ok
17:11:15.0388 5928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:11:15.0388 5928 vwififlt - ok
17:11:15.0420 5928 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:11:15.0420 5928 vwifimp - ok
17:11:15.0466 5928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:11:15.0466 5928 W32Time - ok
17:11:15.0560 5928 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:11:15.0560 5928 wacmoumonitor - ok
17:11:15.0607 5928 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:11:15.0607 5928 wacommousefilter - ok
17:11:15.0638 5928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:11:15.0638 5928 WacomPen - ok
17:11:15.0669 5928 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:11:15.0685 5928 wacomvhid - ok
17:11:15.0763 5928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:15.0763 5928 WANARP - ok
17:11:15.0778 5928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:15.0778 5928 Wanarpv6 - ok
17:11:15.0825 5928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:11:15.0872 5928 WatAdminSvc - ok
17:11:15.0934 5928 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:11:15.0966 5928 wbengine - ok
17:11:15.0997 5928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:11:15.0997 5928 WbioSrvc - ok
17:11:16.0059 5928 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:11:16.0106 5928 wcncsvc - ok
17:11:16.0200 5928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:11:16.0200 5928 WcsPlugInService - ok
17:11:16.0246 5928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:11:16.0262 5928 Wd - ok
17:11:16.0293 5928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:11:16.0309 5928 Wdf01000 - ok
17:11:16.0356 5928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:11:16.0356 5928 WdiServiceHost - ok
17:11:16.0356 5928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:11:16.0356 5928 WdiSystemHost - ok
17:11:16.0418 5928 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:11:16.0418 5928 WebClient - ok
17:11:16.0434 5928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:11:16.0434 5928 Wecsvc - ok
17:11:16.0465 5928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:11:16.0465 5928 wercplsupport - ok
17:11:16.0496 5928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:11:16.0496 5928 WerSvc - ok
17:11:16.0543 5928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:11:16.0543 5928 WfpLwf - ok
17:11:16.0574 5928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:11:16.0574 5928 WIMMount - ok
17:11:16.0621 5928 WinDefend - ok
17:11:16.0636 5928 WinHttpAutoProxySvc - ok
17:11:16.0761 5928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:11:16.0761 5928 Winmgmt - ok
17:11:16.0948 5928 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:11:16.0995 5928 WinRM - ok
17:11:17.0151 5928 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:11:17.0151 5928 WinUSB - ok
17:11:17.0229 5928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:11:17.0245 5928 Wlansvc - ok
17:11:17.0370 5928 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:11:17.0385 5928 wlidsvc - ok
17:11:17.0541 5928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:11:17.0541 5928 WmiAcpi - ok
17:11:17.0650 5928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:11:17.0650 5928 wmiApSrv - ok
17:11:17.0713 5928 WMPNetworkSvc - ok
17:11:17.0806 5928 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
17:11:17.0806 5928 WMZuneComm - ok
17:11:17.0900 5928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:11:17.0900 5928 WPCSvc - ok
17:11:17.0947 5928 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:11:17.0962 5928 WPDBusEnum - ok
17:11:18.0009 5928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:11:18.0009 5928 ws2ifsl - ok
17:11:18.0118 5928 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:11:18.0118 5928 wscsvc - ok
17:11:18.0134 5928 WSearch - ok
17:11:18.0228 5928 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:11:18.0274 5928 wuauserv - ok
17:11:18.0352 5928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:11:18.0352 5928 WudfPf - ok
17:11:18.0368 5928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:11:18.0384 5928 WUDFRd - ok
17:11:18.0430 5928 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:11:18.0430 5928 wudfsvc - ok
17:11:18.0477 5928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:11:18.0477 5928 WwanSvc - ok
17:11:18.0618 5928 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
17:11:18.0618 5928 xusb21 - ok
17:11:18.0742 5928 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:11:18.0758 5928 YahooAUService - ok
17:11:18.0852 5928 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:11:18.0867 5928 yukonw7 - ok
17:11:19.0117 5928 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
17:11:19.0304 5928 ZuneNetworkSvc - ok
17:11:19.0429 5928 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
17:11:19.0429 5928 ZuneWlanCfgSvc - ok
17:11:19.0444 5928 MBR (0x1B8) (5cc30a452671cf244989190fee7b1a69) \Device\Harddisk0\DR0
17:11:19.0491 5928 \Device\Harddisk0\DR0 - ok
17:11:19.0522 5928 Boot (0x1200) (e21b57103e54c6dcb202fd2182e57386) \Device\Harddisk0\DR0\Partition0
17:11:19.0522 5928 \Device\Harddisk0\DR0\Partition0 - ok
17:11:19.0538 5928 Boot (0x1200) (e4f16c21fd21afe419700c0e80ddcfab) \Device\Harddisk0\DR0\Partition1
17:11:19.0538 5928 \Device\Harddisk0\DR0\Partition1 - ok
17:11:19.0569 5928 Boot (0x1200) (5fdf47c4c87c3fd08aa6fe6a989633cb) \Device\Harddisk0\DR0\Partition2
17:11:19.0569 5928 \Device\Harddisk0\DR0\Partition2 - ok
17:11:19.0585 5928 Boot (0x1200) (e69f6112240945c87448b42de1b43736) \Device\Harddisk0\DR0\Partition3
17:11:19.0585 5928 \Device\Harddisk0\DR0\Partition3 - ok
17:11:19.0585 5928 ============================================================
17:11:19.0585 5928 Scan finished
17:11:19.0585 5928 ============================================================
17:11:19.0600 4780 Detected object count: 0
17:11:19.0600 4780 Actual detected object count: 0
17:11:41.0659 6068 Deinitialize success




EDIT: I restarted the computer which seems to have taken care of that registry thing. I am still being redirected in my browsers though.

Edited by melomaniac, 25 March 2012 - 05:09 PM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:26 AM

Posted 25 March 2012 - 08:32 PM

Hello,

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy

2.
Do you connect to the internet through a router? If so we need to reset that router.
How to reset your router.


3.
Please follow the instructions below:

1. Download the yorkyt.exe disinfection tool (1,31 MB).

2. Save the file to your hard disk; to the Windows Desktop, for example.
3. Double click the yorkyt.exe file.
4. A reboot will be requested to install a driver.
5. Another reboot will be requested to complete the disinfection.
6. When the disinfection is completed, accept the message that will be displayed.


4.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Things to include in your next reply::
Roguekiller log
Yorkyt log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 25 March 2012 - 09:50 PM

TeaTimer was already disabled. I reset the router to factory, then reconfigured it. I then downloaded the softwares and ran them. The logs are as follows:

yorkyt log:

2012-03-25 22:30:31: ****************************************************
2012-03-25 22:30:31: Starting UP ... v 0.0.0.192
2012-03-25 22:30:31: ****************************************************
2012-03-25 22:30:31: Listing processes...
2012-03-25 22:30:31: :[System Process]:0
2012-03-25 22:30:31: :System:4
2012-03-25 22:30:31: :smss.exe:284
2012-03-25 22:30:31: :csrss.exe:420
2012-03-25 22:30:31: :wininit.exe:484
2012-03-25 22:30:31: :csrss.exe:504
2012-03-25 22:30:31: :services.exe:548
2012-03-25 22:30:31: :lsass.exe:564
2012-03-25 22:30:31: :lsm.exe:572
2012-03-25 22:30:31: :svchost.exe:688
2012-03-25 22:30:31: :winlogon.exe:744
2012-03-25 22:30:31: :svchost.exe:796
2012-03-25 22:30:31: :atiesrxx.exe:840
2012-03-25 22:30:31: :svchost.exe:924
2012-03-25 22:30:31: :svchost.exe:968
2012-03-25 22:30:31: :svchost.exe:1004
2012-03-25 22:30:31: :svchost.exe:812
2012-03-25 22:30:31: :Pen_TouchService.exe:1056
2012-03-25 22:30:31: :atieclxx.exe:1132
2012-03-25 22:30:31: :wisptis.exe:1140
2012-03-25 22:30:31: :svchost.exe:1252
2012-03-25 22:30:31: :wlanext.exe:1368
2012-03-25 22:30:31: :conhost.exe:1376
2012-03-25 22:30:31: :spoolsv.exe:1544
2012-03-25 22:30:31: :svchost.exe:1580
2012-03-25 22:30:31: :svchost.exe:1644
2012-03-25 22:30:31: :PhotoshopElementsFileAgent.exe:1692
2012-03-25 22:30:31: :armsvc.exe:1772
2012-03-25 22:30:31: :AERTSr64.exe:1820
2012-03-25 22:30:31: :mDNSResponder.exe:1852
2012-03-25 22:30:31: :CinemaNowSvc.exe:1872
2012-03-25 22:30:31: :HPDrvMntSvc.exe:1932
2012-03-25 22:30:31: :HPWMISVC.exe:1968
2012-03-25 22:30:31: :LSSrvc.exe:2004
2012-03-25 22:30:31: :ccsvchst.exe:1092
2012-03-25 22:30:31: :PnkBstrA.exe:1600
2012-03-25 22:30:31: :sftvsa.exe:2284
2012-03-25 22:30:31: :svchost.exe:2328
2012-03-25 22:30:31: :Pen_Tablet.exe:2352
2012-03-25 22:30:31: :taskhost.exe:2528
2012-03-25 22:30:31: :ccsvchst.exe:2604
2012-03-25 22:30:31: :dwm.exe:2636
2012-03-25 22:30:31: :wisptis.exe:2644
2012-03-25 22:30:31: :explorer.exe:2696
2012-03-25 22:30:31: :WLIDSVC.EXE:2964
2012-03-25 22:30:31: :Pen_TabletUser.exe:3032
2012-03-25 22:30:31: :YahooAUService.exe:3068
2012-03-25 22:30:31: :sftlist.exe:2104
2012-03-25 22:30:31: :WLIDSVCM.EXE:1224
2012-03-25 22:30:31: :Pen_Tablet.exe:3200
2012-03-25 22:30:31: :SynTPEnh.exe:3476
2012-03-25 22:30:31: :RtkNGUI64.exe:3528
2012-03-25 22:30:31: :ZuneLauncher.exe:3572
2012-03-25 22:30:31: :CVHSVC.EXE:3856
2012-03-25 22:30:31: :HPMSGSVC.exe:3912
2012-03-25 22:30:31: :WmiPrvSE.exe:3944
2012-03-25 22:30:31: :SearchIndexer.exe:2624
2012-03-25 22:30:31: :SynTPHelper.exe:3800
2012-03-25 22:30:31: :hpqWmiEx.exe:3796
2012-03-25 22:30:31: :svchost.exe:2652
2012-03-25 22:30:31: :wmpnetwk.exe:2136
2012-03-25 22:30:31: :MOM.exe:4300
2012-03-25 22:30:31: :CCC.exe:4548
2012-03-25 22:30:31: :HPWA_Main.exe:4612
2012-03-25 22:30:31: :HPSA_Service.exe:1148
2012-03-25 22:30:31: :HPWA_Service.exe:4552
2012-03-25 22:30:31: :RtVOsdService.exe:416
2012-03-25 22:30:31: :RtVOsd.exe:1904
2012-03-25 22:30:31: :WmiPrvSE.exe:5860
2012-03-25 22:30:31: :hpCaslNotification.exe:5260
2012-03-25 22:30:31: :atibtmon.exe:4248
2012-03-25 22:30:31: :Pen_TouchUser.exe:5612
2012-03-25 22:30:31: :SearchFilterHost.exe:5904
2012-03-25 22:30:31: :SearchProtocolHost.exe:4952
2012-03-25 22:30:31: :audiodg.exe:4228
2012-03-25 22:30:31: :SearchProtocolHost.exe:5464
2012-03-25 22:30:31: :dllhost.exe:1028
2012-03-25 22:30:31: :dllhost.exe:5024
2012-03-25 22:30:31: :yorkyt.exe:4804
2012-03-25 22:30:31:
2012-03-25 22:30:31: Setting restore point
2012-03-25 22:30:56: RUN mode
2012-03-25 22:30:56: Determining autonomous or dropped mode...
2012-03-25 22:30:56: Autonomus mode
2012-03-25 22:30:57: ---------------------------------------------------------------------
2012-03-25 22:30:57: Found Service: AeLookupSvc
2012-03-25 22:30:57: Real Path: C:\Windows\System32\aelupsvc.dll
2012-03-25 22:30:57: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-03-25 22:30:57: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-03-25 22:30:57: ServiceDLL: System32\aelupsvc.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: aelupsvc.dll
2012-03-25 22:30:57: Original File Name: aelupsvc.dll.mui
2012-03-25 22:30:57: Company:
2012-03-25 22:30:57: Mod/Cre/Acc time:
2012-03-25 22:30:57: ---------------------------------------------------------------------
2012-03-25 22:30:57: Found Service: AppIDSvc
2012-03-25 22:30:57: Real Path: C:\Windows\System32\appidsvc.dll
2012-03-25 22:30:57: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-03-25 22:30:57: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-03-25 22:30:57: ServiceDLL: System32\appidsvc.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: appidsvc.dll
2012-03-25 22:30:57: Original File Name: appidsvc.dll.mui
2012-03-25 22:30:57: Company:
2012-03-25 22:30:57: Mod/Cre/Acc time:
2012-03-25 22:30:57: ---------------------------------------------------------------------
2012-03-25 22:30:57: Found Service: Appinfo
2012-03-25 22:30:57: Real Path: C:\Windows\System32\appinfo.dll
2012-03-25 22:30:57: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-03-25 22:30:57: Description: @%systemroot%\system32\appinfo.dll,-101
2012-03-25 22:30:57: ServiceDLL: System32\appinfo.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: appinfo.dll
2012-03-25 22:30:57: Original File Name: appinfo.dll.mui
2012-03-25 22:30:57: Company:
2012-03-25 22:30:57: Mod/Cre/Acc time:
2012-03-25 22:30:57: !!!!!!!
2012-03-25 22:30:57: Found Service: AppMgmt
2012-03-25 22:30:57: Real Path: C:\Windows\System32\appmgmts.dll
2012-03-25 22:30:57: Display Name:
2012-03-25 22:30:57: Description:
2012-03-25 22:30:57: ServiceDLL: System32\appmgmts.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: appmgmts.dll
2012-03-25 22:30:57: Original File Name:
2012-03-25 22:30:57: Company:
2012-03-25 22:30:57: Mod/Cre/Acc time:
2012-03-25 22:30:57: !!!!!!!!!
2012-03-25 22:30:57: ---------------------------------------------------------------------
2012-03-25 22:30:57: Found Service: AudioEndpointBuilder
2012-03-25 22:30:57: Real Path: C:\Windows\System32\Audiosrv.dll
2012-03-25 22:30:57: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-03-25 22:30:57: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-03-25 22:30:57: ServiceDLL: System32\Audiosrv.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: Audiosrv.dll
2012-03-25 22:30:57: Original File Name: audiosrv.dll.mui
2012-03-25 22:30:57: Company:
2012-03-25 22:30:57: Mod/Cre/Acc time:
2012-03-25 22:30:57: ---------------------------------------------------------------------
2012-03-25 22:30:57: Found Service: AudioSrv
2012-03-25 22:30:57: Real Path: C:\Windows\System32\Audiosrv.dll
2012-03-25 22:30:57: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-03-25 22:30:57: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-03-25 22:30:57: ServiceDLL: System32\Audiosrv.dll
2012-03-25 22:30:57: File size: 0
2012-03-25 22:30:57: DLL File name: Audiosrv.dll
2012-03-25 22:30:58: Original File Name: audiosrv.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: AxInstSV
2012-03-25 22:30:58: Real Path: C:\Windows\System32\AxInstSV.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-03-25 22:30:58: ServiceDLL: System32\AxInstSV.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: AxInstSV.dll
2012-03-25 22:30:58: Original File Name: AxInstSv.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: BDESVC
2012-03-25 22:30:58: Real Path: C:\Windows\System32\bdesvc.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-03-25 22:30:58: ServiceDLL: System32\bdesvc.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: bdesvc.dll
2012-03-25 22:30:58: Original File Name: BDESVC.DLL.MUI
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: BFE
2012-03-25 22:30:58: Real Path: C:\Windows\System32\bfe.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-03-25 22:30:58: ServiceDLL: System32\bfe.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: bfe.dll
2012-03-25 22:30:58: Original File Name: BFE.DLL.MUI
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: BITS
2012-03-25 22:30:58: Real Path: C:\Windows\system32\qmgr.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-03-25 22:30:58: ServiceDLL: system32\qmgr.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: qmgr.dll
2012-03-25 22:30:58: Original File Name: qmgr.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: Browser
2012-03-25 22:30:58: Real Path: C:\Windows\System32\browser.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\browser.dll,-100
2012-03-25 22:30:58: Description: @%systemroot%\system32\browser.dll,-101
2012-03-25 22:30:58: ServiceDLL: System32\browser.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: browser.dll
2012-03-25 22:30:58: Original File Name: browser.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: bthserv
2012-03-25 22:30:58: Real Path: C:\Windows\system32\bthserv.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-03-25 22:30:58: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-03-25 22:30:58: ServiceDLL: system32\bthserv.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: bthserv.dll
2012-03-25 22:30:58: Original File Name: BTHSERV.DLL.MUI
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: CertPropSvc
2012-03-25 22:30:58: Real Path: C:\Windows\System32\certprop.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-03-25 22:30:58: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-03-25 22:30:58: ServiceDLL: System32\certprop.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: certprop.dll
2012-03-25 22:30:58: Original File Name: certprop.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: CryptSvc
2012-03-25 22:30:58: Real Path: C:\Windows\system32\cryptsvc.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-03-25 22:30:58: ServiceDLL: system32\cryptsvc.dll
2012-03-25 22:30:58: File size: 136192
2012-03-25 22:30:58: DLL File name: cryptsvc.dll
2012-03-25 22:30:58: Original File Name: cryptsvc.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time: 20101120081824 20110525232943 20110525232943
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: DcomLaunch
2012-03-25 22:30:58: Real Path: C:\Windows\system32\rpcss.dll
2012-03-25 22:30:58: Display Name: @oleres.dll,-5012
2012-03-25 22:30:58: Description: @oleres.dll,-5013
2012-03-25 22:30:58: ServiceDLL: system32\rpcss.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: rpcss.dll
2012-03-25 22:30:58: Original File Name: rpcss.dll
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: defragsvc
2012-03-25 22:30:58: Real Path: C:\Windows\System32\defragsvc.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-03-25 22:30:58: ServiceDLL: System32\defragsvc.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: defragsvc.dll
2012-03-25 22:30:58: Original File Name: defragsvc.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: Dhcp
2012-03-25 22:30:58: Real Path: C:\Windows\system32\dhcpcore.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-03-25 22:30:58: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-03-25 22:30:58: ServiceDLL: system32\dhcpcore.dll
2012-03-25 22:30:58: File size: 254464
2012-03-25 22:30:58: DLL File name: dhcpcore.dll
2012-03-25 22:30:58: Original File Name: dhcpcore.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time: 20101120081830 20110525232951 20110525232951
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: Dnscache
2012-03-25 22:30:58: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-03-25 22:30:58: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-03-25 22:30:58: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-03-25 22:30:58: ServiceDLL: System32\dnsrslvr.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: dnsrslvr.dll
2012-03-25 22:30:58: Original File Name: dnsrslvr.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: dot3svc
2012-03-25 22:30:58: Real Path: C:\Windows\System32\dot3svc.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-03-25 22:30:58: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-03-25 22:30:58: ServiceDLL: System32\dot3svc.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: dot3svc.dll
2012-03-25 22:30:58: Original File Name: dot3svc.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: DPS
2012-03-25 22:30:58: Real Path: C:\Windows\system32\dps.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\dps.dll,-500
2012-03-25 22:30:58: Description: @%systemroot%\system32\dps.dll,-501
2012-03-25 22:30:58: ServiceDLL: system32\dps.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: dps.dll
2012-03-25 22:30:58: Original File Name: dps.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: EapHost
2012-03-25 22:30:58: Real Path: C:\Windows\System32\eapsvc.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-03-25 22:30:58: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-03-25 22:30:58: ServiceDLL: System32\eapsvc.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: eapsvc.dll
2012-03-25 22:30:58: Original File Name: eapsvc.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: EventSystem
2012-03-25 22:30:58: Real Path: C:\Windows\system32\es.dll
2012-03-25 22:30:58: Display Name: @comres.dll,-2450
2012-03-25 22:30:58: Description: @comres.dll,-2451
2012-03-25 22:30:58: ServiceDLL: system32\es.dll
2012-03-25 22:30:58: File size: 271360
2012-03-25 22:30:58: DLL File name: es.dll
2012-03-25 22:30:58: Original File Name: ES.DLL
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: fdPHost
2012-03-25 22:30:58: Real Path: C:\Windows\system32\fdPHost.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-03-25 22:30:58: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-03-25 22:30:58: ServiceDLL: system32\fdPHost.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: fdPHost.dll
2012-03-25 22:30:58: Original File Name: fdPHost.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: FDResPub
2012-03-25 22:30:58: Real Path: C:\Windows\system32\fdrespub.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-03-25 22:30:58: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-03-25 22:30:58: ServiceDLL: system32\fdrespub.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: fdrespub.dll
2012-03-25 22:30:58: Original File Name: FDResPub.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: !!!!!!!
2012-03-25 22:30:58: Found Service: FontCache
2012-03-25 22:30:58: Real Path: C:\Windows\system32\FntCache.dll
2012-03-25 22:30:58: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-03-25 22:30:58: Description: @%systemroot%\system32\FntCache.dll,-101
2012-03-25 22:30:58: ServiceDLL: system32\FntCache.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: FntCache.dll
2012-03-25 22:30:58: Original File Name: FontCacheService
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:58: !!!!!!!!!
2012-03-25 22:30:58: ---------------------------------------------------------------------
2012-03-25 22:30:58: Found Service: gpsvc
2012-03-25 22:30:58: Real Path: C:\Windows\System32\gpsvc.dll
2012-03-25 22:30:58: Display Name: @gpapi.dll,-112
2012-03-25 22:30:58: Description: @gpapi.dll,-113
2012-03-25 22:30:58: ServiceDLL: System32\gpsvc.dll
2012-03-25 22:30:58: File size: 0
2012-03-25 22:30:58: DLL File name: gpsvc.dll
2012-03-25 22:30:58: Original File Name: gpsvc.dll.mui
2012-03-25 22:30:58: Company:
2012-03-25 22:30:58: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: hidserv
2012-03-25 22:30:59: Real Path: C:\Windows\System32\hidserv.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-03-25 22:30:59: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-03-25 22:30:59: ServiceDLL: System32\hidserv.dll
2012-03-25 22:30:59: File size: 49152
2012-03-25 22:30:59: DLL File name: hidserv.dll
2012-03-25 22:30:59: Original File Name: HIDSERV.DLL.MUI
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: hkmsvc
2012-03-25 22:30:59: Real Path: C:\Windows\system32\kmsvc.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-03-25 22:30:59: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-03-25 22:30:59: ServiceDLL: system32\kmsvc.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: kmsvc.dll
2012-03-25 22:30:59: Original File Name: KmSvc.DLL.MUI
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: HomeGroupListener
2012-03-25 22:30:59: Real Path: C:\Windows\system32\ListSvc.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-03-25 22:30:59: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-03-25 22:30:59: ServiceDLL: system32\ListSvc.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: ListSvc.dll
2012-03-25 22:30:59: Original File Name: ListSvc.dll.mui
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: HomeGroupProvider
2012-03-25 22:30:59: Real Path: C:\Windows\system32\provsvc.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-03-25 22:30:59: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-03-25 22:30:59: ServiceDLL: system32\provsvc.dll
2012-03-25 22:30:59: File size: 165376
2012-03-25 22:30:59: DLL File name: provsvc.dll
2012-03-25 22:30:59: Original File Name: provsvc.dll.mui
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time: 20101120082057 20110525232758 20110525232758
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: IKEEXT
2012-03-25 22:30:59: Real Path: C:\Windows\System32\ikeext.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-03-25 22:30:59: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-03-25 22:30:59: ServiceDLL: System32\ikeext.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: ikeext.dll
2012-03-25 22:30:59: Original File Name: IKEEXT.DLL.MUI
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: IPBusEnum
2012-03-25 22:30:59: Real Path: C:\Windows\system32\ipbusenum.dll
2012-03-25 22:30:59: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-03-25 22:30:59: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-03-25 22:30:59: ServiceDLL: system32\ipbusenum.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: ipbusenum.dll
2012-03-25 22:30:59: Original File Name: IPBusEnum.dll.mui
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: iphlpsvc
2012-03-25 22:30:59: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-03-25 22:30:59: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-03-25 22:30:59: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-03-25 22:30:59: ServiceDLL: System32\iphlpsvc.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: iphlpsvc.dll
2012-03-25 22:30:59: Original File Name: iphlpsvc.dll.mui
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: KtmRm
2012-03-25 22:30:59: Real Path: C:\Windows\system32\msdtckrm.dll
2012-03-25 22:30:59: Display Name: @comres.dll,-2946
2012-03-25 22:30:59: Description: @comres.dll,-2947
2012-03-25 22:30:59: ServiceDLL: system32\msdtckrm.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: msdtckrm.dll
2012-03-25 22:30:59: Original File Name: MSDTCKRM.DLL
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: LanmanServer
2012-03-25 22:30:59: Real Path: C:\Windows\System32\srvsvc.dll
2012-03-25 22:30:59: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-03-25 22:30:59: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-03-25 22:30:59: ServiceDLL: System32\srvsvc.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: srvsvc.dll
2012-03-25 22:30:59: Original File Name: SRVSVC.DLL.MUI
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:30:59: ---------------------------------------------------------------------
2012-03-25 22:30:59: Found Service: LanmanWorkstation
2012-03-25 22:30:59: Real Path: C:\Windows\System32\wkssvc.dll
2012-03-25 22:30:59: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-03-25 22:30:59: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-03-25 22:30:59: ServiceDLL: System32\wkssvc.dll
2012-03-25 22:30:59: File size: 0
2012-03-25 22:30:59: DLL File name: wkssvc.dll
2012-03-25 22:30:59: Original File Name: WKSSVC.DLL.MUI
2012-03-25 22:30:59: Company:
2012-03-25 22:30:59: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: lltdsvc
2012-03-25 22:31:00: Real Path: C:\Windows\System32\lltdsvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-03-25 22:31:00: ServiceDLL: System32\lltdsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: lltdsvc.dll
2012-03-25 22:31:00: Original File Name: LLTDSVC.DLL
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: lmhosts
2012-03-25 22:31:00: Real Path: C:\Windows\System32\lmhsvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-03-25 22:31:00: ServiceDLL: System32\lmhsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: lmhsvc.dll
2012-03-25 22:31:00: Original File Name: lmhsvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: Mcx2Svc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-03-25 22:31:00: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-03-25 22:31:00: ServiceDLL: system32\Mcx2Svc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: Mcx2Svc.dll
2012-03-25 22:31:00: Original File Name: Mcx2Svc.dll
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: MMCSS
2012-03-25 22:31:00: Real Path: C:\Windows\system32\mmcss.dll
2012-03-25 22:31:00: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-03-25 22:31:00: Description: @%systemroot%\system32\mmcss.dll,-101
2012-03-25 22:31:00: ServiceDLL: system32\mmcss.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: mmcss.dll
2012-03-25 22:31:00: Original File Name: mmcss.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: MpsSvc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\mpssvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-03-25 22:31:00: ServiceDLL: system32\mpssvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: mpssvc.dll
2012-03-25 22:31:00: Original File Name: mpssvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: MSiSCSI
2012-03-25 22:31:00: Real Path: C:\Windows\system32\iscsiexe.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-03-25 22:31:00: ServiceDLL: system32\iscsiexe.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: iscsiexe.dll
2012-03-25 22:31:00: Original File Name: iscsiexe.exe.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: napagent
2012-03-25 22:31:00: Real Path: C:\Windows\system32\qagentRT.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-03-25 22:31:00: ServiceDLL: system32\qagentRT.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: qagentRT.dll
2012-03-25 22:31:00: Original File Name: QAgentRT.DLL.MUI
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: Netman
2012-03-25 22:31:00: Real Path: C:\Windows\System32\netman.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\netman.dll,-110
2012-03-25 22:31:00: ServiceDLL: System32\netman.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: netman.dll
2012-03-25 22:31:00: Original File Name: netman.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: netprofm
2012-03-25 22:31:00: Real Path: C:\Windows\System32\netprofm.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-03-25 22:31:00: ServiceDLL: System32\netprofm.dll
2012-03-25 22:31:00: File size: 360448
2012-03-25 22:31:00: DLL File name: netprofm.dll
2012-03-25 22:31:00: Original File Name: netprofm.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: NlaSvc
2012-03-25 22:31:00: Real Path: C:\Windows\System32\nlasvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-03-25 22:31:00: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-03-25 22:31:00: ServiceDLL: System32\nlasvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: nlasvc.dll
2012-03-25 22:31:00: Original File Name: nlasvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: nsi
2012-03-25 22:31:00: Real Path: C:\Windows\system32\nsisvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-03-25 22:31:00: ServiceDLL: system32\nsisvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: nsisvc.dll
2012-03-25 22:31:00: Original File Name: nsisvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: p2pimsvc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-03-25 22:31:00: ServiceDLL: system32\pnrpsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: pnrpsvc.dll
2012-03-25 22:31:00: Original File Name: pnrpsvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: p2psvc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\p2psvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-03-25 22:31:00: ServiceDLL: system32\p2psvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: p2psvc.dll
2012-03-25 22:31:00: Original File Name: p2psvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: !!!!!!!
2012-03-25 22:31:00: Found Service: PcaSvc
2012-03-25 22:31:00: Real Path: C:\Windows\System32\pcasvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-03-25 22:31:00: ServiceDLL: System32\pcasvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: pcasvc.dll
2012-03-25 22:31:00: Original File Name:
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: !!!!!!!!!
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: pla
2012-03-25 22:31:00: Real Path: C:\Windows\system32\pla.dll
2012-03-25 22:31:00: Display Name: @%systemroot%\system32\pla.dll,-500
2012-03-25 22:31:00: Description: @%systemroot%\system32\pla.dll,-501
2012-03-25 22:31:00: ServiceDLL: system32\pla.dll
2012-03-25 22:31:00: File size: 1508864
2012-03-25 22:31:00: DLL File name: pla.dll
2012-03-25 22:31:00: Original File Name: PLA.DLL.MUI
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time: 20101120082054 20110525232926 20110525232926
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: PlugPlay
2012-03-25 22:31:00: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-03-25 22:31:00: ServiceDLL: system32\umpnpmgr.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: umpnpmgr.dll
2012-03-25 22:31:00: Original File Name: Umpnpmgr.DLL.MUI
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: PNRPAutoReg
2012-03-25 22:31:00: Real Path: C:\Windows\system32\pnrpauto.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-03-25 22:31:00: ServiceDLL: system32\pnrpauto.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: pnrpauto.dll
2012-03-25 22:31:00: Original File Name: pnrpauto.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: PNRPsvc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-03-25 22:31:00: ServiceDLL: system32\pnrpsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: pnrpsvc.dll
2012-03-25 22:31:00: Original File Name: pnrpsvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: PolicyAgent
2012-03-25 22:31:00: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-03-25 22:31:00: ServiceDLL: System32\ipsecsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: ipsecsvc.dll
2012-03-25 22:31:00: Original File Name: ipsecsvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: Power
2012-03-25 22:31:00: Real Path: C:\Windows\system32\umpo.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-03-25 22:31:00: ServiceDLL: system32\umpo.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: umpo.dll
2012-03-25 22:31:00: Original File Name: Umpo.DLL.MUI
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: ProfSvc
2012-03-25 22:31:00: Real Path: C:\Windows\system32\profsvc.dll
2012-03-25 22:31:00: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-03-25 22:31:00: Description: @%systemroot%\system32\profsvc.dll,-301
2012-03-25 22:31:00: ServiceDLL: system32\profsvc.dll
2012-03-25 22:31:00: File size: 0
2012-03-25 22:31:00: DLL File name: profsvc.dll
2012-03-25 22:31:00: Original File Name: ProfSvc.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time:
2012-03-25 22:31:00: ---------------------------------------------------------------------
2012-03-25 22:31:00: Found Service: QWAVE
2012-03-25 22:31:00: Real Path: C:\Windows\system32\qwave.dll
2012-03-25 22:31:00: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-03-25 22:31:00: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-03-25 22:31:00: ServiceDLL: system32\qwave.dll
2012-03-25 22:31:00: File size: 210944
2012-03-25 22:31:00: DLL File name: qwave.dll
2012-03-25 22:31:00: Original File Name: qwave.dll.mui
2012-03-25 22:31:00: Company:
2012-03-25 22:31:00: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RasAuto
2012-03-25 22:31:01: Real Path: C:\Windows\System32\rasauto.dll
2012-03-25 22:31:01: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-03-25 22:31:01: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-03-25 22:31:01: ServiceDLL: System32\rasauto.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: rasauto.dll
2012-03-25 22:31:01: Original File Name: rasauto.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RasMan
2012-03-25 22:31:01: Real Path: C:\Windows\System32\rasmans.dll
2012-03-25 22:31:01: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-03-25 22:31:01: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-03-25 22:31:01: ServiceDLL: System32\rasmans.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: rasmans.dll
2012-03-25 22:31:01: Original File Name: Rasmans.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RemoteAccess
2012-03-25 22:31:01: Real Path: C:\Windows\System32\mprdim.dll
2012-03-25 22:31:01: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-03-25 22:31:01: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-03-25 22:31:01: ServiceDLL: System32\mprdim.dll
2012-03-25 22:31:01: File size: 75264
2012-03-25 22:31:01: DLL File name: mprdim.dll
2012-03-25 22:31:01: Original File Name: MPRDIM.DLL.MUI
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RemoteRegistry
2012-03-25 22:31:01: Real Path: C:\Windows\system32\regsvc.dll
2012-03-25 22:31:01: Display Name: @regsvc.dll,-1
2012-03-25 22:31:01: Description: @regsvc.dll,-2
2012-03-25 22:31:01: ServiceDLL: system32\regsvc.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: regsvc.dll
2012-03-25 22:31:01: Original File Name: REGSVC.DLL.MUI
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RpcEptMapper
2012-03-25 22:31:01: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-03-25 22:31:01: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-03-25 22:31:01: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-03-25 22:31:01: ServiceDLL: System32\RpcEpMap.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: RpcEpMap.dll
2012-03-25 22:31:01: Original File Name: RpcEpMap.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: RpcSs
2012-03-25 22:31:01: Real Path: C:\Windows\system32\rpcss.dll
2012-03-25 22:31:01: Display Name: @oleres.dll,-5010
2012-03-25 22:31:01: Description: @oleres.dll,-5011
2012-03-25 22:31:01: ServiceDLL: system32\rpcss.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: rpcss.dll
2012-03-25 22:31:01: Original File Name: rpcss.dll
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SCardSvr
2012-03-25 22:31:01: Real Path: C:\Windows\System32\SCardSvr.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-03-25 22:31:01: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-03-25 22:31:01: ServiceDLL: System32\SCardSvr.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: SCardSvr.dll
2012-03-25 22:31:01: Original File Name: SCardSvr.exe.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: Schedule
2012-03-25 22:31:01: Real Path: C:\Windows\system32\schedsvc.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-03-25 22:31:01: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-03-25 22:31:01: ServiceDLL: system32\schedsvc.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: schedsvc.dll
2012-03-25 22:31:01: Original File Name: schedsvc.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SCPolicySvc
2012-03-25 22:31:01: Real Path: C:\Windows\System32\certprop.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-03-25 22:31:01: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-03-25 22:31:01: ServiceDLL: System32\certprop.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: certprop.dll
2012-03-25 22:31:01: Original File Name: certprop.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SDRSVC
2012-03-25 22:31:01: Real Path: C:\Windows\System32\SDRSVC.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-03-25 22:31:01: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-03-25 22:31:01: ServiceDLL: System32\SDRSVC.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: SDRSVC.dll
2012-03-25 22:31:01: Original File Name: SDRSVC.DLL.MUI
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: seclogon
2012-03-25 22:31:01: Real Path: C:\Windows\system32\seclogon.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-03-25 22:31:01: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-03-25 22:31:01: ServiceDLL: system32\seclogon.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: seclogon.dll
2012-03-25 22:31:01: Original File Name: SECLOGON.EXE.MUI
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SENS
2012-03-25 22:31:01: Real Path: C:\Windows\system32\sens.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-03-25 22:31:01: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-03-25 22:31:01: ServiceDLL: system32\sens.dll
2012-03-25 22:31:01: File size: 49664
2012-03-25 22:31:01: DLL File name: sens.dll
2012-03-25 22:31:01: Original File Name: sens.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SensrSvc
2012-03-25 22:31:01: Real Path: C:\Windows\system32\sensrsvc.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-03-25 22:31:01: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-03-25 22:31:01: ServiceDLL: system32\sensrsvc.dll
2012-03-25 22:31:01: File size: 0
2012-03-25 22:31:01: DLL File name: sensrsvc.dll
2012-03-25 22:31:01: Original File Name: sensrsvc.dll.mui
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time:
2012-03-25 22:31:01: ---------------------------------------------------------------------
2012-03-25 22:31:01: Found Service: SessionEnv
2012-03-25 22:31:01: Real Path: C:\Windows\system32\sessenv.dll
2012-03-25 22:31:01: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-03-25 22:31:01: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-03-25 22:31:01: ServiceDLL: system32\sessenv.dll
2012-03-25 22:31:01: File size: 113664
2012-03-25 22:31:01: DLL File name: sessenv.dll
2012-03-25 22:31:01: Original File Name: SessEnv.DLL.MUI
2012-03-25 22:31:01: Company:
2012-03-25 22:31:01: Mod/Cre/Acc time: 20101120082108 20110525233011 20110525233011
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: SharedAccess
2012-03-25 22:31:02: Real Path: C:\Windows\System32\ipnathlp.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-03-25 22:31:02: ServiceDLL: System32\ipnathlp.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: ipnathlp.dll
2012-03-25 22:31:02: Original File Name: IPNATHLP.DLL.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: ShellHWDetection
2012-03-25 22:31:02: Real Path: C:\Windows\System32\shsvcs.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-03-25 22:31:02: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-03-25 22:31:02: ServiceDLL: System32\shsvcs.dll
2012-03-25 22:31:02: File size: 328192
2012-03-25 22:31:02: DLL File name: shsvcs.dll
2012-03-25 22:31:02: Original File Name: SHSVCS.DLL.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time: 20101120082119 20110525232919 20110525232919
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: sppuinotify
2012-03-25 22:31:02: Real Path: C:\Windows\system32\sppuinotify.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-03-25 22:31:02: ServiceDLL: system32\sppuinotify.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: sppuinotify.dll
2012-03-25 22:31:02: Original File Name: sppuinotify.dll.mui
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: SSDPSRV
2012-03-25 22:31:02: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-03-25 22:31:02: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-03-25 22:31:02: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-03-25 22:31:02: ServiceDLL: System32\ssdpsrv.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: ssdpsrv.dll
2012-03-25 22:31:02: Original File Name: ssdpsrv.dll.mui
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: SstpSvc
2012-03-25 22:31:02: Real Path: C:\Windows\system32\sstpsvc.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-03-25 22:31:02: ServiceDLL: system32\sstpsvc.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: sstpsvc.dll
2012-03-25 22:31:02: Original File Name: sstpsvc.dll.mui
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: stisvc
2012-03-25 22:31:02: Real Path: C:\Windows\System32\wiaservc.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-03-25 22:31:02: ServiceDLL: System32\wiaservc.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: wiaservc.dll
2012-03-25 22:31:02: Original File Name: WIASERVC.DLL.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: swprv
2012-03-25 22:31:02: Real Path: C:\Windows\System32\swprv.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-03-25 22:31:02: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-03-25 22:31:02: ServiceDLL: System32\swprv.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: swprv.dll
2012-03-25 22:31:02: Original File Name: SWPRV.DLL.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: SysMain
2012-03-25 22:31:02: Real Path: C:\Windows\system32\sysmain.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-03-25 22:31:02: ServiceDLL: system32\sysmain.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: sysmain.dll
2012-03-25 22:31:02: Original File Name: sysmain.dll.mui
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: TabletInputService
2012-03-25 22:31:02: Real Path: C:\Windows\System32\TabSvc.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-03-25 22:31:02: ServiceDLL: System32\TabSvc.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: TabSvc.dll
2012-03-25 22:31:02: Original File Name: TabSvc.dll.mui
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: TapiSrv
2012-03-25 22:31:02: Real Path: C:\Windows\System32\tapisrv.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-03-25 22:31:02: ServiceDLL: System32\tapisrv.dll
2012-03-25 22:31:02: File size: 242176
2012-03-25 22:31:02: DLL File name: tapisrv.dll
2012-03-25 22:31:02: Original File Name: TAPISRV.EXE.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time: 20101120082128 20110525232846 20110525232846
2012-03-25 22:31:02: ---------------------------------------------------------------------
2012-03-25 22:31:02: Found Service: TBS
2012-03-25 22:31:02: Real Path: C:\Windows\System32\tbssvc.dll
2012-03-25 22:31:02: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-03-25 22:31:02: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-03-25 22:31:02: ServiceDLL: System32\tbssvc.dll
2012-03-25 22:31:02: File size: 0
2012-03-25 22:31:02: DLL File name: tbssvc.dll
2012-03-25 22:31:02: Original File Name: TBSSVC.DLL.MUI
2012-03-25 22:31:02: Company:
2012-03-25 22:31:02: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: TermService
2012-03-25 22:31:03: Real Path: C:\Windows\System32\termsrv.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-03-25 22:31:03: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-03-25 22:31:03: ServiceDLL: System32\termsrv.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: termsrv.dll
2012-03-25 22:31:03: Original File Name: termsrv.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: Themes
2012-03-25 22:31:03: Real Path: C:\Windows\system32\themeservice.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-03-25 22:31:03: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-03-25 22:31:03: ServiceDLL: system32\themeservice.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: themeservice.dll
2012-03-25 22:31:03: Original File Name: THEMESERVICE.DLL.MUI
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: THREADORDER
2012-03-25 22:31:03: Real Path: C:\Windows\system32\mmcss.dll
2012-03-25 22:31:03: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-03-25 22:31:03: Description: @%systemroot%\system32\mmcss.dll,-103
2012-03-25 22:31:03: ServiceDLL: system32\mmcss.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: mmcss.dll
2012-03-25 22:31:03: Original File Name: mmcss.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: TrkWks
2012-03-25 22:31:03: Real Path: C:\Windows\System32\trkwks.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-03-25 22:31:03: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-03-25 22:31:03: ServiceDLL: System32\trkwks.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: trkwks.dll
2012-03-25 22:31:03: Original File Name: trkwks.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: !!!!!!!
2012-03-25 22:31:03: Found Service: upnphost
2012-03-25 22:31:03: Real Path: C:\Windows\System32\upnphost.dll
2012-03-25 22:31:03: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-03-25 22:31:03: Description: @%systemroot%\system32\upnphost.dll,-214
2012-03-25 22:31:03: ServiceDLL: System32\upnphost.dll
2012-03-25 22:31:03: File size: 266752
2012-03-25 22:31:03: DLL File name: upnphost.dll
2012-03-25 22:31:03: Original File Name: unpnhost.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time: 20090713211617 20090713195541 200907131955412012-03-25 22:31:03: !!!!!!!!!
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: UxSms
2012-03-25 22:31:03: Real Path: C:\Windows\System32\uxsms.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-03-25 22:31:03: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-03-25 22:31:03: ServiceDLL: System32\uxsms.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: uxsms.dll
2012-03-25 22:31:03: Original File Name: UxSms.dll
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: W32Time
2012-03-25 22:31:03: Real Path: C:\Windows\system32\w32time.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-03-25 22:31:03: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-03-25 22:31:03: ServiceDLL: system32\w32time.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: w32time.dll
2012-03-25 22:31:03: Original File Name: w32time.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: WbioSrvc
2012-03-25 22:31:03: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-03-25 22:31:03: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-03-25 22:31:03: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-03-25 22:31:03: ServiceDLL: System32\wbiosrvc.dll
2012-03-25 22:31:03: File size: 0
2012-03-25 22:31:03: DLL File name: wbiosrvc.dll
2012-03-25 22:31:03: Original File Name: wbiosrvc.dll.mui
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time:
2012-03-25 22:31:03: ---------------------------------------------------------------------
2012-03-25 22:31:03: Found Service: wcncsvc
2012-03-25 22:31:03: Real Path: C:\Windows\System32\wcncsvc.dll
2012-03-25 22:31:03: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-03-25 22:31:03: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-03-25 22:31:03: ServiceDLL: System32\wcncsvc.dll
2012-03-25 22:31:03: File size: 276992
2012-03-25 22:31:03: DLL File name: wcncsvc.dll
2012-03-25 22:31:03: Original File Name: WCNCSVC.DLL.MUI
2012-03-25 22:31:03: Company:
2012-03-25 22:31:03: Mod/Cre/Acc time: 20101120082135 20110525232911 20110525232911
2012-03-25 22:31:04: ---------------------------------------------------------------------
2012-03-25 22:31:04: Found Service: WcsPlugInService
2012-03-25 22:31:04: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-03-25 22:31:04: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-03-25 22:31:04: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-03-25 22:31:04: ServiceDLL: System32\WcsPlugInService.dll
2012-03-25 22:31:04: File size: 32768
2012-03-25 22:31:04: DLL File name: WcsPlugInService.dll
2012-03-25 22:31:04: Original File Name: WcsPlugInService.DLL.MUI
2012-03-25 22:31:04: Company:
2012-03-25 22:31:04: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-03-25 22:31:04: ---------------------------------------------------------------------
2012-03-25 22:31:04: Found Service: WdiServiceHost
2012-03-25 22:31:04: Real Path: C:\Windows\system32\wdi.dll
2012-03-25 22:31:04: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-03-25 22:31:04: Description: @%systemroot%\system32\wdi.dll,-503
2012-03-25 22:31:04: ServiceDLL: system32\wdi.dll
2012-03-25 22:31:04: File size: 76288
2012-03-25 22:31:04: DLL File name: wdi.dll
2012-03-25 22:31:04: Original File Name: wdi.dll.mui
2012-03-25 22:31:04: Company:
2012-03-25 22:31:04: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-03-25 22:31:04: ---------------------------------------------------------------------
2012-03-25 22:31:04: Found Service: WdiSystemHost
2012-03-25 22:31:04: Real Path: C:\Windows\system32\wdi.dll
2012-03-25 22:31:04: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-03-25 22:31:04: Description: @%systemroot%\system32\wdi.dll,-501
2012-03-25 22:31:04: ServiceDLL: system32\wdi.dll
2012-03-25 22:31:04: File size: 76288
2012-03-25 22:31:04: DLL File name: wdi.dll
2012-03-25 22:31:04: Original File Name: wdi.dll.mui
2012-03-25 22:31:04: Company:
2012-03-25 22:31:04: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-03-25 22:31:04: !!!!!!!
2012-03-25 22:31:04: Found Service: WebClient
2012-03-25 22:31:04: Real Path: C:\Windows\System32\webclnt.dll
2012-03-25 22:31:04: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-03-25 22:31:04: Description: @%systemroot%\system32\webclnt.dll,-101
2012-03-25 22:31:04: ServiceDLL: System32\webclnt.dll
2012-03-25 22:31:04: File size: 204800
2012-03-25 22:31:04: DLL File name: webclnt.dll
2012-03-25 22:31:04: Original File Name: davsvc.dll.mui
2012-03-25 22:31:04: Company:
2012-03-25 22:31:04: Mod/Cre/Acc time: 20101120082135 20110525233006 20110525233006
2012-03-25 22:31:04: !!!!!!!!!
2012-03-25 22:31:04: ---------------------------------------------------------------------
2012-03-25 22:31:04: Found Service: Wecsvc
2012-03-25 22:31:04: Real Path: C:\Windows\system32\wecsvc.dll
2012-03-25 22:31:04: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-03-25 22:31:04: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-03-25 22:31:04: ServiceDLL: system32\wecsvc.dll
2012-03-25 22:31:04: File size: 0
2012-03-25 22:31:04: DLL File name: wecsvc.dll
2012-03-25 22:31:04: Original File Name: wecsvc.dll.mui
2012-03-25 22:31:04: Company:
2012-03-25 22:31:04: Mod/Cre/Acc time:
2012-03-25 22:31:05: !!!!!!!
2012-03-25 22:31:05: Found Service: wercplsupport
2012-03-25 22:31:05: Real Path: C:\Windows\System32\wercplsupport.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-03-25 22:31:05: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-03-25 22:31:05: ServiceDLL: System32\wercplsupport.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: wercplsupport.dll
2012-03-25 22:31:05: Original File Name: ERC
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: !!!!!!!!!
2012-03-25 22:31:05: !!!!!!!
2012-03-25 22:31:05: Found Service: WerSvc
2012-03-25 22:31:05: Real Path: C:\Windows\System32\WerSvc.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-03-25 22:31:05: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-03-25 22:31:05: ServiceDLL: System32\WerSvc.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: WerSvc.dll
2012-03-25 22:31:05: Original File Name: wersvc
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: !!!!!!!!!
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: Winmgmt
2012-03-25 22:31:05: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-03-25 22:31:05: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-03-25 22:31:05: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-03-25 22:31:05: ServiceDLL: system32\wbem\WMIsvc.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: WMIsvc.dll
2012-03-25 22:31:05: Original File Name: wmisvc.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: WinRM
2012-03-25 22:31:05: Real Path: C:\Windows\system32\WsmSvc.dll
2012-03-25 22:31:05: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-03-25 22:31:05: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-03-25 22:31:05: ServiceDLL: system32\WsmSvc.dll
2012-03-25 22:31:05: File size: 1175040
2012-03-25 22:31:05: DLL File name: WsmSvc.dll
2012-03-25 22:31:05: Original File Name: WsmSvc.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time: 20101120082139 20110525233016 20110525233016
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: Wlansvc
2012-03-25 22:31:05: Real Path: C:\Windows\System32\wlansvc.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-03-25 22:31:05: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-03-25 22:31:05: ServiceDLL: System32\wlansvc.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: wlansvc.dll
2012-03-25 22:31:05: Original File Name: wlansvc.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: WPCSvc
2012-03-25 22:31:05: Real Path: C:\Windows\System32\wpcsvc.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-03-25 22:31:05: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-03-25 22:31:05: ServiceDLL: System32\wpcsvc.dll
2012-03-25 22:31:05: File size: 10752
2012-03-25 22:31:05: DLL File name: wpcsvc.dll
2012-03-25 22:31:05: Original File Name: wpcsvc.exe.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: WPDBusEnum
2012-03-25 22:31:05: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-03-25 22:31:05: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-03-25 22:31:05: ServiceDLL: system32\wpdbusenum.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: wpdbusenum.dll
2012-03-25 22:31:05: Original File Name: WpdBusEnum.DLL.MUI
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: wscsvc
2012-03-25 22:31:05: Real Path: C:\Windows\system32\wscsvc.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-03-25 22:31:05: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-03-25 22:31:05: ServiceDLL: system32\wscsvc.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: wscsvc.dll
2012-03-25 22:31:05: Original File Name: wscsvc.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: wuauserv
2012-03-25 22:31:05: Real Path: C:\Windows\system32\wuaueng.dll
2012-03-25 22:31:05: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-03-25 22:31:05: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-03-25 22:31:05: ServiceDLL: system32\wuaueng.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: wuaueng.dll
2012-03-25 22:31:05: Original File Name: wuaueng.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:05: ---------------------------------------------------------------------
2012-03-25 22:31:05: Found Service: wudfsvc
2012-03-25 22:31:05: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-03-25 22:31:05: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-03-25 22:31:05: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-03-25 22:31:05: ServiceDLL: System32\WUDFSvc.dll
2012-03-25 22:31:05: File size: 0
2012-03-25 22:31:05: DLL File name: WUDFSvc.dll
2012-03-25 22:31:05: Original File Name: WUDFSvc.dll.mui
2012-03-25 22:31:05: Company:
2012-03-25 22:31:05: Mod/Cre/Acc time:
2012-03-25 22:31:06: ---------------------------------------------------------------------
2012-03-25 22:31:06: Found Service: WwanSvc
2012-03-25 22:31:06: Real Path: C:\Windows\System32\wwansvc.dll
2012-03-25 22:31:06: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-03-25 22:31:06: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-03-25 22:31:06: ServiceDLL: System32\wwansvc.dll
2012-03-25 22:31:06: File size: 0
2012-03-25 22:31:06: DLL File name: wwansvc.dll
2012-03-25 22:31:06: Original File Name: WwanSvc.dll.mui
2012-03-25 22:31:06: Company:
2012-03-25 22:31:06: Mod/Cre/Acc time:
2012-03-25 22:31:06:
2012-03-25 22:31:06: Looking for SHELL key
2012-03-25 22:31:12: Folder: GAC
2012-03-25 22:31:12: Folder: GAC_32
2012-03-25 22:31:12: Folder: GAC_64
2012-03-25 22:31:12: Folder: GAC_MSIL
2012-03-25 22:31:12: Folder: NativeImages_v2.0.50727_32
2012-03-25 22:31:12: Folder: NativeImages_v2.0.50727_64
2012-03-25 22:31:12: Folder: NativeImages_v4.0.30319_32
2012-03-25 22:31:12: Folder: NativeImages_v4.0.30319_64
2012-03-25 22:31:12: Folder: temp
2012-03-25 22:31:12: Folder: tmp
2012-03-25 22:31:12: Checking for bad folder
2012-03-25 22:31:12: Found 1 folders.
2012-03-25 22:31:12: Checking C:\Windows\assembly\tmp
2012-03-25 22:31:12: ... Folder test returns: 1
2012-03-25 22:31:12: Autonomous mode, clearing out yt folder
2012-03-25 22:31:12: cmd.exe /c start "C:\Users\Timothy\Desktop\yorkyt.exe"
2012-03-25 22:31:23: Restarting...
2012-03-25 22:33:09: ****************************************************
2012-03-25 22:33:09: Starting UP ... v 0.0.0.192
2012-03-25 22:33:09: ****************************************************
2012-03-25 22:33:09: Listing processes...
2012-03-25 22:33:09: :[System Process]:0
2012-03-25 22:33:09: :System:4
2012-03-25 22:33:09: :smss.exe:280
2012-03-25 22:33:09: :csrss.exe:412
2012-03-25 22:33:09: :wininit.exe:476
2012-03-25 22:33:09: :csrss.exe:496
2012-03-25 22:33:09: :services.exe:540
2012-03-25 22:33:09: :lsass.exe:556
2012-03-25 22:33:09: :lsm.exe:564
2012-03-25 22:33:09: :svchost.exe:676
2012-03-25 22:33:09: :winlogon.exe:732
2012-03-25 22:33:09: :svchost.exe:784
2012-03-25 22:33:09: :atiesrxx.exe:840
2012-03-25 22:33:09: :svchost.exe:912
2012-03-25 22:33:09: :svchost.exe:952
2012-03-25 22:33:09: :svchost.exe:980
2012-03-25 22:33:09: :audiodg.exe:424
2012-03-25 22:33:09: :svchost.exe:484
2012-03-25 22:33:09: :Pen_TouchService.exe:1056
2012-03-25 22:33:09: :atieclxx.exe:1124
2012-03-25 22:33:09: :wisptis.exe:1144
2012-03-25 22:33:09: :atibtmon.exe:1188
2012-03-25 22:33:09: :svchost.exe:1312
2012-03-25 22:33:09: :wlanext.exe:1428
2012-03-25 22:33:09: :conhost.exe:1436
2012-03-25 22:33:09: :spoolsv.exe:1528
2012-03-25 22:33:09: :svchost.exe:1556
2012-03-25 22:33:09: :svchost.exe:1644
2012-03-25 22:33:09: :PhotoshopElementsFileAgent.exe:1684
2012-03-25 22:33:09: :armsvc.exe:1768
2012-03-25 22:33:09: :AERTSr64.exe:1792
2012-03-25 22:33:09: :mDNSResponder.exe:1848
2012-03-25 22:33:09: :CinemaNowSvc.exe:1868
2012-03-25 22:33:09: :HPDrvMntSvc.exe:1928
2012-03-25 22:33:09: :HPWMISVC.exe:1968
2012-03-25 22:33:09: :LSSrvc.exe:2000
2012-03-25 22:33:09: :ccsvchst.exe:1676
2012-03-25 22:33:09: :PnkBstrA.exe:1720
2012-03-25 22:33:09: :sftvsa.exe:2148
2012-03-25 22:33:09: :svchost.exe:2184
2012-03-25 22:33:09: :Pen_Tablet.exe:2284
2012-03-25 22:33:09: :WLIDSVC.EXE:2352
2012-03-25 22:33:09: :YahooAUService.exe:2500
2012-03-25 22:33:09: :WLIDSVCM.EXE:2584
2012-03-25 22:33:09: :sftlist.exe:2612
2012-03-25 22:33:09: :CVHSVC.EXE:2912
2012-03-25 22:33:09: :taskhost.exe:3012
2012-03-25 22:33:09: :userinit.exe:2300
2012-03-25 22:33:09: :dwm.exe:2360
2012-03-25 22:33:09: :explorer.exe:1732
2012-03-25 22:33:09: :ccsvchst.exe:3144
2012-03-25 22:33:09: :wisptis.exe:3268
2012-03-25 22:33:09: :Pen_TabletUser.exe:3324
2012-03-25 22:33:09: :Pen_TouchUser.exe:3344
2012-03-25 22:33:09: :svchost.exe:3548
2012-03-25 22:33:09: :WmiPrvSE.exe:3636
2012-03-25 22:33:09: :Pen_Tablet.exe:3680
2012-03-25 22:33:09: :rundll32.exe:3764
2012-03-25 22:33:09: :yorkyt.exe:3876
2012-03-25 22:33:09: :SynTPEnh.exe:4068
2012-03-25 22:33:09: :RtkNGUI64.exe:4084
2012-03-25 22:33:09: :DelayedAppStarter.exe:2408
2012-03-25 22:33:09: :ZuneLauncher.exe:2340
2012-03-25 22:33:09: :runonce.exe:3088
2012-03-25 22:33:09: :dllhost.exe:2440
2012-03-25 22:33:09: :SynTPHelper.exe:2944
2012-03-25 22:33:09:
2012-03-25 22:33:09: Starting cleanup mode...
2012-03-25 22:33:53: ... Done with files, now folders
2012-03-25 22:35:11: All DONE





RogueKiller log:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Timothy [Admin rights]
Mode: Scan -- Date: 03/25/2012 22:38:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEVT-60A23T0 SATA Disk Device +++++
--- User ---
[MBR] 6ac66997563fcc3f6a376571ffc466c6
[BSP] 254dd57fc886b767657535bf210e1e23 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287178 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588552192 | Size: 17762 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bab95170c4dd25bd78382f53bc178844
[BSP] 254dd57fc886b767657535bf210e1e23 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287179 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588552192 | Size: 17762 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt




Unfortunately, the issue persists. First link I clicked in Firefox redirected me to "happili".

#9 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 March 2012 - 02:47 PM

So, on my lunch break today I uninstalled Firefox and Chrome. I reset TCP/IP, cleared DNS cache, and deleted practically every temporary file in existence. I then re-installed the browsers, along with a new browser (Opera). I did not have time to test it yet. Once I get home, I am uninstalling Java, Flash, and a few other plugins, then re-installing their latest releases. Windows also installed some updates last night, but I will check for new updates today. Once I have completed all of this, I will repeat the steps I've been given thus far and if the issue is not resolved I'm going to backup everything, burn my recovery DVDs, and take that route.

I will still be updating this thread as I do these things. I still have an hour and 15 minutes of work left before I can get any of this done though, and will check the thread before I get started. I'm sure some of this may be unadvisable, but I am ready to get rid of this thing as fast as possible.

#10 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 March 2012 - 04:35 PM

All of this seems to have fixed it. I have tested Firefox, Chrome, and Opera with no issues and no re-directs. I just finished configuring all of the browsers the way I had them previously to increase security. I am about to check for any updates to Windows and update all of my security software and run scans. I have already removed all of the software I downloaded during this whole process and uninstalled combofix using instructions from another post. I'm angry that uninstalling the browsers didn't work the first time.

Anyway, I am also going to be taking a few extra steps that I mentioned, such as the Flash and Java things as well as getting rid of a few other programs I no longer use. I really do appreciate the assistance though. Please post any further tips. I'll update in a little while with any additional changes I make.

#11 melomaniac

melomaniac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 26 March 2012 - 05:43 PM

So, I uninstalled ALL version of Java and Flash, Shockwave, Unity, and a few others plugins that can be gotten later (when/if) needed. I then re-installed only the latest version of Java and Flash. I uninstalled several programs that I felt could obtain any malicious files. Notron Internet Security 2012 is up-to-date, MalwareBytes is up-to-date, Spybot S&D is up-to-date, as well as my OS is up-to-date. I will be checking HP's side of things to ensure that ltest BIOS and such as well. I will also be running a full system scan with all of my security software. So far though, everything appears to be under my control again. I am currently using Firefox and have extensively tested it (I googled several random things with "wiki" attached at the end and opened close to 75 wiki articles with no redirects, before I would get redirected every 2 of 3 times). Once again, I would like to thank you for your assistance.

Edit: I have gave a donation to compensate for your troubles. Thanks again.

Edited by melomaniac, 26 March 2012 - 05:46 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:26 AM

Posted 26 March 2012 - 05:58 PM

Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:26 AM

Posted 28 March 2012 - 04:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users