Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan has partially wiped my start menu, and ESET couldnt remove it completely


  • This topic is locked This topic is locked
10 replies to this topic

#1 DrifterUK

DrifterUK

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 29 March 2012 - 12:15 PM

Hey guys

I need help removing what I think is a trojan. The other day, I began experiencing a variety of problems with my laptop, including my Google searches being redirected to junk sites and my laptop repeatedly Blue screening.
I posted in the 'Am I infected, what do I do' to get help (original thread here http://www.bleepingcomputer.com/forums/topic447880.html) and recieved help from Boopme. With his help, the blue screening has stopped, as has the google redirects. However, Im now experiencing a problem with my start menu where a lot of the items are missing after running Unhide.exe, possibly because I may have used a Temp file cleaner whan I first ran Spybot before coming to these forums for help. Additionally, when I ran ESET online scanner, it said it found 13 issues, but could only remove 12 of them.

I was then asked by Boopme to post here, and link to this post in particular - http://www.bleepingcomputer.com/forums/topic447880.html/page__pid__2646134#entry2646134 , which contains the log from ESET

This is the log from DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Drifter at 18:37:54 on 2012-03-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3001.1134 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_S4E9E.tmp" /EF "HKCU"
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeBridge]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_S1AEF.tmp" /EF "HKCU"
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [Windows Update Server] c:\windows\system32\config\systemprofile\5e0b5985-3221.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{723A056E-584D-4BBD-9647-04B69217C4AB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2387207-02E8-494F-B248-B1A10D90814C} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\drifter\appdata\roaming\mozilla\firefox\profiles\esnen9a0.default\
FF - prefs.js: browser.startup.homepage - hxxp://drifteruk.deviantart.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-5 309848]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-5 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-5 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-8 42184]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-16 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-16 416112]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-31 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-16 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-6 1343400]
.
=============== Created Last 30 ================
.
2012-03-28 17:29:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 04:11:28 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4d125961-275a-4e05-b9b0-100f435bfa42}\mpengine.dll
2012-03-15 00:01:55 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 00:01:53 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:31:57 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:31:55 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 09:31:55 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 09:31:55 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 09:31:55 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 09:31:55 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:31:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:31:26 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:31:26 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:31:24 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:31:24 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:31:24 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-29 01:32:15 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-23 09:18:36 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 18:40:22.68 ===============


Ive also attached the 'Attatch.txt' file from DDS, and the 'Ark.txt' file from GMER

Sorry if Ive missed anything important. Im not entirely sure what sort of things I need to include in this post in addition to the DDS and GMER logs

Thanks in advance for any help
Drifter

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 02 April 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

However, Im now experiencing a problem with my start menu where a lot of the items are missing after running Unhide.exe, possibly because I may have used a Temp file cleaner


Correct. Try this fix.

http://www.bleepingcomputer.com/forums/topic405109.html

For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. Download and run this file and run it.
On Windows 7 and vista Right click on the .exe file and run as an Administrator.

Download this .exe file to your desktop and run it.
Windows 7 32-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe

Or

Download this .exe file to your desktop and run it.
Windows 7 64-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe
===

I see sign of a rootkit infection in your DDS log that may still be present.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.

Please post the logs for my review.

#3 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 April 2012 - 03:03 PM

Thanks for the reply

I ran the .exe files to restore the start menu. It restored a fair amount of the programs, though not all of them. Im guessing it only restored the default programs like the Accessories folder, but not the ones I installed, like Last.fm. Would reinstalling the ones that are still missing put them back in the Start Menu?

Here is the log from TDSS Killer

11:41:38.0925 0148 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
11:41:39.0300 0148 ============================================================
11:41:39.0300 0148 Current date / time: 2012/04/03 11:41:39.0300
11:41:39.0300 0148 SystemInfo:
11:41:39.0300 0148
11:41:39.0300 0148 OS Version: 6.1.7600 ServicePack: 0.0
11:41:39.0300 0148 Product type: Workstation
11:41:39.0300 0148 ComputerName: DRIFTER-PC
11:41:39.0300 0148 UserName: Drifter
11:41:39.0300 0148 Windows directory: C:\Windows
11:41:39.0300 0148 System windows directory: C:\Windows
11:41:39.0300 0148 Processor architecture: Intel x86
11:41:39.0300 0148 Number of processors: 2
11:41:39.0300 0148 Page size: 0x1000
11:41:39.0300 0148 Boot type: Normal boot
11:41:39.0300 0148 ============================================================
11:41:40.0672 0148 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:41:40.0688 0148 Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:41:40.0688 0148 \Device\Harddisk0\DR0:
11:41:40.0688 0148 MBR used
11:41:40.0688 0148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1BE3C800
11:41:40.0688 0148 \Device\Harddisk1\DR1:
11:41:40.0688 0148 MBR used
11:41:40.0688 0148 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
11:41:40.0719 0148 Initialize success
11:41:40.0719 0148 ============================================================
11:41:44.0448 4036 ============================================================
11:41:44.0448 4036 Scan started
11:41:44.0448 4036 Mode: Manual;
11:41:44.0448 4036 ============================================================
11:41:45.0462 4036 .cdrom - ok
11:41:45.0633 4036 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
11:41:45.0633 4036 1394ohci - ok
11:41:45.0680 4036 3221 - ok
11:41:45.0727 4036 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
11:41:45.0727 4036 ACPI - ok
11:41:45.0774 4036 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
11:41:45.0774 4036 AcpiPmi - ok
11:41:45.0930 4036 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:45.0930 4036 AdobeARMservice - ok
11:41:46.0070 4036 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:41:46.0086 4036 adp94xx - ok
11:41:46.0101 4036 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:41:46.0101 4036 adpahci - ok
11:41:46.0132 4036 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:41:46.0164 4036 adpu320 - ok
11:41:46.0210 4036 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:41:46.0210 4036 AeLookupSvc - ok
11:41:46.0288 4036 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
11:41:46.0304 4036 AFD - ok
11:41:46.0351 4036 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
11:41:46.0351 4036 agp440 - ok
11:41:46.0429 4036 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:41:46.0429 4036 aic78xx - ok
11:41:46.0491 4036 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:41:46.0491 4036 ALG - ok
11:41:46.0569 4036 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
11:41:46.0569 4036 aliide - ok
11:41:46.0616 4036 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
11:41:46.0616 4036 amdagp - ok
11:41:46.0632 4036 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
11:41:46.0632 4036 amdide - ok
11:41:46.0678 4036 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:41:46.0678 4036 AmdK8 - ok
11:41:46.0694 4036 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:41:46.0694 4036 AmdPPM - ok
11:41:46.0741 4036 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
11:41:46.0741 4036 amdsata - ok
11:41:46.0788 4036 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:41:46.0788 4036 amdsbs - ok
11:41:46.0819 4036 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
11:41:46.0819 4036 amdxata - ok
11:41:46.0944 4036 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
11:41:47.0006 4036 AppID - ok
11:41:47.0068 4036 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:41:47.0068 4036 AppIDSvc - ok
11:41:47.0131 4036 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
11:41:47.0131 4036 Appinfo - ok
11:41:47.0193 4036 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:41:47.0193 4036 arc - ok
11:41:47.0224 4036 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:41:47.0224 4036 arcsas - ok
11:41:47.0349 4036 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:41:47.0380 4036 aspnet_state - ok
11:41:47.0458 4036 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
11:41:47.0458 4036 aswFsBlk - ok
11:41:47.0474 4036 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
11:41:47.0474 4036 aswMonFlt - ok
11:41:47.0505 4036 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
11:41:47.0505 4036 aswRdr - ok
11:41:47.0552 4036 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
11:41:47.0552 4036 aswSnx - ok
11:41:47.0599 4036 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
11:41:47.0599 4036 aswSP - ok
11:41:47.0630 4036 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
11:41:47.0630 4036 aswTdi - ok
11:41:47.0677 4036 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:47.0677 4036 AsyncMac - ok
11:41:47.0692 4036 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
11:41:47.0692 4036 atapi - ok
11:41:47.0786 4036 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
11:41:47.0817 4036 athr - ok
11:41:48.0004 4036 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:41:48.0004 4036 AudioEndpointBuilder - ok
11:41:48.0020 4036 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:41:48.0020 4036 Audiosrv - ok
11:41:48.0114 4036 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:41:48.0114 4036 avast! Antivirus - ok
11:41:48.0254 4036 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
11:41:48.0254 4036 AxInstSV - ok
11:41:48.0316 4036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:41:48.0316 4036 b06bdrv - ok
11:41:48.0379 4036 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:41:48.0379 4036 b57nd60x - ok
11:41:48.0441 4036 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:41:48.0441 4036 BDESVC - ok
11:41:48.0472 4036 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:41:48.0472 4036 Beep - ok
11:41:48.0535 4036 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
11:41:48.0550 4036 BITS - ok
11:41:48.0597 4036 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:48.0613 4036 blbdrive - ok
11:41:48.0660 4036 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
11:41:48.0660 4036 bowser - ok
11:41:48.0691 4036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:48.0691 4036 BrFiltLo - ok
11:41:48.0706 4036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:48.0706 4036 BrFiltUp - ok
11:41:48.0769 4036 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
11:41:48.0784 4036 Browser - ok
11:41:48.0831 4036 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:41:48.0847 4036 Brserid - ok
11:41:48.0847 4036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:48.0862 4036 BrSerWdm - ok
11:41:48.0862 4036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:48.0862 4036 BrUsbMdm - ok
11:41:48.0894 4036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:48.0894 4036 BrUsbSer - ok
11:41:48.0909 4036 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:41:48.0940 4036 BTHMODEM - ok
11:41:48.0987 4036 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:41:48.0987 4036 bthserv - ok
11:41:49.0050 4036 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:41:49.0050 4036 cdfs - ok
11:41:49.0112 4036 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:41:49.0112 4036 CertPropSvc - ok
11:41:49.0143 4036 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:41:49.0143 4036 circlass - ok
11:41:49.0206 4036 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:41:49.0206 4036 CLFS - ok
11:41:49.0284 4036 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:41:49.0284 4036 clr_optimization_v2.0.50727_32 - ok
11:41:49.0362 4036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:41:49.0362 4036 clr_optimization_v4.0.30319_32 - ok
11:41:49.0471 4036 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:41:49.0471 4036 CmBatt - ok
11:41:49.0502 4036 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
11:41:49.0502 4036 cmdide - ok
11:41:49.0549 4036 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
11:41:49.0549 4036 CNG - ok
11:41:49.0596 4036 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:41:49.0596 4036 Compbatt - ok
11:41:49.0627 4036 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:41:49.0627 4036 CompositeBus - ok
11:41:49.0658 4036 COMSysApp - ok
11:41:49.0689 4036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:41:49.0689 4036 crcdisk - ok
11:41:49.0752 4036 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
11:41:49.0752 4036 CronService - ok
11:41:49.0892 4036 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
11:41:49.0892 4036 CryptSvc - ok
11:41:49.0970 4036 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:41:49.0970 4036 DcomLaunch - ok
11:41:50.0017 4036 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:41:50.0017 4036 defragsvc - ok
11:41:50.0064 4036 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
11:41:50.0064 4036 DfsC - ok
11:41:50.0126 4036 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
11:41:50.0142 4036 Dhcp - ok
11:41:50.0188 4036 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:41:50.0188 4036 discache - ok
11:41:50.0235 4036 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:41:50.0235 4036 Disk - ok
11:41:50.0329 4036 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
11:41:50.0329 4036 Dnscache - ok
11:41:50.0547 4036 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
11:41:50.0547 4036 dot3svc - ok
11:41:50.0703 4036 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
11:41:50.0703 4036 DPS - ok
11:41:50.0953 4036 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:41:50.0953 4036 drmkaud - ok
11:41:51.0202 4036 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
11:41:51.0218 4036 DXGKrnl - ok
11:41:51.0312 4036 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:41:51.0327 4036 EapHost - ok
11:41:51.0468 4036 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:41:51.0561 4036 ebdrv - ok
11:41:51.0592 4036 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
11:41:51.0608 4036 EFS - ok
11:41:51.0686 4036 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
11:41:51.0686 4036 ehRecvr - ok
11:41:51.0717 4036 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:41:51.0733 4036 ehSched - ok
11:41:51.0826 4036 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:41:51.0826 4036 elxstor - ok
11:41:51.0951 4036 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
11:41:51.0951 4036 EPSON_EB_RPCV4_01 - ok
11:41:51.0967 4036 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
11:41:51.0967 4036 EPSON_PM_RPCV4_01 - ok
11:41:52.0263 4036 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
11:41:52.0263 4036 ErrDev - ok
11:41:52.0310 4036 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:41:52.0326 4036 EventSystem - ok
11:41:52.0357 4036 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:41:52.0357 4036 exfat - ok
11:41:52.0372 4036 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:41:52.0372 4036 fastfat - ok
11:41:52.0450 4036 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
11:41:52.0450 4036 Fax - ok
11:41:52.0482 4036 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:41:52.0497 4036 fdc - ok
11:41:52.0528 4036 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:41:52.0528 4036 fdPHost - ok
11:41:52.0544 4036 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:41:52.0560 4036 FDResPub - ok
11:41:52.0575 4036 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:41:52.0575 4036 FileInfo - ok
11:41:52.0591 4036 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:41:52.0606 4036 Filetrace - ok
11:41:52.0638 4036 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:41:52.0638 4036 flpydisk - ok
11:41:52.0684 4036 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:41:52.0700 4036 FltMgr - ok
11:41:52.0731 4036 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
11:41:52.0762 4036 FontCache - ok
11:41:52.0887 4036 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:41:52.0887 4036 FontCache3.0.0.0 - ok
11:41:52.0981 4036 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:41:52.0981 4036 FsDepends - ok
11:41:52.0996 4036 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:41:52.0996 4036 Fs_Rec - ok
11:41:53.0043 4036 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
11:41:53.0043 4036 fvevol - ok
11:41:53.0090 4036 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:41:53.0090 4036 gagp30kx - ok
11:41:53.0168 4036 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
11:41:53.0168 4036 getPlusHelper - ok
11:41:53.0246 4036 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
11:41:53.0246 4036 gpsvc - ok
11:41:53.0308 4036 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:41:53.0308 4036 hcw85cir - ok
11:41:53.0371 4036 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
11:41:53.0386 4036 HdAudAddService - ok
11:41:53.0511 4036 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:41:53.0511 4036 HDAudBus - ok
11:41:53.0542 4036 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:41:53.0542 4036 HidBatt - ok
11:41:53.0574 4036 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:41:53.0574 4036 HidBth - ok
11:41:53.0652 4036 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:41:53.0667 4036 HidIr - ok
11:41:53.0761 4036 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:41:53.0761 4036 hidserv - ok
11:41:54.0026 4036 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
11:41:54.0042 4036 HidUsb - ok
11:41:54.0198 4036 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
11:41:54.0198 4036 hkmsvc - ok
11:41:54.0291 4036 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
11:41:54.0291 4036 HomeGroupListener - ok
11:41:54.0385 4036 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
11:41:54.0400 4036 HomeGroupProvider - ok
11:41:54.0588 4036 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:41:54.0588 4036 HpSAMD - ok
11:41:54.0900 4036 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
11:41:54.0900 4036 HTTP - ok
11:41:55.0165 4036 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
11:41:55.0165 4036 hwpolicy - ok
11:41:55.0461 4036 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:41:55.0461 4036 i8042prt - ok
11:41:55.0789 4036 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
11:41:55.0804 4036 iaStorV - ok
11:41:56.0179 4036 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:41:56.0319 4036 idsvc - ok
11:41:56.0740 4036 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:41:56.0943 4036 igfx - ok
11:41:57.0084 4036 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:41:57.0084 4036 iirsp - ok
11:41:57.0162 4036 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
11:41:57.0193 4036 IKEEXT - ok
11:41:57.0520 4036 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
11:41:57.0536 4036 intelide - ok
11:41:57.0614 4036 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:41:57.0614 4036 intelppm - ok
11:41:57.0692 4036 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:41:57.0692 4036 IPBusEnum - ok
11:41:57.0770 4036 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:41:57.0770 4036 IpFilterDriver - ok
11:41:57.0801 4036 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:41:57.0801 4036 IPMIDRV - ok
11:41:57.0817 4036 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:41:57.0817 4036 IPNAT - ok
11:41:57.0848 4036 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:41:57.0848 4036 IRENUM - ok
11:41:57.0895 4036 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
11:41:57.0895 4036 isapnp - ok
11:41:57.0942 4036 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
11:41:57.0942 4036 iScsiPrt - ok
11:41:57.0988 4036 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
11:41:57.0988 4036 ivusb - ok
11:41:58.0066 4036 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
11:41:58.0066 4036 k57nd60x - ok
11:41:58.0176 4036 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:41:58.0176 4036 kbdclass - ok
11:41:58.0207 4036 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
11:41:58.0207 4036 kbdhid - ok
11:41:58.0254 4036 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
11:41:58.0254 4036 KeyIso - ok
11:41:58.0300 4036 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
11:41:58.0300 4036 KSecDD - ok
11:41:58.0347 4036 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
11:41:58.0347 4036 KSecPkg - ok
11:41:58.0410 4036 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:41:58.0425 4036 KtmRm - ok
11:41:58.0472 4036 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
11:41:58.0488 4036 LanmanServer - ok
11:41:58.0550 4036 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
11:41:58.0550 4036 LanmanWorkstation - ok
11:41:58.0644 4036 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:41:58.0659 4036 lltdio - ok
11:41:58.0706 4036 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:41:58.0706 4036 lltdsvc - ok
11:41:58.0753 4036 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:41:58.0768 4036 lmhosts - ok
11:41:58.0831 4036 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:41:58.0831 4036 LSI_FC - ok
11:41:58.0878 4036 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:41:58.0878 4036 LSI_SAS - ok
11:41:58.0940 4036 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:41:58.0971 4036 LSI_SAS2 - ok
11:41:59.0190 4036 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:41:59.0190 4036 LSI_SCSI - ok
11:41:59.0424 4036 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:41:59.0424 4036 luafv - ok
11:41:59.0626 4036 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
11:41:59.0626 4036 Mcx2Svc - ok
11:41:59.0938 4036 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:41:59.0954 4036 megasas - ok
11:42:00.0266 4036 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:42:00.0266 4036 MegaSR - ok
11:42:00.0422 4036 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:42:00.0438 4036 MMCSS - ok
11:42:00.0516 4036 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:42:00.0516 4036 Modem - ok
11:42:00.0547 4036 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:42:00.0547 4036 monitor - ok
11:42:00.0578 4036 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:42:00.0578 4036 mouclass - ok
11:42:00.0718 4036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:42:00.0718 4036 mouhid - ok
11:42:00.0796 4036 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
11:42:00.0812 4036 mountmgr - ok
11:42:00.0859 4036 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
11:42:00.0859 4036 mpio - ok
11:42:00.0921 4036 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:42:00.0937 4036 mpsdrv - ok
11:42:00.0984 4036 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
11:42:00.0999 4036 MRxDAV - ok
11:42:01.0046 4036 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:01.0062 4036 mrxsmb - ok
11:42:01.0093 4036 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:01.0093 4036 mrxsmb10 - ok
11:42:01.0108 4036 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:01.0108 4036 mrxsmb20 - ok
11:42:01.0155 4036 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
11:42:01.0155 4036 msahci - ok
11:42:01.0342 4036 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
11:42:01.0358 4036 msdsm - ok
11:42:01.0436 4036 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:42:01.0452 4036 MSDTC - ok
11:42:01.0670 4036 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:42:01.0670 4036 Msfs - ok
11:42:01.0717 4036 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:42:01.0717 4036 mshidkmdf - ok
11:42:01.0764 4036 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
11:42:01.0764 4036 msisadrv - ok
11:42:01.0826 4036 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:42:01.0826 4036 MSiSCSI - ok
11:42:01.0857 4036 msiserver - ok
11:42:01.0935 4036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:42:01.0935 4036 MSKSSRV - ok
11:42:01.0966 4036 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:01.0966 4036 MSPCLOCK - ok
11:42:02.0029 4036 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:42:02.0029 4036 MSPQM - ok
11:42:02.0044 4036 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:42:02.0060 4036 MsRPC - ok
11:42:02.0076 4036 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
11:42:02.0076 4036 mssmbios - ok
11:42:02.0122 4036 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:42:02.0122 4036 MSTEE - ok
11:42:02.0138 4036 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:42:02.0138 4036 MTConfig - ok
11:42:02.0185 4036 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:42:02.0185 4036 Mup - ok
11:42:02.0247 4036 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
11:42:02.0247 4036 napagent - ok
11:42:02.0325 4036 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:42:02.0341 4036 NativeWifiP - ok
11:42:02.0512 4036 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
11:42:02.0544 4036 NDIS - ok
11:42:02.0793 4036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:02.0793 4036 NdisCap - ok
11:42:02.0840 4036 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:02.0840 4036 NdisTapi - ok
11:42:02.0902 4036 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:02.0902 4036 Ndisuio - ok
11:42:02.0934 4036 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:02.0934 4036 NdisWan - ok
11:42:02.0949 4036 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
11:42:02.0949 4036 NDProxy - ok
11:42:02.0980 4036 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:42:02.0980 4036 NetBIOS - ok
11:42:03.0027 4036 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
11:42:03.0027 4036 NetBT - ok
11:42:03.0058 4036 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
11:42:03.0074 4036 Netlogon - ok
11:42:03.0136 4036 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:42:03.0152 4036 Netman - ok
11:42:03.0261 4036 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:42:03.0277 4036 NetMsmqActivator - ok
11:42:03.0277 4036 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:42:03.0277 4036 NetPipeActivator - ok
11:42:03.0417 4036 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:42:03.0433 4036 netprofm - ok
11:42:03.0542 4036 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:42:03.0542 4036 NetTcpActivator - ok
11:42:03.0542 4036 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:42:03.0542 4036 NetTcpPortSharing - ok
11:42:03.0651 4036 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:42:03.0651 4036 nfrd960 - ok
11:42:03.0698 4036 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
11:42:03.0714 4036 NlaSvc - ok
11:42:03.0729 4036 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:42:03.0729 4036 Npfs - ok
11:42:03.0760 4036 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:42:03.0776 4036 nsi - ok
11:42:03.0792 4036 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:42:03.0792 4036 nsiproxy - ok
11:42:03.0854 4036 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
11:42:03.0885 4036 Ntfs - ok
11:42:03.0901 4036 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:42:03.0901 4036 Null - ok
11:42:03.0932 4036 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
11:42:03.0932 4036 nvraid - ok
11:42:03.0994 4036 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
11:42:03.0994 4036 nvstor - ok
11:42:04.0010 4036 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
11:42:04.0010 4036 nv_agp - ok
11:42:04.0119 4036 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:42:04.0135 4036 odserv - ok
11:42:04.0166 4036 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
11:42:04.0166 4036 ohci1394 - ok
11:42:04.0260 4036 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:42:04.0260 4036 ose - ok
11:42:04.0353 4036 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:42:04.0369 4036 p2pimsvc - ok
11:42:04.0416 4036 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:42:04.0431 4036 p2psvc - ok
11:42:04.0494 4036 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:42:04.0494 4036 Parport - ok
11:42:04.0540 4036 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
11:42:04.0540 4036 partmgr - ok
11:42:04.0572 4036 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:42:04.0572 4036 Parvdm - ok
11:42:04.0618 4036 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:42:04.0634 4036 PcaSvc - ok
11:42:04.0681 4036 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
11:42:04.0681 4036 pci - ok
11:42:04.0712 4036 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
11:42:04.0712 4036 pciide - ok
11:42:04.0743 4036 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:42:04.0743 4036 pcmcia - ok
11:42:04.0790 4036 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:42:04.0790 4036 pcw - ok
11:42:04.0821 4036 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:42:04.0837 4036 PEAUTH - ok
11:42:04.0930 4036 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
11:42:04.0977 4036 pla - ok
11:42:05.0086 4036 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
11:42:05.0102 4036 PlugPlay - ok
11:42:05.0118 4036 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:42:05.0133 4036 PNRPAutoReg - ok
11:42:05.0149 4036 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:42:05.0164 4036 PNRPsvc - ok
11:42:05.0211 4036 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
11:42:05.0227 4036 PolicyAgent - ok
11:42:05.0274 4036 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
11:42:05.0274 4036 Power - ok
11:42:05.0352 4036 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:42:05.0352 4036 PptpMiniport - ok
11:42:05.0398 4036 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:42:05.0398 4036 Processor - ok
11:42:05.0445 4036 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
11:42:05.0461 4036 ProfSvc - ok
11:42:05.0492 4036 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
11:42:05.0492 4036 ProtectedStorage - ok
11:42:05.0554 4036 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:42:05.0570 4036 Psched - ok
11:42:05.0586 4036 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
11:42:05.0601 4036 PSI - ok
11:42:05.0664 4036 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:42:05.0695 4036 ql2300 - ok
11:42:05.0788 4036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:42:05.0788 4036 ql40xx - ok
11:42:05.0851 4036 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:42:05.0866 4036 QWAVE - ok
11:42:05.0882 4036 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:42:05.0882 4036 QWAVEdrv - ok
11:42:05.0913 4036 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:42:05.0913 4036 RasAcd - ok
11:42:05.0960 4036 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:05.0960 4036 RasAgileVpn - ok
11:42:05.0991 4036 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:42:06.0007 4036 RasAuto - ok
11:42:06.0038 4036 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:06.0054 4036 Rasl2tp - ok
11:42:06.0116 4036 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
11:42:06.0116 4036 RasMan - ok
11:42:06.0225 4036 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:06.0225 4036 RasPppoe - ok
11:42:06.0256 4036 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:42:06.0256 4036 RasSstp - ok
11:42:06.0272 4036 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
11:42:06.0272 4036 rdbss - ok
11:42:06.0303 4036 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:42:06.0303 4036 rdpbus - ok
11:42:06.0350 4036 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:06.0350 4036 RDPCDD - ok
11:42:06.0428 4036 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:42:06.0428 4036 RDPENCDD - ok
11:42:06.0490 4036 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:42:06.0506 4036 RDPREFMP - ok
11:42:06.0553 4036 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
11:42:06.0553 4036 RDPWD - ok
11:42:06.0615 4036 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
11:42:06.0615 4036 rdyboost - ok
11:42:06.0693 4036 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:42:06.0693 4036 RemoteAccess - ok
11:42:06.0740 4036 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:42:06.0756 4036 RemoteRegistry - ok
11:42:06.0787 4036 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:42:06.0802 4036 RpcEptMapper - ok
11:42:06.0865 4036 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:42:06.0865 4036 RpcLocator - ok
11:42:06.0927 4036 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:42:06.0927 4036 RpcSs - ok
11:42:07.0005 4036 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:42:07.0005 4036 rspndr - ok
11:42:07.0036 4036 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
11:42:07.0036 4036 SamSs - ok
11:42:07.0099 4036 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
11:42:07.0114 4036 sbp2port - ok
11:42:07.0224 4036 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:42:07.0255 4036 SBSDWSCService - ok
11:42:07.0364 4036 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:42:07.0380 4036 SCardSvr - ok
11:42:07.0458 4036 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
11:42:07.0458 4036 scfilter - ok
11:42:07.0504 4036 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
11:42:07.0536 4036 Schedule - ok
11:42:07.0582 4036 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:42:07.0582 4036 SCPolicySvc - ok
11:42:07.0629 4036 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
11:42:07.0629 4036 SDRSVC - ok
11:42:07.0707 4036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:42:07.0738 4036 secdrv - ok
11:42:07.0754 4036 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:42:07.0770 4036 seclogon - ok
11:42:07.0894 4036 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
11:42:07.0910 4036 Secunia PSI Agent - ok
11:42:07.0926 4036 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
11:42:07.0926 4036 Secunia Update Agent - ok
11:42:08.0066 4036 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:42:08.0066 4036 SENS - ok
11:42:08.0128 4036 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:42:08.0128 4036 SensrSvc - ok
11:42:08.0191 4036 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:42:08.0191 4036 Serenum - ok
11:42:08.0238 4036 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:42:08.0238 4036 Serial - ok
11:42:08.0253 4036 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:42:08.0253 4036 sermouse - ok
11:42:08.0347 4036 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
11:42:08.0347 4036 SessionEnv - ok
11:42:08.0362 4036 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:42:08.0362 4036 sffdisk - ok
11:42:08.0378 4036 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:42:08.0378 4036 sffp_mmc - ok
11:42:08.0409 4036 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:42:08.0409 4036 sffp_sd - ok
11:42:08.0425 4036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:42:08.0425 4036 sfloppy - ok
11:42:08.0472 4036 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:42:08.0487 4036 SharedAccess - ok
11:42:08.0534 4036 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
11:42:08.0550 4036 ShellHWDetection - ok
11:42:08.0565 4036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
11:42:08.0596 4036 sisagp - ok
11:42:08.0721 4036 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:42:08.0721 4036 SiSRaid2 - ok
11:42:08.0752 4036 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:42:08.0752 4036 SiSRaid4 - ok
11:42:08.0830 4036 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:42:08.0846 4036 Smb - ok
11:42:08.0955 4036 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:42:08.0955 4036 SNMPTRAP - ok
11:42:09.0111 4036 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
11:42:09.0158 4036 SNP2UVC - ok
11:42:09.0314 4036 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:42:09.0314 4036 spldr - ok
11:42:09.0376 4036 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
11:42:09.0376 4036 Spooler - ok
11:42:09.0486 4036 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
11:42:09.0579 4036 sppsvc - ok
11:42:09.0595 4036 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
11:42:09.0595 4036 sppuinotify - ok
11:42:09.0657 4036 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
11:42:09.0657 4036 srv - ok
11:42:09.0688 4036 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
11:42:09.0688 4036 srv2 - ok
11:42:09.0751 4036 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:42:09.0751 4036 SrvHsfHDA - ok
11:42:09.0798 4036 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:42:09.0844 4036 SrvHsfV92 - ok
11:42:09.0876 4036 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:42:09.0907 4036 SrvHsfWinac - ok
11:42:09.0954 4036 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
11:42:09.0954 4036 srvnet - ok
11:42:10.0000 4036 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:42:10.0016 4036 SSDPSRV - ok
11:42:10.0047 4036 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:42:10.0063 4036 SstpSvc - ok
11:42:10.0110 4036 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:42:10.0110 4036 stexstor - ok
11:42:10.0188 4036 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
11:42:10.0203 4036 StiSvc - ok
11:42:10.0281 4036 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
11:42:10.0281 4036 swenum - ok
11:42:10.0328 4036 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:42:10.0344 4036 swprv - ok
11:42:10.0406 4036 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
11:42:10.0453 4036 SysMain - ok
11:42:10.0500 4036 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
11:42:10.0500 4036 TabletInputService - ok
11:42:10.0734 4036 TabletServicePen (c9d5fa17200768ef92538f1f95735a2e) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
11:42:10.0858 4036 TabletServicePen - ok
11:42:10.0968 4036 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
11:42:10.0983 4036 TapiSrv - ok
11:42:11.0030 4036 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:42:11.0030 4036 TBS - ok
11:42:11.0124 4036 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
11:42:11.0155 4036 Tcpip - ok
11:42:11.0217 4036 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
11:42:11.0233 4036 TCPIP6 - ok
11:42:11.0280 4036 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
11:42:11.0280 4036 tcpipreg - ok
11:42:11.0342 4036 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
11:42:11.0342 4036 TDPIPE - ok
11:42:11.0373 4036 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
11:42:11.0373 4036 TDTCP - ok
11:42:11.0389 4036 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
11:42:11.0389 4036 tdx - ok
11:42:11.0420 4036 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
11:42:11.0420 4036 TermDD - ok
11:42:11.0482 4036 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
11:42:11.0498 4036 TermService - ok
11:42:11.0529 4036 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:42:11.0529 4036 Themes - ok
11:42:11.0576 4036 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:42:11.0576 4036 THREADORDER - ok
11:42:11.0701 4036 TouchServicePen (8d83c60de67c2db212452d8ebe7ca196) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
11:42:11.0701 4036 TouchServicePen - ok
11:42:11.0826 4036 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:42:11.0826 4036 TrkWks - ok
11:42:11.0904 4036 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
11:42:11.0919 4036 TrustedInstaller - ok
11:42:11.0982 4036 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:11.0982 4036 tssecsrv - ok
11:42:12.0013 4036 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:42:12.0028 4036 TsUsbFlt - ok
11:42:12.0169 4036 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
11:42:12.0169 4036 tunnel - ok
11:42:12.0216 4036 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:42:12.0216 4036 uagp35 - ok
11:42:12.0278 4036 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
11:42:12.0278 4036 udfs - ok
11:42:12.0340 4036 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:42:12.0340 4036 UI0Detect - ok
11:42:12.0418 4036 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:42:12.0434 4036 uliagpkx - ok
11:42:12.0528 4036 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
11:42:12.0528 4036 umbus - ok
11:42:12.0606 4036 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:42:12.0621 4036 UmPass - ok
11:42:12.0699 4036 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:42:12.0699 4036 upnphost - ok
11:42:12.0824 4036 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:12.0871 4036 usbccgp - ok
11:42:13.0167 4036 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
11:42:13.0167 4036 usbcir - ok
11:42:13.0214 4036 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
11:42:13.0230 4036 usbehci - ok
11:42:13.0308 4036 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
11:42:13.0308 4036 usbhub - ok
11:42:13.0370 4036 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
11:42:13.0370 4036 usbohci - ok
11:42:13.0464 4036 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:42:13.0464 4036 usbprint - ok
11:42:13.0557 4036 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:42:13.0557 4036 usbscan - ok
11:42:13.0620 4036 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:13.0620 4036 USBSTOR - ok
11:42:13.0666 4036 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
11:42:13.0666 4036 usbuhci - ok
11:42:13.0729 4036 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:42:13.0729 4036 UxSms - ok
11:42:13.0791 4036 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
11:42:13.0791 4036 VaultSvc - ok
11:42:13.0869 4036 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:42:13.0869 4036 vdrvroot - ok
11:42:13.0916 4036 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
11:42:13.0947 4036 vds - ok
11:42:14.0010 4036 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:14.0010 4036 vga - ok
11:42:14.0041 4036 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:42:14.0056 4036 VgaSave - ok
11:42:14.0088 4036 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
11:42:14.0088 4036 vhdmp - ok
11:42:14.0119 4036 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
11:42:14.0134 4036 viaagp - ok
11:42:14.0150 4036 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:42:14.0150 4036 ViaC7 - ok
11:42:14.0181 4036 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
11:42:14.0181 4036 viaide - ok
11:42:14.0212 4036 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
11:42:14.0212 4036 volmgr - ok
11:42:14.0228 4036 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:42:14.0244 4036 volmgrx - ok
11:42:14.0259 4036 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
11:42:14.0275 4036 volsnap - ok
11:42:14.0337 4036 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:42:14.0337 4036 vsmraid - ok
11:42:14.0415 4036 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
11:42:14.0446 4036 VSS - ok
11:42:14.0478 4036 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:14.0478 4036 vwifibus - ok
11:42:14.0524 4036 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:14.0524 4036 vwififlt - ok
11:42:14.0571 4036 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:42:14.0587 4036 W32Time - ok
11:42:14.0665 4036 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
11:42:14.0665 4036 wacmoumonitor - ok
11:42:14.0727 4036 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:42:14.0743 4036 WacomPen - ok
11:42:14.0790 4036 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:42:14.0790 4036 WANARP - ok
11:42:14.0805 4036 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:42:14.0805 4036 Wanarpv6 - ok
11:42:14.0883 4036 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:14.0930 4036 WatAdminSvc - ok
11:42:15.0008 4036 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
11:42:15.0039 4036 wbengine - ok
11:42:15.0070 4036 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:42:15.0070 4036 WbioSrvc - ok
11:42:15.0117 4036 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
11:42:15.0133 4036 wcncsvc - ok
11:42:15.0180 4036 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:42:15.0180 4036 WcsPlugInService - ok
11:42:15.0242 4036 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:42:15.0242 4036 Wd - ok
11:42:15.0289 4036 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:42:15.0289 4036 Wdf01000 - ok
11:42:15.0336 4036 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:42:15.0351 4036 WdiServiceHost - ok
11:42:15.0351 4036 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:42:15.0367 4036 WdiSystemHost - ok
11:42:15.0398 4036 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
11:42:15.0414 4036 WebClient - ok
11:42:15.0429 4036 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:42:15.0445 4036 Wecsvc - ok
11:42:15.0476 4036 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:42:15.0476 4036 wercplsupport - ok
11:42:15.0538 4036 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:42:15.0538 4036 WerSvc - ok
11:42:15.0632 4036 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:15.0632 4036 WfpLwf - ok
11:42:15.0663 4036 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:42:15.0663 4036 WIMMount - ok
11:42:15.0663 4036 WinHttpAutoProxySvc - ok
11:42:15.0741 4036 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:42:15.0741 4036 Winmgmt - ok
11:42:15.0804 4036 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
11:42:15.0897 4036 WinRM - ok
11:42:15.0944 4036 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:42:15.0975 4036 Wlansvc - ok
11:42:16.0053 4036 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:42:16.0053 4036 WmiAcpi - ok
11:42:16.0131 4036 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:42:16.0131 4036 wmiApSrv - ok
11:42:16.0272 4036 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:42:16.0318 4036 WMPNetworkSvc - ok
11:42:16.0412 4036 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:42:16.0428 4036 WPCSvc - ok
11:42:16.0459 4036 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
11:42:16.0474 4036 WPDBusEnum - ok
11:42:16.0521 4036 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:42:16.0521 4036 ws2ifsl - ok
11:42:16.0537 4036 WSearch - ok
11:42:16.0630 4036 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
11:42:16.0693 4036 wuauserv - ok
11:42:16.0724 4036 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
11:42:16.0724 4036 WudfPf - ok
11:42:16.0786 4036 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:16.0786 4036 WUDFRd - ok
11:42:16.0833 4036 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
11:42:16.0849 4036 wudfsvc - ok
11:42:16.0880 4036 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:42:16.0896 4036 WwanSvc - ok
11:42:16.0942 4036 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:42:17.0005 4036 \Device\Harddisk0\DR0 - ok
11:42:17.0005 4036 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:42:17.0005 4036 \Device\Harddisk1\DR1 - ok
11:42:17.0020 4036 Boot (0x1200) (353c4f3387e0754fe3e2df8f09ec848d) \Device\Harddisk0\DR0\Partition0
11:42:17.0020 4036 \Device\Harddisk0\DR0\Partition0 - ok
11:42:17.0036 4036 Boot (0x1200) (a7106874b60651c8cc614401ab3049ce) \Device\Harddisk1\DR1\Partition0
11:42:17.0036 4036 \Device\Harddisk1\DR1\Partition0 - ok
11:42:17.0036 4036 ============================================================
11:42:17.0036 4036 Scan finished
11:42:17.0036 4036 ============================================================
11:42:17.0052 1040 Detected object count: 0
11:42:17.0052 1040 Actual detected object count: 0


And this is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 11:46:26
-----------------------------
11:46:26.371 OS Version: Windows 6.1.7600
11:46:26.371 Number of processors: 2 586 0x170A
11:46:26.371 ComputerName: DRIFTER-PC UserName: Drifter
11:46:27.151 Initialize success
11:46:27.541 AVAST engine defs: 12040301
11:47:05.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:47:05.527 Disk 0 Vendor: ST9320325AS 0001SDM1 Size: 305245MB BusType: 11
11:47:05.574 Disk 0 MBR read successfully
11:47:05.590 Disk 0 MBR scan
11:47:05.590 Disk 0 Windows 7 default MBR code
11:47:05.605 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
11:47:05.621 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228473 MB offset 20482048
11:47:05.621 Disk 0 scanning sectors +488394752
11:47:05.699 Disk 0 scanning C:\Windows\system32\drivers
11:47:14.903 Service scanning
11:47:15.823 Service .cdrom \? **LOCKED** 123
11:47:35.433 Modules scanning
11:47:45.791 Disk 0 trace - called modules:
11:47:46.415 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
11:47:46.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86536030]
11:47:46.431 3 CLASSPNP.SYS[8b57759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86056030]
11:47:47.164 AVAST engine scan C:\Windows
11:47:49.613 AVAST engine scan C:\Windows\system32
11:50:24.490 AVAST engine scan C:\Windows\system32\drivers
11:50:35.472 AVAST engine scan C:\Users\Drifter
12:02:27.349 AVAST engine scan C:\ProgramData
12:02:28.753 File: C:\ProgramData\Alwil Software\Avast5\arpot\TEMP\11cffb-114c-1.dat **INFECTED** Win32:Alureon-ASA [Rtk]
12:03:11.465 Scan finished successfully
12:47:41.314 Disk 0 MBR has been saved successfully to "C:\Users\Drifter\Downloads\MBR.dat"
12:47:41.323 The log file has been saved successfully to "C:\Users\Drifter\Downloads\aswMBR.txt"


And Ive attached the Zip file containg the MBR log

Attached Files

  • Attached File  MBR.zip   555bytes   0 downloads

Edited by DrifterUK, 03 April 2012 - 03:04 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 04 April 2012 - 08:26 AM

Would reinstalling the ones that are still missing put them back in the Start Menu?

Yes I would think so.
Right click on the .exe file and see what options you have. You may be able to just create a deskop icon or attach it to the start bar.


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 05 April 2012 - 03:39 PM

Ok heres the log from Combofix

ComboFix 12-04-05.06 - Drifter 04/05/2012 12:43:12.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3001.2159 [GMT -7:00]
Running from: c:\users\Drifter\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Drifter\AppData\Roaming\Haox
c:\users\Drifter\AppData\Roaming\Haox\vyta.bul
c:\users\Drifter\AppData\Roaming\Haox\vyta.tmp
c:\windows\$NtUninstallKB14933$
c:\windows\$NtUninstallKB14933$\1025955841
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.cdrom
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-03-29 06:45 . 2012-03-29 06:45 -------- d-----w- c:\windows\PCHEALTH
2012-03-28 17:29 . 2012-03-28 17:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 04:11 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D125961-275A-4E05-B9B0-100F435BFA42}\mpengine.dll
2012-03-15 00:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 00:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:31 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:31 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:31 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 09:31 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 09:31 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 09:31 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 09:31 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:31 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:31 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:31 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:31 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:31 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 19:59 . 2011-08-16 10:41 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-03-04 01:42 . 2012-03-04 01:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-04 01:42 . 2012-03-04 01:42 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-04 01:42 . 2012-03-04 01:42 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-04 01:42 . 2012-03-04 01:42 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-04 01:42 . 2012-03-04 01:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-04 01:42 . 2012-03-04 01:42 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-04 01:42 . 2012-03-04 01:42 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-04 01:42 . 2012-03-04 01:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-04 01:42 . 2012-03-04 01:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-04 01:42 . 2012-03-04 01:42 367104 ----a-w- c:\windows\system32\html.iec
2012-03-04 01:42 . 2012-03-04 01:42 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-04 01:42 . 2012-03-04 01:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-04 01:42 . 2012-03-04 01:42 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-04 01:42 . 2012-03-04 01:42 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-04 01:42 . 2012-03-04 01:42 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-04 01:42 . 2012-03-04 01:42 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-04 01:42 . 2012-03-04 01:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-04 01:42 . 2012-03-04 01:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-04 01:42 . 2012-03-04 01:42 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-04 01:42 . 2012-03-04 01:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-04 01:42 . 2012-03-04 01:42 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 09:18 . 2010-07-05 13:41 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-25 13:13 . 2011-05-23 15:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-09-27 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Drifter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.4435169809071057.exe.lnk]
path=c:\users\Drifter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4435169809071057.exe.lnk
backup=c:\windows\pss\0.4435169809071057.exe.lnk.Startup
backupExtension=.Startup
.
R2 3221;3221;c:\windows\TEMP\3221.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Drifter\AppData\Roaming\Mozilla\Firefox\Profiles\esnen9a0.default\
FF - prefs.js: browser.startup.homepage - hxxp://drifteruk.deviantart.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\00\0b\15\0e\08"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1672)
c:\windows\System32\SyncCenter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\taskhost.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\conhost.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2012-04-05 13:12:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 20:12
.
Pre-Run: 188,304,109,568 bytes free
Post-Run: 188,056,883,200 bytes free
.
- - End Of File - - 7CCA1733AB187A6BC03258701995C231


And the log from Security check

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````


Im not really experiencing any problems beyond knowing my machine had a rootkit on it.

That said, now Ive run combofix, a lot of my default startup programs, including Avast, Windows Live Messenger, etc, now seem to be missing from the initial startup and require manual starting afterwards. Is this normal?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 06 April 2012 - 07:52 AM

That said, now Ive run combofix, a lot of my default startup programs, including Avast, Windows Live Messenger, etc, now seem to be missing from the initial startup and require manual starting afterwards. Is this normal?


If you restart the computer normally does this problem still persists?

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26


===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please keep me posted.

#7 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 06 April 2012 - 12:52 PM

If you restart the computer normally does this problem still persists?


Yep, they seem to be missing from the list of start up programs completely.

Ive now installed the new flash player, adobe reader and the latest Java.


This morning my email sent out a spam message to most people on my contacts list (which thankfully isnt many), and Im guessing that was probably caused by the Trojan getting my email details. Ive changed my password, and as far as I can tell, it hasnt happened since. Is there anything else I should do about that?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 07 April 2012 - 07:31 AM

Some of the folders were removed by the infection. Since ComboFix could not restore them your only option is to run on the proper tool to fix some of the standard files.


Download this .exe file to your desktop and run it.
Windows 7 32-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe

Download this .exe file to your desktop and run it.
Windows 7 64-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe
===

This morning my email sent out a spam message to most people on my contacts list (which thankfully isnt many), and Im guessing that was probably caused by the Trojan getting my email details. Ive changed my password, and as far as I can tell, it hasnt happened since. Is there anything else I should do about that?

If this continue get a new e-Mail address. Tell you contact to use this new e-mail and to confirm. When all have confirmed cancel you old e-mail.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#9 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 07 April 2012 - 12:11 PM

Ill keep an eye on my email, but its been at least 24 hours so far and it hasnt happened since. Im still missing a few things from my start menu/start up lists, but I found a couple of good guides on how to manually add and remove programs from both, so it should be fairly easy to fix

Thankyou so much for all your help. Is there anyway I can make a donation either to yourself or the site as a way of saying thanks?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 07 April 2012 - 12:38 PM

My services are free. Give to the Charity of your choice.

Thanks.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 13 April 2012 - 09:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users