Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(file missing) on HijackThis log, how do I remove it?


  • This topic is locked This topic is locked
8 replies to this topic

#1 lohies

lohies

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 31 March 2012 - 12:27 PM

I am unable to run a GMER scan as it crashes everytime I try. I would really appreciate any help, thank you.


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Gwen at 18:14:25 on 2012-03-31
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Gwen\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BCE07DE-96CC-43E9-86D4-82ADAD9C3A25} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A00E90D1-9634-4029-A903-A9DF525EEB3E} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gwen\appdata\roaming\mozilla\firefox\profiles\amlr54r9.default\
FF - plugin: c:\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeARMservice;Adobe Acrobat Update Service
R? AESTFilters;Andrea ST Filters Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
S? eamonm;eamonm
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? epfwwfpr;epfwwfpr
S? FontCache;Windows Font Cache Service
S? yksvc;Marvell Yukon Service
.
=============== Created Last 30 ================
.
2012-03-14 17:56:13 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:56:11 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 17:56:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 17:56:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 17:56:11 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:56:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 17:26:56 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 17:26:55 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
.
============= FINISH: 18:15:01.41 ===============

HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:34, on 31/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Gwen\Desktop\HijackThis.exe
C:\Users\Gwen\AppData\Local\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 2295 bytes

Attached Files


Edited by lohies, 31 March 2012 - 12:27 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 06 April 2012 - 10:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 lohies

lohies
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 09 April 2012 - 07:16 AM

Great! Thanks :)
TDSS log:

12:29:36.0128 2768 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
12:29:37.0157 2768 ============================================================
12:29:37.0157 2768 Current date / time: 2012/04/09 12:29:37.0157
12:29:37.0157 2768 SystemInfo:
12:29:37.0157 2768
12:29:37.0157 2768 OS Version: 6.0.6002 ServicePack: 2.0
12:29:37.0157 2768 Product type: Workstation
12:29:37.0157 2768 ComputerName: GWEN-PC
12:29:37.0157 2768 UserName: Gwen
12:29:37.0157 2768 Windows directory: C:\Windows
12:29:37.0157 2768 System windows directory: C:\Windows
12:29:37.0157 2768 Processor architecture: Intel x86
12:29:37.0157 2768 Number of processors: 1
12:29:37.0157 2768 Page size: 0x1000
12:29:37.0157 2768 Boot type: Normal boot
12:29:37.0157 2768 ============================================================
12:29:42.0539 2768 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:29:42.0664 2768 \Device\Harddisk0\DR0:
12:29:42.0711 2768 MBR used
12:29:42.0711 2768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:29:42.0711 2768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0
12:29:42.0929 2768 Initialize success
12:29:42.0929 2768 ============================================================
12:29:49.0263 3232 ============================================================
12:29:49.0263 3232 Scan started
12:29:49.0263 3232 Mode: Manual;
12:29:49.0263 3232 ============================================================
12:29:57.0671 3232 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:29:57.0827 3232 ACPI - ok
12:29:58.0327 3232 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:58.0373 3232 AdobeARMservice - ok
12:29:58.0997 3232 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:29:59.0169 3232 adp94xx - ok
12:29:59.0949 3232 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:30:00.0105 3232 adpahci - ok
12:30:00.0838 3232 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:30:01.0072 3232 adpu160m - ok
12:30:01.0915 3232 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:30:02.0008 3232 adpu320 - ok
12:30:02.0601 3232 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:30:02.0632 3232 AeLookupSvc - ok
12:30:03.0350 3232 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
12:30:03.0365 3232 AESTFilters - ok
12:30:03.0693 3232 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:30:03.0724 3232 AFD - ok
12:30:04.0099 3232 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:30:04.0145 3232 agp440 - ok
12:30:04.0816 3232 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:30:05.0003 3232 aic78xx - ok
12:30:05.0471 3232 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:30:05.0487 3232 ALG - ok
12:30:06.0173 3232 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:30:06.0205 3232 aliide - ok
12:30:06.0875 3232 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:30:06.0907 3232 amdagp - ok
12:30:07.0499 3232 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:30:07.0515 3232 amdide - ok
12:30:08.0404 3232 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:30:08.0482 3232 AmdK7 - ok
12:30:09.0278 3232 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:30:09.0309 3232 AmdK8 - ok
12:30:10.0276 3232 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:30:10.0666 3232 ApfiltrService - ok
12:30:11.0774 3232 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:30:11.0789 3232 Appinfo - ok
12:30:12.0850 3232 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:30:12.0881 3232 arc - ok
12:30:13.0615 3232 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:30:13.0677 3232 arcsas - ok
12:30:14.0441 3232 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:14.0535 3232 AsyncMac - ok
12:30:15.0143 3232 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
12:30:15.0175 3232 atapi - ok
12:30:15.0689 3232 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:30:15.0877 3232 AudioEndpointBuilder - ok
12:30:16.0017 3232 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:30:16.0017 3232 Audiosrv - ok
12:30:16.0454 3232 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
12:30:16.0501 3232 BCM42RLY - ok
12:30:17.0561 3232 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:30:18.0170 3232 BCM43XX - ok
12:30:18.0653 3232 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:30:18.0716 3232 Beep - ok
12:30:19.0137 3232 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:30:19.0215 3232 BFE - ok
12:30:19.0886 3232 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
12:30:20.0291 3232 BITS - ok
12:30:20.0791 3232 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:30:20.0791 3232 blbdrive - ok
12:30:21.0118 3232 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:30:21.0149 3232 bowser - ok
12:30:21.0539 3232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:30:21.0571 3232 BrFiltLo - ok
12:30:22.0007 3232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:30:22.0023 3232 BrFiltUp - ok
12:30:22.0491 3232 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:30:22.0491 3232 Browser - ok
12:30:22.0741 3232 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:30:22.0772 3232 Brserid - ok
12:30:23.0162 3232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:30:23.0177 3232 BrSerWdm - ok
12:30:23.0240 3232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:30:23.0240 3232 BrUsbMdm - ok
12:30:23.0318 3232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:30:23.0333 3232 BrUsbSer - ok
12:30:23.0489 3232 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:30:23.0489 3232 BTHMODEM - ok
12:30:23.0630 3232 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:30:23.0645 3232 cdfs - ok
12:30:23.0864 3232 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:30:23.0926 3232 cdrom - ok
12:30:24.0301 3232 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:30:24.0332 3232 CertPropSvc - ok
12:30:24.0613 3232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:30:24.0613 3232 circlass - ok
12:30:24.0831 3232 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:30:24.0847 3232 CLFS - ok
12:30:25.0330 3232 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:25.0361 3232 clr_optimization_v2.0.50727_32 - ok
12:30:25.0642 3232 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:30:25.0642 3232 CmBatt - ok
12:30:25.0876 3232 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:30:25.0892 3232 cmdide - ok
12:30:26.0438 3232 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:30:26.0453 3232 Compbatt - ok
12:30:26.0703 3232 COMSysApp - ok
12:30:26.0984 3232 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:30:26.0999 3232 crcdisk - ok
12:30:27.0358 3232 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:30:27.0389 3232 Crusoe - ok
12:30:27.0686 3232 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
12:30:27.0717 3232 CryptSvc - ok
12:30:28.0263 3232 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:30:28.0279 3232 DcomLaunch - ok
12:30:28.0591 3232 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:30:28.0622 3232 DfsC - ok
12:30:29.0090 3232 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:30:29.0558 3232 DFSR - ok
12:30:29.0839 3232 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:30:29.0870 3232 Dhcp - ok
12:30:30.0104 3232 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:30:30.0104 3232 disk - ok
12:30:30.0213 3232 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:30:30.0229 3232 Dnscache - ok
12:30:30.0338 3232 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:30:30.0338 3232 dot3svc - ok
12:30:30.0509 3232 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:30:30.0665 3232 DPS - ok
12:30:31.0367 3232 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:30:31.0367 3232 drmkaud - ok
12:30:32.0038 3232 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
12:30:32.0101 3232 DXGKrnl - ok
12:30:32.0288 3232 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
12:30:32.0288 3232 e1express - ok
12:30:32.0303 3232 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:30:32.0319 3232 E1G60 - ok
12:30:32.0397 3232 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
12:30:32.0413 3232 eamonm - ok
12:30:32.0522 3232 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:30:32.0522 3232 EapHost - ok
12:30:32.0615 3232 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:30:32.0631 3232 Ecache - ok
12:30:32.0725 3232 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
12:30:32.0740 3232 ehdrv - ok
12:30:32.0834 3232 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:30:32.0834 3232 ehRecvr - ok
12:30:32.0912 3232 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:30:32.0927 3232 ehSched - ok
12:30:32.0943 3232 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:30:32.0959 3232 ehstart - ok
12:30:33.0395 3232 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:30:33.0661 3232 ekrn - ok
12:30:33.0988 3232 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:30:34.0019 3232 elxstor - ok
12:30:34.0129 3232 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:30:34.0253 3232 EMDMgmt - ok
12:30:34.0456 3232 epfwwfpr (f39c91795ebdb9ecbeb5a388ff2841fe) C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:30:34.0487 3232 epfwwfpr - ok
12:30:34.0597 3232 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:30:34.0597 3232 ErrDev - ok
12:30:34.0659 3232 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:30:34.0675 3232 EventSystem - ok
12:30:34.0846 3232 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:30:34.0862 3232 exfat - ok
12:30:35.0252 3232 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:30:35.0252 3232 fastfat - ok
12:30:35.0455 3232 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:30:35.0455 3232 fdc - ok
12:30:35.0533 3232 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:30:35.0564 3232 fdPHost - ok
12:30:36.0656 3232 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:30:36.0656 3232 FDResPub - ok
12:30:36.0781 3232 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:30:36.0781 3232 FileInfo - ok
12:30:36.0812 3232 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:30:36.0812 3232 Filetrace - ok
12:30:36.0874 3232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:30:36.0890 3232 flpydisk - ok
12:30:37.0093 3232 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:30:37.0108 3232 FltMgr - ok
12:30:37.0233 3232 FontCache (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
12:30:37.0280 3232 FontCache - ok
12:30:37.0373 3232 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:37.0373 3232 FontCache3.0.0.0 - ok
12:30:37.0529 3232 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:30:37.0529 3232 Fs_Rec - ok
12:30:37.0623 3232 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:30:37.0639 3232 gagp30kx - ok
12:30:37.0810 3232 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:30:37.0810 3232 GEARAspiWDM - ok
12:30:37.0873 3232 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:30:37.0904 3232 gpsvc - ok
12:30:38.0075 3232 gupdate - ok
12:30:38.0122 3232 gupdatem - ok
12:30:38.0325 3232 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:30:38.0341 3232 HDAudBus - ok
12:30:38.0621 3232 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:30:38.0637 3232 HidBth - ok
12:30:38.0949 3232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:30:38.0949 3232 HidIr - ok
12:30:39.0277 3232 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
12:30:39.0277 3232 hidserv - ok
12:30:39.0667 3232 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:39.0682 3232 HidUsb - ok
12:30:39.0854 3232 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:30:39.0885 3232 hkmsvc - ok
12:30:40.0306 3232 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:30:40.0306 3232 HpCISSs - ok
12:30:40.0493 3232 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:30:40.0556 3232 HTTP - ok
12:30:40.0868 3232 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:30:40.0868 3232 i2omp - ok
12:30:41.0039 3232 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:30:41.0071 3232 i8042prt - ok
12:30:41.0180 3232 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:30:41.0227 3232 IAANTMON - ok
12:30:41.0351 3232 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
12:30:41.0383 3232 iaStor - ok
12:30:41.0507 3232 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:30:41.0539 3232 iaStorV - ok
12:30:41.0835 3232 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:42.0038 3232 idsvc - ok
12:30:42.0693 3232 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:30:42.0927 3232 igfx - ok
12:30:43.0114 3232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:30:43.0130 3232 iirsp - ok
12:30:43.0270 3232 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:30:43.0270 3232 IKEEXT - ok
12:30:43.0442 3232 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:30:43.0598 3232 intelide - ok
12:30:43.0894 3232 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:30:43.0925 3232 intelppm - ok
12:30:44.0113 3232 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:30:44.0144 3232 IPBusEnum - ok
12:30:44.0284 3232 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:30:44.0284 3232 IpFilterDriver - ok
12:30:44.0393 3232 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:30:44.0409 3232 iphlpsvc - ok
12:30:44.0487 3232 IpInIp - ok
12:30:44.0534 3232 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:30:44.0534 3232 IPMIDRV - ok
12:30:44.0565 3232 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:30:44.0581 3232 IPNAT - ok
12:30:44.0783 3232 iPod Service (f055c1760abfa52b159985e551ea0edc) C:\Program Files\iPod\bin\iPodService.exe
12:30:44.0783 3232 iPod Service - ok
12:30:44.0893 3232 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:30:44.0893 3232 IRENUM - ok
12:30:44.0924 3232 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:30:44.0939 3232 isapnp - ok
12:30:45.0002 3232 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:30:45.0017 3232 iScsiPrt - ok
12:30:45.0298 3232 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:30:45.0298 3232 iteatapi - ok
12:30:45.0517 3232 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:30:45.0517 3232 iteraid - ok
12:30:45.0782 3232 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:30:45.0782 3232 kbdclass - ok
12:30:46.0109 3232 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:30:46.0109 3232 kbdhid - ok
12:30:46.0421 3232 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:30:46.0468 3232 KeyIso - ok
12:30:47.0404 3232 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:30:47.0950 3232 KSecDD - ok
12:30:48.0309 3232 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:30:48.0309 3232 KtmRm - ok
12:30:48.0683 3232 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
12:30:48.0730 3232 LanmanServer - ok
12:30:49.0183 3232 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:30:49.0229 3232 LanmanWorkstation - ok
12:30:49.0619 3232 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:30:49.0619 3232 lltdio - ok
12:30:49.0807 3232 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:30:49.0807 3232 lltdsvc - ok
12:30:49.0885 3232 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:30:49.0885 3232 lmhosts - ok
12:30:50.0181 3232 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:30:50.0181 3232 LSI_FC - ok
12:30:50.0306 3232 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:30:50.0321 3232 LSI_SAS - ok
12:30:50.0431 3232 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:30:50.0462 3232 LSI_SCSI - ok
12:30:50.0711 3232 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:30:50.0758 3232 luafv - ok
12:30:50.0961 3232 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:30:50.0977 3232 Mcx2Svc - ok
12:30:51.0242 3232 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:30:51.0257 3232 megasas - ok
12:30:51.0304 3232 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:30:51.0335 3232 MegaSR - ok
12:30:51.0429 3232 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:30:51.0445 3232 MMCSS - ok
12:30:51.0538 3232 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:30:51.0538 3232 Modem - ok
12:30:51.0741 3232 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:30:51.0757 3232 monitor - ok
12:30:51.0913 3232 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:30:51.0913 3232 mouclass - ok
12:30:52.0006 3232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:30:52.0006 3232 mouhid - ok
12:30:52.0115 3232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:30:52.0115 3232 MountMgr - ok
12:30:52.0209 3232 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:30:52.0209 3232 mpio - ok
12:30:52.0318 3232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:30:52.0318 3232 mpsdrv - ok
12:30:52.0381 3232 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:30:52.0412 3232 MpsSvc - ok
12:30:52.0552 3232 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:30:52.0568 3232 Mraid35x - ok
12:30:52.0630 3232 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:30:52.0630 3232 MRxDAV - ok
12:30:52.0661 3232 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:30:52.0677 3232 mrxsmb - ok
12:30:52.0786 3232 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:30:52.0786 3232 mrxsmb10 - ok
12:30:52.0833 3232 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:30:52.0833 3232 mrxsmb20 - ok
12:30:52.0911 3232 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
12:30:52.0911 3232 msahci - ok
12:30:53.0129 3232 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:30:53.0145 3232 msdsm - ok
12:30:53.0239 3232 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:30:53.0239 3232 MSDTC - ok
12:30:53.0301 3232 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:30:53.0317 3232 Msfs - ok
12:30:53.0441 3232 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:30:53.0441 3232 msisadrv - ok
12:30:53.0566 3232 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:30:53.0566 3232 MSiSCSI - ok
12:30:53.0691 3232 msiserver - ok
12:30:53.0800 3232 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:30:53.0800 3232 MSKSSRV - ok
12:30:54.0034 3232 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:30:54.0034 3232 MSPCLOCK - ok
12:30:54.0206 3232 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:30:54.0221 3232 MSPQM - ok
12:30:54.0315 3232 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:30:54.0331 3232 MsRPC - ok
12:30:54.0705 3232 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:30:54.0721 3232 mssmbios - ok
12:30:55.0001 3232 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:30:55.0001 3232 MSTEE - ok
12:30:55.0079 3232 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:30:55.0095 3232 Mup - ok
12:30:55.0173 3232 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:30:55.0173 3232 napagent - ok
12:30:55.0345 3232 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:30:55.0360 3232 NativeWifiP - ok
12:30:55.0485 3232 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:30:55.0579 3232 NDIS - ok
12:30:55.0781 3232 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:30:55.0797 3232 NdisTapi - ok
12:30:55.0922 3232 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:30:55.0922 3232 Ndisuio - ok
12:30:56.0000 3232 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:30:56.0015 3232 NdisWan - ok
12:30:56.0234 3232 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:30:56.0265 3232 NDProxy - ok
12:30:56.0405 3232 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:30:56.0421 3232 NetBIOS - ok
12:30:56.0639 3232 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:30:56.0639 3232 netbt - ok
12:30:56.0795 3232 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:30:56.0795 3232 Netlogon - ok
12:30:57.0014 3232 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:30:57.0076 3232 Netman - ok
12:30:57.0232 3232 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:30:57.0248 3232 netprofm - ok
12:30:57.0544 3232 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:57.0575 3232 NetTcpPortSharing - ok
12:30:57.0997 3232 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:30:58.0012 3232 nfrd960 - ok
12:30:58.0324 3232 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:30:58.0340 3232 NlaSvc - ok
12:30:58.0433 3232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:30:58.0433 3232 Npfs - ok
12:30:58.0511 3232 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:30:58.0511 3232 nsi - ok
12:30:58.0636 3232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:30:58.0636 3232 nsiproxy - ok
12:30:58.0855 3232 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:30:58.0979 3232 Ntfs - ok
12:30:59.0167 3232 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:30:59.0213 3232 ntrigdigi - ok
12:30:59.0494 3232 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:30:59.0510 3232 Null - ok
12:30:59.0728 3232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:30:59.0728 3232 nvraid - ok
12:30:59.0915 3232 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:30:59.0947 3232 nvstor - ok
12:31:00.0149 3232 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:31:00.0181 3232 nv_agp - ok
12:31:00.0212 3232 NwlnkFlt - ok
12:31:00.0321 3232 NwlnkFwd - ok
12:31:00.0524 3232 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:31:00.0586 3232 odserv - ok
12:31:00.0836 3232 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:31:00.0851 3232 ohci1394 - ok
12:31:00.0976 3232 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:00.0976 3232 ose - ok
12:31:01.0054 3232 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:01.0070 3232 p2pimsvc - ok
12:31:01.0085 3232 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:01.0101 3232 p2psvc - ok
12:31:01.0195 3232 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:31:01.0210 3232 Parport - ok
12:31:01.0304 3232 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:31:01.0304 3232 partmgr - ok
12:31:01.0460 3232 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:31:01.0475 3232 Parvdm - ok
12:31:01.0616 3232 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:31:01.0647 3232 PcaSvc - ok
12:31:01.0928 3232 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:31:01.0959 3232 pci - ok
12:31:02.0068 3232 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:31:02.0068 3232 pciide - ok
12:31:02.0131 3232 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:31:02.0146 3232 pcmcia - ok
12:31:02.0287 3232 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:31:02.0302 3232 PEAUTH - ok
12:31:02.0474 3232 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:31:02.0770 3232 pla - ok
12:31:02.0973 3232 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:31:02.0989 3232 PlugPlay - ok
12:31:03.0129 3232 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:03.0129 3232 PNRPAutoReg - ok
12:31:03.0145 3232 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:31:03.0145 3232 PNRPsvc - ok
12:31:03.0285 3232 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:31:03.0301 3232 PolicyAgent - ok
12:31:03.0363 3232 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:03.0363 3232 PptpMiniport - ok
12:31:03.0457 3232 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:31:03.0457 3232 Processor - ok
12:31:03.0519 3232 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:31:03.0519 3232 ProfSvc - ok
12:31:03.0581 3232 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:03.0581 3232 ProtectedStorage - ok
12:31:03.0737 3232 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:31:03.0737 3232 PSched - ok
12:31:04.0127 3232 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:31:04.0221 3232 ql2300 - ok
12:31:04.0486 3232 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:31:04.0502 3232 ql40xx - ok
12:31:04.0673 3232 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:31:04.0689 3232 QWAVE - ok
12:31:04.0876 3232 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:31:04.0876 3232 QWAVEdrv - ok
12:31:05.0266 3232 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
12:31:05.0625 3232 R300 - ok
12:31:05.0968 3232 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:05.0968 3232 RasAcd - ok
12:31:06.0233 3232 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:31:06.0249 3232 RasAuto - ok
12:31:06.0561 3232 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:06.0561 3232 Rasl2tp - ok
12:31:06.0920 3232 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:31:06.0920 3232 RasMan - ok
12:31:07.0123 3232 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:07.0123 3232 RasPppoe - ok
12:31:07.0247 3232 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:07.0279 3232 RasSstp - ok
12:31:07.0949 3232 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:07.0996 3232 rdbss - ok
12:31:08.0293 3232 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:08.0293 3232 RDPCDD - ok
12:31:08.0854 3232 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:31:08.0917 3232 rdpdr - ok
12:31:09.0291 3232 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:31:09.0291 3232 RDPENCDD - ok
12:31:10.0289 3232 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
12:31:10.0289 3232 RDPWD - ok
12:31:10.0430 3232 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:31:10.0445 3232 RemoteAccess - ok
12:31:10.0492 3232 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:31:10.0523 3232 RemoteRegistry - ok
12:31:10.0804 3232 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:31:10.0804 3232 RpcLocator - ok
12:31:11.0038 3232 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
12:31:11.0038 3232 RpcSs - ok
12:31:11.0101 3232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:11.0101 3232 rspndr - ok
12:31:11.0381 3232 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
12:31:11.0381 3232 RTSTOR - ok
12:31:11.0537 3232 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:31:11.0537 3232 SamSs - ok
12:31:11.0881 3232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:31:11.0896 3232 sbp2port - ok
12:31:12.0115 3232 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:31:12.0115 3232 SCardSvr - ok
12:31:12.0177 3232 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:31:12.0193 3232 Schedule - ok
12:31:12.0317 3232 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:31:12.0317 3232 SCPolicySvc - ok
12:31:12.0395 3232 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:31:12.0395 3232 SDRSVC - ok
12:31:12.0489 3232 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:31:12.0489 3232 SeaPort - ok
12:31:12.0707 3232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:31:12.0723 3232 secdrv - ok
12:31:12.0957 3232 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:31:12.0988 3232 seclogon - ok
12:31:13.0207 3232 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
12:31:13.0222 3232 SENS - ok
12:31:13.0441 3232 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:31:13.0441 3232 Serenum - ok
12:31:13.0487 3232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:31:13.0503 3232 Serial - ok
12:31:13.0690 3232 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:31:13.0690 3232 sermouse - ok
12:31:14.0049 3232 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:31:14.0065 3232 SessionEnv - ok
12:31:14.0267 3232 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:31:14.0267 3232 sffdisk - ok
12:31:14.0314 3232 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:31:14.0314 3232 sffp_mmc - ok
12:31:14.0455 3232 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:31:14.0455 3232 sffp_sd - ok
12:31:14.0470 3232 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:31:14.0470 3232 sfloppy - ok
12:31:14.0548 3232 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:31:14.0564 3232 SharedAccess - ok
12:31:14.0891 3232 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:31:14.0985 3232 ShellHWDetection - ok
12:31:15.0391 3232 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:31:15.0391 3232 sisagp - ok
12:31:15.0625 3232 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:31:15.0640 3232 SiSRaid2 - ok
12:31:15.0781 3232 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:31:15.0781 3232 SiSRaid4 - ok
12:31:16.0389 3232 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:31:16.0498 3232 slsvc - ok
12:31:16.0888 3232 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:31:16.0951 3232 SLUINotify - ok
12:31:17.0153 3232 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:31:17.0169 3232 Smb - ok
12:31:17.0325 3232 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:31:17.0341 3232 SNMPTRAP - ok
12:31:17.0434 3232 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:31:17.0434 3232 spldr - ok
12:31:17.0824 3232 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:31:17.0855 3232 Spooler - ok
12:31:18.0199 3232 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\System32\Drivers\sptd.sys
12:31:18.0214 3232 sptd - ok
12:31:18.0511 3232 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:31:18.0526 3232 srv - ok
12:31:19.0103 3232 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:31:19.0135 3232 srv2 - ok
12:31:19.0369 3232 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:19.0415 3232 srvnet - ok
12:31:19.0540 3232 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:31:19.0540 3232 SSDPSRV - ok
12:31:19.0634 3232 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:31:19.0649 3232 SstpSvc - ok
12:31:20.0164 3232 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
12:31:20.0195 3232 STacSV - ok
12:31:20.0851 3232 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
12:31:20.0866 3232 STHDA - ok
12:31:21.0209 3232 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:31:21.0225 3232 stisvc - ok
12:31:21.0553 3232 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:31:21.0553 3232 swenum - ok
12:31:21.0787 3232 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:31:21.0787 3232 swprv - ok
12:31:22.0052 3232 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:31:22.0067 3232 Symc8xx - ok
12:31:22.0317 3232 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:31:22.0333 3232 Sym_hi - ok
12:31:22.0645 3232 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:31:22.0660 3232 Sym_u3 - ok
12:31:22.0894 3232 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:31:22.0941 3232 SysMain - ok
12:31:23.0066 3232 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:31:23.0066 3232 TabletInputService - ok
12:31:23.0159 3232 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:31:23.0159 3232 TapiSrv - ok
12:31:23.0456 3232 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:31:23.0487 3232 TBS - ok
12:31:23.0690 3232 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:31:23.0737 3232 Tcpip - ok
12:31:24.0017 3232 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:24.0017 3232 Tcpip6 - ok
12:31:24.0345 3232 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:31:24.0563 3232 tcpipreg - ok
12:31:24.0969 3232 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:31:25.0047 3232 TDPIPE - ok
12:31:25.0328 3232 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:31:25.0328 3232 TDTCP - ok
12:31:25.0421 3232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:31:25.0515 3232 tdx - ok
12:31:25.0827 3232 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:31:25.0905 3232 TermDD - ok
12:31:26.0248 3232 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:31:26.0264 3232 TermService - ok
12:31:26.0326 3232 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:31:26.0342 3232 Themes - ok
12:31:26.0467 3232 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:31:26.0467 3232 THREADORDER - ok
12:31:26.0545 3232 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:31:26.0545 3232 TrkWks - ok
12:31:26.0810 3232 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:31:26.0825 3232 TrustedInstaller - ok
12:31:27.0013 3232 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:27.0013 3232 tssecsrv - ok
12:31:27.0153 3232 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:31:27.0247 3232 tunmp - ok
12:31:27.0434 3232 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:27.0559 3232 tunnel - ok
12:31:27.0855 3232 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:31:27.0886 3232 uagp35 - ok
12:31:28.0120 3232 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:31:29.0275 3232 udfs - ok
12:31:29.0524 3232 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:31:29.0524 3232 UI0Detect - ok
12:31:29.0633 3232 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:31:29.0665 3232 uliagpkx - ok
12:31:29.0867 3232 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:31:29.0899 3232 uliahci - ok
12:31:29.0961 3232 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:31:29.0977 3232 UlSata - ok
12:31:30.0242 3232 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:31:30.0289 3232 ulsata2 - ok
12:31:30.0367 3232 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:31:30.0445 3232 umbus - ok
12:31:30.0647 3232 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:31:30.0679 3232 upnphost - ok
12:31:30.0741 3232 USBAAPL - ok
12:31:30.0913 3232 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:30.0975 3232 usbccgp - ok
12:31:31.0022 3232 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:31:31.0022 3232 usbcir - ok
12:31:31.0459 3232 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:31.0537 3232 usbehci - ok
12:31:31.0895 3232 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:32.0036 3232 usbhub - ok
12:31:32.0285 3232 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:31:32.0301 3232 usbohci - ok
12:31:32.0363 3232 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:31:32.0363 3232 usbprint - ok
12:31:32.0551 3232 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:32.0582 3232 USBSTOR - ok
12:31:32.0613 3232 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:31:32.0660 3232 usbuhci - ok
12:31:32.0894 3232 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:31:32.0909 3232 UxSms - ok
12:31:33.0159 3232 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:31:33.0175 3232 vds - ok
12:31:33.0440 3232 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:33.0455 3232 vga - ok
12:31:33.0627 3232 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:31:33.0627 3232 VgaSave - ok
12:31:33.0908 3232 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:31:33.0908 3232 viaagp - ok
12:31:33.0955 3232 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:31:33.0986 3232 ViaC7 - ok
12:31:34.0282 3232 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:31:34.0282 3232 viaide - ok
12:31:34.0423 3232 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:31:34.0516 3232 volmgr - ok
12:31:34.0813 3232 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:31:34.0906 3232 volmgrx - ok
12:31:35.0109 3232 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:31:35.0171 3232 volsnap - ok
12:31:35.0390 3232 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:31:35.0390 3232 vsmraid - ok
12:31:35.0655 3232 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:31:35.0717 3232 VSS - ok
12:31:35.0951 3232 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:31:36.0014 3232 W32Time - ok
12:31:36.0170 3232 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:31:36.0185 3232 WacomPen - ok
12:31:36.0217 3232 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:36.0279 3232 Wanarp - ok
12:31:36.0310 3232 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:36.0310 3232 Wanarpv6 - ok
12:31:36.0560 3232 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:31:36.0560 3232 wcncsvc - ok
12:31:36.0731 3232 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:31:36.0731 3232 WcsPlugInService - ok
12:31:36.0809 3232 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:31:36.0825 3232 Wd - ok
12:31:36.0997 3232 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:31:37.0355 3232 Wdf01000 - ok
12:31:37.0574 3232 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:31:37.0605 3232 WdiServiceHost - ok
12:31:37.0605 3232 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:31:37.0621 3232 WdiSystemHost - ok
12:31:37.0855 3232 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:31:37.0886 3232 WebClient - ok
12:31:38.0276 3232 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
12:31:38.0307 3232 Wecsvc - ok
12:31:38.0447 3232 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:31:38.0494 3232 wercplsupport - ok
12:31:38.0681 3232 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:31:38.0697 3232 WerSvc - ok
12:31:38.0853 3232 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:31:38.0853 3232 WinDefend - ok
12:31:38.0869 3232 WinHttpAutoProxySvc - ok
12:31:39.0274 3232 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:31:39.0305 3232 Winmgmt - ok
12:31:39.0649 3232 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
12:31:39.0773 3232 WinRM - ok
12:31:40.0101 3232 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:31:40.0273 3232 Wlansvc - ok
12:31:40.0475 3232 wltrysvc - ok
12:31:40.0585 3232 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:31:40.0600 3232 WmiAcpi - ok
12:31:40.0850 3232 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:31:40.0865 3232 wmiApSrv - ok
12:31:41.0068 3232 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:31:41.0240 3232 WMPNetworkSvc - ok
12:31:41.0474 3232 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:31:41.0489 3232 WPCSvc - ok
12:31:41.0692 3232 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:31:41.0692 3232 WPDBusEnum - ok
12:31:41.0973 3232 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:41.0973 3232 ws2ifsl - ok
12:31:42.0269 3232 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
12:31:42.0285 3232 wscsvc - ok
12:31:42.0347 3232 WSearch - ok
12:31:42.0878 3232 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
12:31:43.0533 3232 wuauserv - ok
12:31:43.0876 3232 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:43.0985 3232 WUDFRd - ok
12:31:44.0219 3232 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:31:44.0251 3232 wudfsvc - ok
12:31:44.0266 3232 yksvc - ok
12:31:44.0547 3232 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
12:31:44.0578 3232 yukonwlh - ok
12:31:44.0672 3232 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:31:44.0781 3232 \Device\Harddisk0\DR0 - ok
12:31:44.0828 3232 Boot (0x1200) (c65ebb53ad6ab8ce1915d4348cce8aee) \Device\Harddisk0\DR0\Partition0
12:31:44.0859 3232 \Device\Harddisk0\DR0\Partition0 - ok
12:31:44.0875 3232 Boot (0x1200) (1c7c6a9d43d658a48be441dce268fa68) \Device\Harddisk0\DR0\Partition1
12:31:44.0906 3232 \Device\Harddisk0\DR0\Partition1 - ok
12:31:44.0906 3232 ============================================================
12:31:44.0906 3232 Scan finished
12:31:44.0906 3232 ============================================================
12:31:44.0921 2960 Detected object count: 0
12:31:44.0921 2960 Actual detected object count: 0



aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 12:33:47
-----------------------------
12:33:47.367 OS Version: Windows 6.0.6002 Service Pack 2
12:33:47.367 Number of processors: 1 586 0xF0D
12:33:47.382 ComputerName: GWEN-PC UserName: Gwen
12:34:00.424 Initialize success
13:01:17.871 AVAST engine defs: 12040900
13:03:01.643 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:03:01.689 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
13:03:01.705 Disk 0 MBR read successfully
13:03:01.736 Disk 0 MBR scan
13:03:01.814 Disk 0 Windows VISTA default MBR code
13:03:01.830 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:03:01.877 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
13:03:01.908 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137586 MB offset 30801920
13:03:01.923 Disk 0 scanning sectors +312579760
13:03:02.033 Disk 0 scanning C:\Windows\system32\drivers
13:03:18.475 Service scanning
13:03:54.745 Modules scanning
13:04:27.630 Disk 0 trace - called modules:
13:04:28.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:04:28.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8703eac8]
13:04:28.176 3 CLASSPNP.SYS[887a68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d31028]
13:04:29.221 AVAST engine scan C:\Windows
13:04:31.561 AVAST engine scan C:\Windows\system32
13:08:06.888 AVAST engine scan C:\Windows\system32\drivers
13:08:22.191 AVAST engine scan C:\Users\Gwen
13:11:17.286 AVAST engine scan C:\ProgramData
13:11:53.306 Scan finished successfully
13:14:22.411 Disk 0 MBR has been saved successfully to "C:\Users\Gwen\Documents\MBR.dat"
13:14:22.458 The log file has been saved successfully to "C:\Users\Gwen\Documents\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 09 April 2012 - 09:41 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 14 April 2012 - 07:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 15 April 2012 - 07:28 AM

Topic reopened.

#7 lohies

lohies
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 15 April 2012 - 09:28 AM

Sorry about that! Thanks for reopening

Combofix log:

ComboFix 12-04-15.01 - Gwen 15/04/2012 13:27:33.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.986.369 [GMT 1:00]
Running from: c:\users\Gwen\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-12 15:40 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 15:40 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 15:40 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 15:40 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 15:45 . 2012-03-14 17:56 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 17:56 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 17:56 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 17:56 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 17:56 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 17:56 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-09-04 05:29 200704 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-22 10:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-12-20 21:41 2696512 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-12-09 05:25 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 23:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-12-09 05:25 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- C:\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 20:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-12-09 05:25 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-12-15 04:13 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2131971913-4234826415-2044920430-1000]
"EnableNotificationsRef"=dword:00000001
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 20:17]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 20:17]
.
2011-12-25 c:\windows\Tasks\User_Feed_Synchronization-{35EC947E-EC4A-4453-A20F-4E9E5D6F3D0D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2011-12-25 c:\windows\Tasks\User_Feed_Synchronization-{DCF12748-0905-4245-B291-49197B9E5DD7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gwen\AppData\Roaming\Mozilla\Firefox\Profiles\amlr54r9.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 13:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-15 13:37:52
ComboFix-quarantined-files.txt 2012-04-15 12:37
.
Pre-Run: 97,058,934,784 bytes free
Post-Run: 97,227,767,808 bytes free
.
- - End Of File - - 9E99773020DB902DA73BA1500FF36A40

Securitycheck log:

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET NOD32 Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


No problems with my computer, everything is running OK

Edited by lohies, 15 April 2012 - 09:29 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 15 April 2012 - 10:07 AM

Looking good.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 21 April 2012 - 10:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users