Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Sirefef.AG.35 and TR/ATRAPS.Gen2


  • This topic is locked This topic is locked
32 replies to this topic

#1 Cyjon

Cyjon

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 24 May 2012 - 04:27 PM

You folks were a huge help a few months back so I'm hoping you can help me again.

I recently got a virus alert from Avira but it said access was denied when it tried to quarantine. I ran the Avira rescue disk and it found the following:

ALERT: [TR/Sirefef.AG.35] /media/Devices/sda1/Windows/Installer/{ff24043d-55f8-5ce9-a20a-8337d9b4b888}/U/80000000.@ <<< Is the Trojan horse TR/Sirefef.AG.35 [renamed]

ALERT: [TR/ATRAPS.Gen2] /media/Devices/sda1/Windows/Installer/{ff24043d-55f8-5ce9-a20a-8337d9b4b888}/U/800000cb.@ <<< Is the Trojan horse TR/ATRAPS.Gen2 [renamed]

I rebooted and the files had been renamed, but new ones had been generated. I had Avira try to quarantine again and it succeeded but again the files regenerated. I ran the Kaspersky rescue disk, but it just scans the first few files and then aborts to desktop. Per the Kaspersky forums this is apparently a problem a few users have but nobody seems to have a solution.

When getting ready to post this message I checked my firewall. The firewall configuration screen says "The Windows Firewall service is not running." and when I try to turn it on I get "Due to an unidentified problem, Windows cannot display Windows Firewall settings."

Here is the DDS file:
--------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 10.4.1
Run by Leela at 12:42:37 on 2012-05-24
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1161 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NoteTab Light\NoteTab.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\helppane.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = avnotify.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: mariarose.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A01AD983-15D7-424A-8CE0-8A210FF59D0E} : NameServer = 66.93.87.2,204.62.193.10,204.62.193.7
TCP: Interfaces\{A01AD983-15D7-424A-8CE0-8A210FF59D0E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA63C5CE-54A2-44BF-AA74-F9DC6471814D} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leela\appdata\roaming\mozilla\firefox\profiles\7xlle7g8.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2010win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2011win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2010-3-24 15448]
R0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2011-4-8 58504]
R0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2011-4-8 42136]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-27 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-27 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-27 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-27 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-31 21504]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2011-7-7 11928]
R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\drivers\niede.sys [2010-6-15 32432]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2011-1-5 25728]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-5 20104]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-4-8 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-4-8 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-4-8 22608]
S3 NIApplicationWebServer;NI Application Web Server;c:\program files\national instruments\shared\ni webserver\ApplicationWebServer.exe [2011-5-27 50336]
S3 nicdcck;nicdcck;c:\windows\system32\drivers\nicdcckl.sys [2011-7-18 11928]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-8-12 11352]
S3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-7-19 11952]
S3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-7-19 11912]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-7-19 11920]
S3 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2010-3-24 12696]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2011-7-1 11944]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-7-12 11920]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-7-19 11928]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-7-19 11920]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-7-18 11920]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-7-12 11936]
S3 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2011-6-1 194224]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2011-7-1 11944]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-7-12 11976]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2011-3-31 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-7-12 11944]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-7-12 11952]
S3 NINetworkDiscovery;NI Network Discovery;c:\program files\national instruments\shared\ni network discovery\niDiscSvc.exe [2011-6-10 121032]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2011-5-17 11944]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-6-29 11968]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-6-29 11968]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2011-7-7 21144]
S3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-7-19 11912]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-7-12 11960]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2011-7-18 11936]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2011-7-8 11928]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-7-12 11960]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-7-18 11920]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-1-5 11312]
S3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-7-18 11912]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2011-7-18 11944]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-8-16 11912]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-7-18 11944]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-7-19 11944]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-7-18 11920]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-7-19 11920]
.
=============== File Associations ===============
.
.txt=NoteTab.txt
.
=============== Created Last 30 ================
.
2012-05-24 17:50:20 -------- d-----w- c:\program files\Oracle
2012-05-24 17:49:38 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 11:31:59 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-23 17:14:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-19 20:27:06 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-19 20:27:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-19 20:27:06 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-19 20:26:47 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-19 20:26:47 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-19 20:26:42 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-19 20:26:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-19 20:26:12 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-19 20:26:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-19 20:26:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-19 20:26:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-19 20:26:07 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:30:03 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2012-05-09 15:22:07 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-05 01:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
============= FINISH: 12:44:04.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 24 May 2012 - 11:45 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 09:44 AM

Since my original post, Avira has found three infected web pages in my Temporary Internet Files. In each case Avira said access to the file was denied so was unable to quarantine the file, but I was able to delete the page manually. However after the third warning I decided to just clear Firefox's cache rather than hunting them all down individually.

I'll note that prior to the Avira warnings I didn't notice any odd behavior in the system. Since then I've realized that Windows Firewall is off and I can't turn it back on--that is still true.

ComboFix doesnt' seem to be working. I get the initial dialog showing it is unpacking the files, and then that dialog disappears and nothing happens. I left it for a couple of minutes just to be sure before pulling up the task manager to see no process running. I tried it again with the same result, but this time I noted the output directory was "C:\32788R22FWJFW". That directory shows the My Computer icon and when I click on it, sure enough it takes me to My Computer, showing the available drives.

The results of Security Check are posted below:
----------------------------------------
Results of screen317's Security Check version 0.99.38
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.0
Java™ 7 Update 4
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.2.159.1 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (4.0)
Mozilla Thunderbird (5.0). Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 25 May 2012 - 11:38 AM

try it once more but this time leave it alone for 30 min


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 12:21 PM

OK, I restarted it and got the same result. After 30 minutes still no output, and there is no relevant process listed on Task Manager.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 25 May 2012 - 12:53 PM

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 02:13 PM

MBAM seemed to progress normally. It was able to remove one immediately and needed to reboot to remove the other.

When I rebooted, I got the following dialog:

Failed to connect to a Windows service
Windows could not connect to the User Profile Service service. This problem prevents limited users from logging onto the system. As an administrative user, you can review the System Event Log for details about why the service didn't register.

Everything has been reset--the desktop, taskbar, start menus, etc.--as though I'm a new user. I've tried changing things, like telling it to display extensions or add Administrative Tools to the menu, and it won't do it. The check marks remain if I go back to look, but it doesn't display extensions or add Admin Tools or whatever. So this means I can't look at the Event Viewer.

What's odd is if I go to C:\Users\Leela\ ("Leela" is the account name), everything is there. I opened My Documents directly and clicked on the address bar and it's using C:\Windows\System32\config\systemprofile\Documents" instead of C:\Users\Leela\Documents

And Avira beeped and told me TR/Sirefef is still there and "Access to this file is denied" so it can't quarantine.

I managed to copy the MBAM log over to another computer so here it is:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19120
Leela :: WRITINGLAPTOP [administrator]

5/25/2012 11:18:49 AM
mbam-log-2012-05-25 (11-18-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266923
Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 25 May 2012 - 02:49 PM

Ok that removed something lets see if combofix will run this time - leave it be for at least 30 min


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 03:41 PM

ComboFix started correctly and warned me Avira was still active. I looked and, no, it's deactivated. Umbrella on the icon closed, Realtime Protection unchecked on both the right-click menu and the main Avira interface. I went ahead, since ComboFix doesn't let you quit anyhow. CF updated to the latest version, reran, again warned me Avira was active, and then started its scan.

40 minutes later, I'm still waiting. The window is open--the one that says "Scanning for infected files..."--and I've been at 100% processor the whole time. Per Task Manager processor time is evenly split between services.exe and svchost.exe.

I'm willing to keep it running, but I'm getting a bit concerned. Since there's no progress indicator of any kind I don't know if it's really scanning or just stuck, possibly fighting with Avira.

#10 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 04:07 PM

I left ComboFix running and about ten minutes later (50+ minutes total) I got a dialog that said "Windows has encountered a critical problem and will restart automatically in one minute". I noticed the ComboFix window now had "Completed Stage_1", "Completed Stage_2", and "Completed Stage_3". Windows rebooted on its own and when I logged back on, I was back on my real account.

I don't know if ComboFix has a partial log somewhere, but I'd be happy to post it if you can point me to it.

Services.exe and svchost.exe are still screaming away at 100% processor power, so something is going on. It's hard to accomplish anything because any action I take is REALLY slow because of this.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 25 May 2012 - 04:11 PM

Rename combofix:

Please download Combofix from one of these locations:
Link 1
Link 2
Link 3

You must rename it before saving it... Rename it: Gringo . See images below. Save it to your desktop.

Posted Image

Posted Image

Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.

Double click on Gringo & follow the prompts.

Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!


When finished,Notepad will open and ComboxFix will produce a log file.
Please copy/paste the contents of this log in your next reply.
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 25 May 2012 - 11:09 PM

I verified Windows Firewall was off--still can't turn it on. I deactivated Avira, which literally took over 20 minutes since the system is running so slowly due to those two processes running at maximum processor power. I close everything and ran Gringo. It took a mere 6 hours to finish.

As it got up to stage 50, Windows gave me a message "PEV.exe has stopped working". I chose "close the program". At another point it said "freeware implementation of xcacls has stopped working" and again I closed the program.

After it rebooted, while I was waiting for the log file, Windows said the recycle bin was corrupted. I chose not to empty it since I didn't want to risk interfering with CombFix. While ComboFix was saving the log, Avira reported several times finding TR/Sirefef.P.316 (same location, just several notifications over time). Note that previously it was reporting TR/Sirefef.AG.35. And it's reported it twice more while I was typing this up.

Window Firewall is now showing active--before it was off and I couldn't turn it on. I haven't cleared the Recycle Bin since I figured I'd wait for you.

Here is the ComboFix log.
-----------------------------------
ComboFix 12-05-25.03 - Leela 05/25/2012 15:02:04.2.1 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1368 [GMT -7:00]
Running from: c:\users\Leela\Desktop\Gringo.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOG8AF0.tmp
C:\LOGF314.tmp
c:\users\ariel
c:\users\ariel\AppData\Local\AtStart.txt
c:\users\ariel\AppData\Local\DSwitch.txt
c:\users\ariel\AppData\Local\GDIPFONTCACHEV1.DAT
c:\users\ariel\AppData\Local\IconCache.db
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\0CL11KD2\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\HDH5A7LY\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\HDH5A7LY\fwlink[1]
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\index.dat
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\Y77N4PP6\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\Y77N4PP6\fwlink[1]
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\ZHUS17D8\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Feeds Cache\ZHUS17D8\fwlink[1]
c:\users\ariel\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
c:\users\ariel\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
c:\users\ariel\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
c:\users\ariel\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
c:\users\ariel\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
c:\users\ariel\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
c:\users\ariel\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb
c:\users\ariel\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\01_Music_auto_rated_at_5_stars.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\02_Music_added_in_the_last_month.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\03_Music_rated_at_4_or_5_stars.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\04_Music_played_in_the_last_month.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\05_Pictures_taken_in_the_last_month.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\06_Pictures_rated_4_or_5_stars.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\07_TV_recorded_in_the_last_week.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\08_Video_rated_at_4_or_5_stars.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\09_Music_played_the_most.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\10_All_Music.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\11_All_Pictures.wpl
c:\users\ariel\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\279CA2A4\12_All_Video.wpl
c:\users\ariel\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.DTD
c:\users\ariel\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.XML
c:\users\ariel\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
c:\users\ariel\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
c:\users\ariel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
c:\users\ariel\AppData\Local\Microsoft\Windows\History\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\257BU6XQ\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HQBIMSX\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFB3F9UI\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EC7VRG6D\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
c:\users\ariel\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat{e45c9e82-a1f8-11dc-bcd2-001636d8865d}.TM.blf
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat{e45c9e82-a1f8-11dc-bcd2-001636d8865d}.TMContainer00000000000000000001.regtrans-ms
c:\users\ariel\AppData\Local\Microsoft\Windows\UsrClass.dat{e45c9e82-a1f8-11dc-bcd2-001636d8865d}.TMContainer00000000000000000002.regtrans-ms
c:\users\ariel\AppData\Local\QSwitch.txt
c:\users\ariel\AppData\Local\Temp\Ariel.bmp
c:\users\ariel\AppData\Local\Temp\FXSAPIDebugLogFile.txt
c:\users\ariel\AppData\Local\Temp\wmsetup.log
c:\users\ariel\AppData\LocalLow\desktop.ini
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
c:\users\ariel\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6
c:\users\ariel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Protect\CREDHIST
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
c:\users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
c:\users\ariel\AppData\Roaming\PC Suite\Settings\PCCSConfig.dat
c:\users\ariel\Contacts\desktop.ini
c:\users\ariel\Desktop\desktop.ini
c:\users\ariel\Documents\desktop.ini
c:\users\ariel\Downloads\desktop.ini
c:\users\ariel\Favorites\desktop.ini
c:\users\ariel\Favorites\HP\Accessories.url
c:\users\ariel\Favorites\HP\Activity Center.url
c:\users\ariel\Favorites\HP\Digital Entertainment.url
c:\users\ariel\Favorites\HP\eBay.url
c:\users\ariel\Favorites\HP\Home.url
c:\users\ariel\Favorites\HP\HP Club.url
c:\users\ariel\Favorites\HP\HP Games.url
c:\users\ariel\Favorites\HP\HP Music.url
c:\users\ariel\Favorites\HP\HP Store.url
c:\users\ariel\Favorites\HP\PC Security.url
c:\users\ariel\Favorites\HP\Photo Central.url
c:\users\ariel\Favorites\HP\Printing.url
c:\users\ariel\Favorites\HP\Software and Driver Downloads.url
c:\users\ariel\Favorites\Links\Customize Links.url
c:\users\ariel\Favorites\Links\desktop.ini
c:\users\ariel\Favorites\Microsoft Websites\IE Add-on site.url
c:\users\ariel\Favorites\Microsoft Websites\IE site on Microsoft.com.url
c:\users\ariel\Favorites\Microsoft Websites\Marketplace.url
c:\users\ariel\Favorites\Microsoft Websites\Microsoft At Home.url
c:\users\ariel\Favorites\Microsoft Websites\Microsoft At Work.url
c:\users\ariel\Favorites\Microsoft Websites\Welcome to IE7.url
c:\users\ariel\Favorites\MSN Websites\MSN Autos.url
c:\users\ariel\Favorites\MSN Websites\MSN Entertainment.url
c:\users\ariel\Favorites\MSN Websites\MSN Money.url
c:\users\ariel\Favorites\MSN Websites\MSN Sports.url
c:\users\ariel\Favorites\MSN Websites\MSN.url
c:\users\ariel\Favorites\MSN Websites\MSNBC News.url
c:\users\ariel\Favorites\Windows Live\Get Windows Live.url
c:\users\ariel\Favorites\Windows Live\Windows Live Gallery.url
c:\users\ariel\Favorites\Windows Live\Windows Live Mail.url
c:\users\ariel\Favorites\Windows Live\Windows Live Spaces.url
c:\users\ariel\Links\desktop.ini
c:\users\ariel\Links\Documents.lnk
c:\users\ariel\Links\Music.lnk
c:\users\ariel\Links\Pictures.lnk
c:\users\ariel\Links\Public.lnk
c:\users\ariel\Links\Recently Changed.lnk
c:\users\ariel\Links\Searches.lnk
c:\users\ariel\Music\desktop.ini
c:\users\ariel\Music\Sample Music.lnk
c:\users\ariel\ntuser.dat.LOG1
c:\users\ariel\ntuser.dat.LOG2
c:\users\ariel\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
c:\users\ariel\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
c:\users\ariel\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
c:\users\ariel\NTUSER.DAT{ebd7886c-0195-11dd-a37a-001636d8865d}.TM.blf
c:\users\ariel\NTUSER.DAT{ebd7886c-0195-11dd-a37a-001636d8865d}.TMContainer00000000000000000001.regtrans-ms
c:\users\ariel\NTUSER.DAT{ebd7886c-0195-11dd-a37a-001636d8865d}.TMContainer00000000000000000002.regtrans-ms
c:\users\ariel\ntuser.ini
c:\users\ariel\Pictures\desktop.ini
c:\users\ariel\Pictures\Sample Pictures.lnk
c:\users\ariel\Saved Games\desktop.ini
c:\users\ariel\Searches\desktop.ini
c:\users\ariel\Searches\Everywhere.search-ms
c:\users\ariel\Searches\Indexed Locations.search-ms
c:\users\ariel\Searches\Recent Documents.search-ms
c:\users\ariel\Searches\Recent E-mail.search-ms
c:\users\ariel\Searches\Recent Music.search-ms
c:\users\ariel\Searches\Recent Pictures and Videos.search-ms
c:\users\ariel\Searches\Recently Changed.search-ms
c:\users\ariel\Searches\Shared By Me.search-ms
c:\users\ariel\Videos\desktop.ini
c:\users\ariel\Videos\Sample Videos.lnk
c:\users\Leela\AppData\Roaming\app
c:\users\Leela\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Leela\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Leela\Documents\Blank.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 02:26 . 2012-05-26 03:39 -------- d-----w- c:\users\Leela\AppData\Local\temp
2012-05-26 02:26 . 2012-05-26 02:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 02:26 . 2012-05-26 02:26 -------- d-----w- c:\users\Jasmine\AppData\Local\temp
2012-05-26 02:26 . 2012-05-26 02:26 -------- d-----w- c:\users\Harley\AppData\Local\temp
2012-05-26 02:26 . 2012-05-26 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 19:05 . 2012-05-25 19:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Avira
2012-05-25 18:53 . 2012-05-25 18:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2012-05-25 18:17 . 2012-05-25 18:17 -------- d-----w- c:\users\Leela\AppData\Roaming\Malwarebytes
2012-05-25 18:17 . 2012-05-25 18:17 -------- d-----w- c:\programdata\Malwarebytes
2012-05-25 18:17 . 2012-05-25 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 18:17 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 17:51 . 2012-05-24 17:51 -------- d-----w- c:\program files\Common Files\Java
2012-05-24 17:50 . 2012-05-24 17:50 -------- d-----w- c:\program files\Oracle
2012-05-24 17:49 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 17:47 . 2012-05-24 17:47 -------- d-----w- c:\program files\Java
2012-05-24 11:31 . 2012-05-24 12:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-23 17:14 . 2012-05-23 17:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-19 20:27 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-19 20:27 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-19 20:27 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-19 20:26 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 20:26 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-19 20:26 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-19 20:26 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-19 20:26 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-19 20:26 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-19 20:26 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-19 20:26 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-19 20:26 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:30 . 2012-05-09 17:30 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 15:22 . 2012-03-27 16:25 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 15:22 . 2012-03-27 16:25 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-05 01:47 . 2011-05-08 20:59 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-18 16:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-18 16:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-18 16:02 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-18 16:02 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2011-06-10 01:05 . 2011-06-10 01:05 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2011-06-22 18:44 . 2011-06-22 18:44 158720 ----a-w- c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2009-10-22 16:28 . 2009-10-22 16:28 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2010-10-20 01:15 . 2010-10-20 01:15 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2011-03-18 17:53 . 2011-04-04 16:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
backup=c:\windows\pss\NI Error Reporting.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-27 21:16 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-27 21:16 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
2011-06-07 19:41 3002976 ----a-w- c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
2010-04-20 16:21 109712 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIRegistrationWizard]
2010-06-21 21:53 846520 ----a-w- c:\program files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-27 21:16 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-12-02 23:32 167936 ------w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-365321759-1882516500-2099694444-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{ECB17051-967E-4834-96F6-8665D897D71A}.job
- c:\windows\system32\msfeedssync.exe [2011-08-12 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mariarose.net
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A01AD983-15D7-424A-8CE0-8A210FF59D0E}: NameServer = 66.93.87.2,204.62.193.10,204.62.193.7
FF - ProfilePath - c:\users\Leela\AppData\Roaming\Mozilla\Firefox\Profiles\7xlle7g8.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
------- File Associations -------
.
.txt=NoteTab.txt
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-HP Health Check Scheduler - c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 20:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2012-05-25 20:47:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 03:46
.
Pre-Run: 6,931,906,560 bytes free
Post-Run: 6,876,119,040 bytes free
.
- - End Of File - - 111E1AB675FC56DD35572811F1FA0076

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 26 May 2012 - 01:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Cyjon

Cyjon
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 26 May 2012 - 04:19 PM

Both programs ran fine. CPU usage is normal so I don't have those two processes fighting for control any more. This was true before running these utilities. The suspect directory in C:\Windows\Installer is still present, though I haven't actively scanned it with Avira.

13:29:15.0581 3108 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:29:16.0142 3108 ============================================================
13:29:16.0142 3108 Current date / time: 2012/05/26 13:29:16.0142
13:29:16.0142 3108 SystemInfo:
13:29:16.0142 3108
13:29:16.0142 3108 OS Version: 6.0.6002 ServicePack: 2.0
13:29:16.0142 3108 Product type: Workstation
13:29:16.0142 3108 ComputerName: WRITINGLAPTOP
13:29:16.0142 3108 UserName: Leela
13:29:16.0142 3108 Windows directory: C:\Windows
13:29:16.0142 3108 System windows directory: C:\Windows
13:29:16.0142 3108 Processor architecture: Intel x86
13:29:16.0142 3108 Number of processors: 1
13:29:16.0142 3108 Page size: 0x1000
13:29:16.0142 3108 Boot type: Normal boot
13:29:16.0142 3108 ============================================================
13:29:17.0203 3108 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:29:17.0219 3108 ============================================================
13:29:17.0219 3108 \Device\Harddisk0\DR0:
13:29:17.0219 3108 MBR partitions:
13:29:17.0219 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x638DEA3
13:29:17.0219 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x638DEE2, BlocksNum 0xC3DC5F
13:29:17.0219 3108 ============================================================
13:29:17.0219 3108 C: <-> \Device\Harddisk0\DR0\Partition0
13:29:17.0266 3108 D: <-> \Device\Harddisk0\DR0\Partition1
13:29:17.0266 3108 ============================================================
13:29:17.0266 3108 Initialize success
13:29:17.0266 3108 ============================================================
13:29:20.0354 3372 ============================================================
13:29:20.0354 3372 Scan started
13:29:20.0354 3372 Mode: Manual;
13:29:20.0354 3372 ============================================================
13:29:21.0103 3372 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:29:21.0103 3372 ACPI - ok
13:29:21.0228 3372 AddFiltr (e6d2486ec85a36b8336ed456d0317d96) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
13:29:21.0228 3372 AddFiltr - ok
13:29:21.0353 3372 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:29:21.0368 3372 adp94xx - ok
13:29:21.0462 3372 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:29:21.0478 3372 adpahci - ok
13:29:21.0524 3372 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:29:21.0524 3372 adpu160m - ok
13:29:21.0602 3372 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:29:21.0602 3372 adpu320 - ok
13:29:21.0680 3372 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:29:21.0680 3372 AeLookupSvc - ok
13:29:21.0790 3372 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:29:21.0790 3372 AFD - ok
13:29:21.0868 3372 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:29:21.0883 3372 agp440 - ok
13:29:21.0961 3372 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:29:21.0961 3372 aic78xx - ok
13:29:22.0008 3372 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:29:22.0008 3372 ALG - ok
13:29:22.0039 3372 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:29:22.0055 3372 aliide - ok
13:29:22.0086 3372 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:29:22.0086 3372 amdagp - ok
13:29:22.0117 3372 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:29:22.0117 3372 amdide - ok
13:29:22.0164 3372 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:29:22.0164 3372 AmdK7 - ok
13:29:22.0195 3372 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:29:22.0195 3372 AmdK8 - ok
13:29:22.0258 3372 androidusb (f71671248134ea39bfd10401ee5fd825) C:\Windows\system32\Drivers\androidusb.sys
13:29:22.0258 3372 androidusb - ok
13:29:22.0429 3372 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:29:22.0429 3372 AntiVirSchedulerService - ok
13:29:22.0492 3372 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:29:22.0492 3372 AntiVirService - ok
13:29:22.0570 3372 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:29:22.0570 3372 Appinfo - ok
13:29:22.0663 3372 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
13:29:22.0663 3372 AppMgmt - ok
13:29:22.0741 3372 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:29:22.0741 3372 arc - ok
13:29:22.0804 3372 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:29:22.0819 3372 arcsas - ok
13:29:22.0882 3372 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:22.0882 3372 AsyncMac - ok
13:29:22.0928 3372 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:29:22.0928 3372 atapi - ok
13:29:23.0022 3372 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:23.0038 3372 AudioEndpointBuilder - ok
13:29:23.0053 3372 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:23.0053 3372 Audiosrv - ok
13:29:23.0116 3372 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:29:23.0116 3372 avgntflt - ok
13:29:23.0194 3372 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:29:23.0194 3372 avipbb - ok
13:29:23.0225 3372 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:29:23.0225 3372 avkmgr - ok
13:29:23.0381 3372 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:29:23.0396 3372 BCM43XV - ok
13:29:23.0428 3372 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:29:23.0443 3372 BCM43XX - ok
13:29:23.0490 3372 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:29:23.0490 3372 Beep - ok
13:29:23.0630 3372 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:29:23.0630 3372 BFE - ok
13:29:23.0786 3372 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:29:23.0818 3372 BITS - ok
13:29:23.0833 3372 blbdrive - ok
13:29:23.0896 3372 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:29:23.0896 3372 bowser - ok
13:29:23.0958 3372 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:29:23.0974 3372 BrFiltLo - ok
13:29:24.0005 3372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:29:24.0005 3372 BrFiltUp - ok
13:29:24.0067 3372 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:29:24.0083 3372 Browser - ok
13:29:24.0130 3372 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\Drivers\Brserid.sys
13:29:24.0145 3372 Brserid - ok
13:29:24.0176 3372 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:29:24.0176 3372 BrSerWdm - ok
13:29:24.0223 3372 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:29:24.0239 3372 BrUsbMdm - ok
13:29:24.0270 3372 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\Drivers\BrUsbSer.sys
13:29:24.0270 3372 BrUsbSer - ok
13:29:24.0332 3372 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:29:24.0348 3372 BthEnum - ok
13:29:24.0410 3372 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
13:29:24.0410 3372 BTHMODEM - ok
13:29:24.0488 3372 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:29:24.0488 3372 BthPan - ok
13:29:24.0598 3372 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:29:24.0629 3372 BTHPORT - ok
13:29:24.0676 3372 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:29:24.0676 3372 BthServ - ok
13:29:24.0722 3372 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:29:24.0738 3372 BTHUSB - ok
13:29:24.0754 3372 catchme - ok
13:29:24.0832 3372 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:29:24.0832 3372 cdfs - ok
13:29:24.0894 3372 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:29:24.0894 3372 cdrom - ok
13:29:24.0941 3372 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:24.0941 3372 CertPropSvc - ok
13:29:24.0988 3372 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:29:24.0988 3372 circlass - ok
13:29:25.0190 3372 CLCapSvc (9ee919b88977505bc3afd499ac2dd59b) C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
13:29:25.0190 3372 CLCapSvc - ok
13:29:25.0268 3372 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:29:25.0284 3372 CLFS - ok
13:29:25.0518 3372 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:25.0518 3372 clr_optimization_v2.0.50727_32 - ok
13:29:25.0565 3372 CLSched (0185bc0bebad66241c2b31e88d6f1f1f) C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
13:29:25.0565 3372 CLSched - ok
13:29:25.0612 3372 CLTNetCnService - ok
13:29:25.0690 3372 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:29:25.0705 3372 CmBatt - ok
13:29:25.0736 3372 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:29:25.0736 3372 cmdide - ok
13:29:25.0768 3372 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:29:25.0768 3372 Compbatt - ok
13:29:25.0783 3372 COMSysApp - ok
13:29:25.0799 3372 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:29:25.0814 3372 crcdisk - ok
13:29:25.0846 3372 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:29:25.0846 3372 Crusoe - ok
13:29:25.0924 3372 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:29:25.0924 3372 CryptSvc - ok
13:29:26.0017 3372 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:29:26.0048 3372 CSC - ok
13:29:26.0158 3372 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
13:29:26.0173 3372 CscService - ok
13:29:26.0251 3372 cvintdrv (cab213d4681fcfac9bf4e6d3b1ee4bfc) C:\Windows\system32\drivers\cvintdrv.sys
13:29:26.0251 3372 cvintdrv - ok
13:29:26.0392 3372 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:26.0423 3372 DcomLaunch - ok
13:29:26.0485 3372 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:29:26.0501 3372 DfsC - ok
13:29:26.0813 3372 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:29:26.0891 3372 DFSR - ok
13:29:27.0140 3372 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:29:27.0140 3372 Dhcp - ok
13:29:27.0250 3372 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:29:27.0265 3372 disk - ok
13:29:27.0343 3372 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:29:27.0343 3372 Dnscache - ok
13:29:27.0421 3372 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:29:27.0421 3372 dot3svc - ok
13:29:27.0484 3372 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:29:27.0484 3372 DPS - ok
13:29:27.0546 3372 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:29:27.0562 3372 drmkaud - ok
13:29:27.0686 3372 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
13:29:27.0702 3372 DXGKrnl - ok
13:29:27.0733 3372 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
13:29:27.0749 3372 E100B - ok
13:29:27.0811 3372 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:29:27.0827 3372 E1G60 - ok
13:29:27.0889 3372 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
13:29:27.0889 3372 eabfiltr - ok
13:29:27.0936 3372 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:29:27.0936 3372 EapHost - ok
13:29:28.0014 3372 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:29:28.0030 3372 Ecache - ok
13:29:28.0108 3372 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:29:28.0108 3372 elxstor - ok
13:29:28.0232 3372 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:29:28.0248 3372 EMDMgmt - ok
13:29:28.0357 3372 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:29:28.0357 3372 EventSystem - ok
13:29:28.0435 3372 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:29:28.0435 3372 exfat - ok
13:29:28.0498 3372 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:29:28.0498 3372 fastfat - ok
13:29:28.0622 3372 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
13:29:28.0638 3372 Fax - ok
13:29:28.0685 3372 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:29:28.0685 3372 fdc - ok
13:29:28.0747 3372 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:29:28.0747 3372 fdPHost - ok
13:29:28.0778 3372 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:29:28.0778 3372 FDResPub - ok
13:29:28.0825 3372 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:29:28.0825 3372 FileInfo - ok
13:29:28.0888 3372 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:29:28.0888 3372 Filetrace - ok
13:29:28.0919 3372 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:28.0919 3372 flpydisk - ok
13:29:29.0012 3372 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:29:29.0012 3372 FltMgr - ok
13:29:29.0184 3372 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:29:29.0231 3372 FontCache - ok
13:29:29.0309 3372 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:29.0309 3372 FontCache3.0.0.0 - ok
13:29:29.0356 3372 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:29:29.0356 3372 Fs_Rec - ok
13:29:29.0402 3372 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:29:29.0418 3372 gagp30kx - ok
13:29:29.0527 3372 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:29:29.0543 3372 gpsvc - ok
13:29:29.0605 3372 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
13:29:29.0605 3372 HBtnKey - ok
13:29:29.0668 3372 HdAudAddService (3aeee05bb25b8cc72b6e9aec0e6f394b) C:\Windows\system32\drivers\CHDART.sys
13:29:29.0668 3372 HdAudAddService - ok
13:29:29.0792 3372 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:29:29.0808 3372 HDAudBus - ok
13:29:29.0855 3372 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:29:29.0855 3372 HidBth - ok
13:29:29.0886 3372 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:29:29.0886 3372 HidIr - ok
13:29:29.0933 3372 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:29:29.0948 3372 hidserv - ok
13:29:29.0964 3372 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:29:29.0980 3372 HidUsb - ok
13:29:30.0011 3372 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:29:30.0026 3372 hkmsvc - ok
13:29:30.0104 3372 HP Health Check Service - ok
13:29:30.0151 3372 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:29:30.0151 3372 HpCISSs - ok
13:29:30.0260 3372 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:29:30.0276 3372 hpqwmiex - ok
13:29:30.0354 3372 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:29:30.0354 3372 HSFHWAZL - ok
13:29:30.0650 3372 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:29:30.0775 3372 HSF_DPV - ok
13:29:30.0853 3372 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:29:30.0853 3372 HSXHWAZL - ok
13:29:30.0947 3372 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:29:30.0947 3372 HTTP - ok
13:29:31.0009 3372 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:29:31.0009 3372 i2omp - ok
13:29:31.0118 3372 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:29:31.0118 3372 i8042prt - ok
13:29:31.0462 3372 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:29:31.0540 3372 ialm - ok
13:29:31.0758 3372 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:29:31.0774 3372 iaStorV - ok
13:29:31.0914 3372 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:29:31.0930 3372 IDriverT - ok
13:29:32.0132 3372 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:32.0242 3372 idsvc - ok
13:29:32.0756 3372 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:29:32.0788 3372 igfx - ok
13:29:32.0990 3372 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:29:32.0990 3372 iirsp - ok
13:29:33.0115 3372 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:29:33.0131 3372 IKEEXT - ok
13:29:33.0209 3372 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:29:33.0209 3372 intelide - ok
13:29:33.0287 3372 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:29:33.0287 3372 intelppm - ok
13:29:33.0334 3372 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:29:33.0334 3372 IPBusEnum - ok
13:29:33.0396 3372 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:33.0396 3372 IpFilterDriver - ok
13:29:33.0490 3372 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:29:33.0505 3372 iphlpsvc - ok
13:29:33.0505 3372 IpInIp - ok
13:29:33.0552 3372 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:29:33.0552 3372 IPMIDRV - ok
13:29:33.0614 3372 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:29:33.0630 3372 IPNAT - ok
13:29:33.0708 3372 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
13:29:33.0708 3372 irda - ok
13:29:33.0755 3372 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:29:33.0755 3372 IRENUM - ok
13:29:33.0817 3372 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
13:29:33.0817 3372 Irmon - ok
13:29:33.0864 3372 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:29:33.0864 3372 isapnp - ok
13:29:33.0926 3372 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:29:33.0942 3372 iScsiPrt - ok
13:29:33.0973 3372 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:29:33.0973 3372 iteatapi - ok
13:29:34.0004 3372 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:29:34.0004 3372 iteraid - ok
13:29:34.0067 3372 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:29:34.0067 3372 kbdclass - ok
13:29:34.0114 3372 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:29:34.0129 3372 kbdhid - ok
13:29:34.0160 3372 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:34.0176 3372 KeyIso - ok
13:29:34.0254 3372 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:29:34.0285 3372 KSecDD - ok
13:29:34.0379 3372 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:29:34.0379 3372 KtmRm - ok
13:29:34.0472 3372 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:29:34.0472 3372 LanmanServer - ok
13:29:34.0535 3372 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:29:34.0535 3372 LanmanWorkstation - ok
13:29:34.0613 3372 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:29:34.0613 3372 LightScribeService - ok
13:29:34.0769 3372 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\system32\lkcitdl.exe
13:29:34.0800 3372 LkCitadelServer - ok
13:29:34.0831 3372 lkClassAds (b07d786736e7b1719a90365911bc2d0a) C:\Windows\system32\lkads.exe
13:29:34.0831 3372 lkClassAds - ok
13:29:34.0862 3372 lkTimeSync (ab1faa47332ec2ee43bbfed7a6f0ea09) C:\Windows\system32\lktsrv.exe
13:29:34.0862 3372 lkTimeSync - ok
13:29:34.0972 3372 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:29:34.0972 3372 lltdio - ok
13:29:35.0034 3372 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:29:35.0050 3372 lltdsvc - ok
13:29:35.0096 3372 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:29:35.0096 3372 lmhosts - ok
13:29:35.0174 3372 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:29:35.0174 3372 LSI_FC - ok
13:29:35.0221 3372 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:29:35.0221 3372 LSI_SAS - ok
13:29:35.0284 3372 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:29:35.0284 3372 LSI_SCSI - ok
13:29:35.0346 3372 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:29:35.0346 3372 luafv - ok
13:29:35.0408 3372 lvalarmk (bad54f937b43f0e75db242c1f40c2dcf) C:\Windows\system32\drivers\lvalarmk.sys
13:29:35.0424 3372 lvalarmk - ok
13:29:35.0502 3372 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:29:35.0502 3372 mdmxsdk - ok
13:29:35.0549 3372 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:29:35.0549 3372 megasas - ok
13:29:35.0596 3372 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:29:35.0611 3372 MMCSS - ok
13:29:35.0674 3372 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:29:35.0674 3372 Modem - ok
13:29:35.0752 3372 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:29:35.0752 3372 monitor - ok
13:29:35.0830 3372 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:29:35.0830 3372 mouclass - ok
13:29:35.0845 3372 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:29:35.0861 3372 mouhid - ok
13:29:35.0908 3372 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:29:35.0908 3372 MountMgr - ok
13:29:35.0970 3372 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:29:35.0970 3372 mpio - ok
13:29:36.0032 3372 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:29:36.0032 3372 mpsdrv - ok
13:29:36.0142 3372 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:29:36.0157 3372 MpsSvc - ok
13:29:36.0204 3372 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:29:36.0204 3372 Mraid35x - ok
13:29:36.0251 3372 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:29:36.0251 3372 MRxDAV - ok
13:29:36.0313 3372 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:36.0313 3372 mrxsmb - ok
13:29:36.0391 3372 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:36.0391 3372 mrxsmb10 - ok
13:29:36.0422 3372 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:36.0438 3372 mrxsmb20 - ok
13:29:36.0485 3372 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
13:29:36.0500 3372 msahci - ok
13:29:36.0547 3372 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:29:36.0547 3372 msdsm - ok
13:29:36.0641 3372 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:29:36.0641 3372 MSDTC - ok
13:29:36.0703 3372 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:29:36.0719 3372 Msfs - ok
13:29:36.0781 3372 MSIRCOMM (11756768993106dd07861096fb97cdb8) C:\Windows\system32\DRIVERS\MSIRCOMM.sys
13:29:36.0781 3372 MSIRCOMM - ok
13:29:36.0844 3372 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:29:36.0844 3372 msisadrv - ok
13:29:36.0922 3372 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:29:36.0922 3372 MSiSCSI - ok
13:29:36.0937 3372 msiserver - ok
13:29:37.0000 3372 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:29:37.0000 3372 MSKSSRV - ok
13:29:37.0031 3372 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:37.0031 3372 MSPCLOCK - ok
13:29:37.0062 3372 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:29:37.0062 3372 MSPQM - ok
13:29:37.0140 3372 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:29:37.0156 3372 MsRPC - ok
13:29:37.0187 3372 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:29:37.0187 3372 mssmbios - ok
13:29:37.0234 3372 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:29:37.0234 3372 MSTEE - ok
13:29:37.0280 3372 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:29:37.0280 3372 Mup - ok
13:29:37.0452 3372 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files\National Instruments\MAX\nimxs.exe
13:29:37.0452 3372 mxssvr - ok
13:29:37.0546 3372 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:29:37.0561 3372 napagent - ok
13:29:37.0655 3372 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:29:37.0655 3372 NativeWifiP - ok
13:29:37.0764 3372 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:29:37.0795 3372 NDIS - ok
13:29:37.0842 3372 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:37.0842 3372 NdisTapi - ok
13:29:37.0920 3372 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:37.0920 3372 Ndisuio - ok
13:29:37.0951 3372 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:37.0967 3372 NdisWan - ok
13:29:38.0014 3372 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:29:38.0014 3372 NDProxy - ok
13:29:38.0045 3372 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:29:38.0045 3372 NetBIOS - ok
13:29:38.0107 3372 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:29:38.0123 3372 netbt - ok
13:29:38.0170 3372 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:38.0170 3372 Netlogon - ok
13:29:38.0232 3372 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:29:38.0248 3372 Netman - ok
13:29:38.0326 3372 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:29:38.0326 3372 netprofm - ok
13:29:38.0466 3372 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:38.0544 3372 NetTcpPortSharing - ok
13:29:38.0903 3372 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:29:39.0636 3372 NETw3v32 - ok
13:29:40.0837 3372 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:29:40.0884 3372 nfrd960 - ok
13:29:41.0274 3372 ni1006k (2ad3c955a4b2a0c82c1906f61cb297f8) C:\Windows\system32\drivers\ni1006k.sys
13:29:41.0274 3372 ni1006k - ok
13:29:41.0539 3372 ni1045k (f965ee798882b6ccf8de95af3dd18b7c) C:\Windows\system32\drivers\ni1045kl.sys
13:29:41.0539 3372 ni1045k - ok
13:29:41.0773 3372 ni1065k (a5cd3acbac593859ad03ed957b443760) C:\Windows\system32\drivers\ni1065k.sys
13:29:41.0773 3372 ni1065k - ok
13:29:42.0491 3372 NIApplicationWebServer (f0e38750822eecc47b9913c55990f86a) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
13:29:42.0491 3372 NIApplicationWebServer - ok
13:29:42.0850 3372 nicdcck (05ccfb06273f5262f3489b51d8acd842) C:\Windows\system32\drivers\nicdcckl.sys
13:29:42.0850 3372 nicdcck - ok
13:29:43.0021 3372 nicdrk (f96bdcf214ba8a022b5755815aff0291) C:\Windows\system32\drivers\nicdrkl.sys
13:29:43.0021 3372 nicdrk - ok
13:29:43.0099 3372 nicmrk (84fc85f11adc0d6b2d3ee3d983480c57) C:\Windows\system32\drivers\nicmrkl.sys
13:29:43.0099 3372 nicmrk - ok
13:29:43.0177 3372 nicondrk (4b2c3831dff8903d578d7249c2bee9c5) C:\Windows\system32\drivers\nicondrkl.sys
13:29:43.0177 3372 nicondrk - ok
13:29:43.0302 3372 nicsrk (bdb268ea24e4cb8a8941f30d0da7b330) C:\Windows\system32\drivers\nicsrkl.sys
13:29:43.0302 3372 nicsrk - ok
13:29:43.0411 3372 nidevldu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\system32\nipalsm.exe
13:29:43.0442 3372 nidevldu - ok
13:29:43.0567 3372 nidimk (dbdc2fa62c4c3f5d7d342d6a65038bb6) C:\Windows\system32\drivers\nidimkl.sys
13:29:43.0567 3372 nidimk - ok
13:29:43.0676 3372 nidmxfk (ae9f059f096ae4d4f5cd763bf9d2c398) C:\Windows\system32\drivers\nidmxfkl.sys
13:29:43.0676 3372 nidmxfk - ok
13:29:43.0910 3372 NIDomainService (908b9667f2fd7453cbcf3a2a0444dcc1) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
13:29:43.0926 3372 NIDomainService - ok
13:29:44.0269 3372 nidsark (22a518692d7f48df06d01df479b71a08) C:\Windows\system32\drivers\nidsarkl.sys
13:29:44.0800 3372 nidsark - ok
13:29:45.0533 3372 niemrk (e089b23113d95032586d4968fb244edc) C:\Windows\system32\drivers\niemrkl.sys
13:29:45.0845 3372 niemrk - ok
13:29:46.0796 3372 niesrk (fc8e566cf26c81a549102e6b148896b1) C:\Windows\system32\drivers\niesrkl.sys
13:29:46.0812 3372 niesrk - ok
13:29:46.0937 3372 NIEthernetDeviceEnumerator (ba1a836450696c575c50ca7f34cefb46) C:\Windows\system32\DRIVERS\niede.sys
13:29:46.0937 3372 NIEthernetDeviceEnumerator - ok
13:29:47.0030 3372 nifslk (6f7cf99dc965bdc803a4ff065cb97eeb) C:\Windows\system32\drivers\nifslkl.sys
13:29:47.0030 3372 nifslk - ok
13:29:47.0296 3372 NILM License Manager (aa8896bcd689851665efc02dc41181ac) C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
13:29:47.0389 3372 NILM License Manager - ok
13:29:47.0779 3372 nimdbgk (49b69c20542892a979e8afe86882128e) C:\Windows\system32\drivers\nimdbgkl.sys
13:29:47.0779 3372 nimdbgk - ok
13:29:47.0904 3372 nimDNSResponder (8fed4893cb017f81cd1769448ad567e5) C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
13:29:47.0904 3372 nimDNSResponder - ok
13:29:47.0966 3372 nimru2k (d3062798682fc3f042ddeaaa4f22ef6b) C:\Windows\system32\drivers\nimru2kl.sys
13:29:47.0966 3372 nimru2k - ok
13:29:48.0029 3372 nimsdrk (4eb0a47710213f27fe7bfe1ed4726458) C:\Windows\system32\drivers\nimsdrkl.sys
13:29:48.0029 3372 nimsdrk - ok
13:29:48.0044 3372 nimslk - ok
13:29:48.0107 3372 nimsrlk (acfd05455df010e85e0c8a56e9c255c3) C:\Windows\system32\drivers\nimsrlk.dll
13:29:48.0107 3372 nimsrlk - ok
13:29:48.0138 3372 nimstsk (2a3baeb77df0b91a1f50e68cda3299ff) C:\Windows\system32\drivers\nimstskl.sys
13:29:48.0138 3372 nimstsk - ok
13:29:48.0200 3372 nimxdfk (254fbf9c531cd52bc3feb2a11f9d64ba) C:\Windows\system32\drivers\nimxdfkl.sys
13:29:48.0200 3372 nimxdfk - ok
13:29:48.0232 3372 nimxpk (f2d036ab03203c50a2ad0a926df62e97) C:\Windows\system32\drivers\nimxpkl.sys
13:29:48.0232 3372 nimxpk - ok
13:29:48.0294 3372 NINetworkDiscovery (5ff602d7890da09f45811c3263f81264) C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
13:29:48.0294 3372 NINetworkDiscovery - ok
13:29:48.0325 3372 ninshsdk (839c73aa11b60e39b7fee9fe3e202371) C:\Windows\system32\drivers\ninshsdkl.sys
13:29:48.0325 3372 ninshsdk - ok
13:29:48.0341 3372 niorbk (c7c5e1bc40f52457e6c5d0d3d98da0bf) C:\Windows\system32\drivers\niorbkl.sys
13:29:48.0341 3372 niorbk - ok
13:29:48.0419 3372 nipalfwedl (198ca937f7b20bca38294922109ac8e4) C:\Windows\system32\drivers\nipalfwedl.sys
13:29:48.0419 3372 nipalfwedl - ok
13:29:48.0606 3372 NIPALK (4413132b1f64efc9571fa47854f188d7) C:\Windows\system32\drivers\nipalk.sys
13:29:48.0622 3372 NIPALK - ok
13:29:48.0668 3372 nipalusbedl (464baaaba44abe885df42e2394f2b4c5) C:\Windows\system32\drivers\nipalusbedl.sys
13:29:48.0668 3372 nipalusbedl - ok
13:29:48.0700 3372 nipbcfk (96c846ab33c383583282b0375b34e9d2) C:\Windows\system32\drivers\nipbcfk.sys
13:29:48.0700 3372 nipbcfk - ok
13:29:48.0762 3372 nipxibaf (487f469717ebdafe2b933a2c449d43de) C:\Windows\system32\drivers\nipxibaf.sys
13:29:48.0762 3372 nipxibaf - ok
13:29:48.0793 3372 nipxibrc (7518a39976162f0312e7714a1f5df4fe) C:\Windows\system32\drivers\nipxibrc.sys
13:29:48.0793 3372 nipxibrc - ok
13:29:48.0856 3372 nipxigpk (b4ecd797352ea807b0eea40c785f2b81) C:\Windows\system32\drivers\nipxigpk.sys
13:29:48.0856 3372 nipxigpk - ok
13:29:48.0887 3372 nipxirmk (f0fcdc8c6d6b97a4bb3e6ebdba917242) C:\Windows\system32\drivers\nipxirmkl.sys
13:29:48.0887 3372 nipxirmk - ok
13:29:48.0918 3372 nipxirmu (202c99caa68760832c472dfa4eac9252) C:\Windows\system32\nipxism.exe
13:29:48.0934 3372 nipxirmu - ok
13:29:48.0996 3372 niraptrk (4c48bfd518edbc849c7f7709fb69cab0) C:\Windows\system32\drivers\niraptrkl.sys
13:29:48.0996 3372 niraptrk - ok
13:29:49.0027 3372 niscdk (179dc92cb67bf63a096e002b60038516) C:\Windows\system32\drivers\niscdkl.sys
13:29:49.0027 3372 niscdk - ok
13:29:49.0058 3372 nisdigk (b44a7b25cc36709a493edd8a65733d13) C:\Windows\system32\drivers\nisdigkl.sys
13:29:49.0058 3372 nisdigk - ok
13:29:49.0121 3372 nisftk (c593d261f69fe7054ec286da864b02e8) C:\Windows\system32\drivers\nisftkl.sys
13:29:49.0121 3372 nisftk - ok
13:29:49.0136 3372 nispdk (7303c44805909d3f661f9c1057faf337) C:\Windows\system32\drivers\nispdkl.sys
13:29:49.0152 3372 nispdk - ok
13:29:49.0199 3372 nissrk (c2cdfc82bb790e487125355a5f3bca94) C:\Windows\system32\drivers\nissrkl.sys
13:29:49.0214 3372 nissrk - ok
13:29:49.0246 3372 nistc2k (f3e81b7b92dd962e674018c810a3025e) C:\Windows\system32\drivers\nistc2kl.sys
13:29:49.0246 3372 nistc2k - ok
13:29:49.0292 3372 nistc3rk (6231e610ec25fd03393af60ae7dcc4ae) C:\Windows\system32\drivers\nistc3rkl.sys
13:29:49.0308 3372 nistc3rk - ok
13:29:49.0324 3372 nistcrk (486cdedd9f731477efb9b9c64ad1eb86) C:\Windows\system32\drivers\nistcrkl.sys
13:29:49.0324 3372 nistcrk - ok
13:29:49.0480 3372 niSvcLoc (fc87856060bd0b667d2086b7050240a3) C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
13:29:49.0480 3372 niSvcLoc - ok
13:29:49.0542 3372 niswdk (d9b399728a030fcdbb07951a48d0698d) C:\Windows\system32\drivers\niswdkl.sys
13:29:49.0542 3372 niswdk - ok
13:29:49.0698 3372 NITaggerService (4dc8c4ec1f9637110142c7d65ffb40e5) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
13:29:49.0729 3372 NITaggerService - ok
13:29:49.0760 3372 nitiork (978b7b746f63e1d731fb3dc6abc68ec3) C:\Windows\system32\drivers\nitiorkl.sys
13:29:49.0760 3372 nitiork - ok
13:29:49.0823 3372 niufurk (96a17dd25b133a959fee4d73a3102436) C:\Windows\system32\drivers\niufurkl.sys
13:29:49.0823 3372 niufurk - ok
13:29:49.0870 3372 niwfrk (66079987ddce60732a7ae7d9dfb1834a) C:\Windows\system32\drivers\niwfrkl.sys
13:29:49.0870 3372 niwfrk - ok
13:29:49.0901 3372 nixsrk (803de3780c7c1946efab32a09a93eccc) C:\Windows\system32\drivers\nixsrkl.sys
13:29:49.0901 3372 nixsrk - ok
13:29:49.0963 3372 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:29:49.0963 3372 NlaSvc - ok
13:29:50.0026 3372 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:29:50.0041 3372 Npfs - ok
13:29:50.0088 3372 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:29:50.0088 3372 nsi - ok
13:29:50.0135 3372 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:29:50.0135 3372 nsiproxy - ok
13:29:50.0353 3372 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:29:50.0400 3372 Ntfs - ok
13:29:50.0447 3372 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:29:50.0447 3372 ntrigdigi - ok
13:29:50.0494 3372 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:29:50.0509 3372 Null - ok
13:29:50.0556 3372 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:29:50.0556 3372 nvraid - ok
13:29:50.0618 3372 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:29:50.0618 3372 nvstor - ok
13:29:50.0665 3372 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:29:50.0665 3372 nv_agp - ok
13:29:50.0696 3372 NwlnkFlt - ok
13:29:50.0712 3372 NwlnkFwd - ok
13:29:50.0868 3372 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:29:50.0915 3372 odserv - ok
13:29:50.0993 3372 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
13:29:51.0008 3372 ohci1394 - ok
13:29:51.0071 3372 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\Windows\system32\OpcEnum.exe
13:29:51.0086 3372 OpcEnum - ok
13:29:51.0164 3372 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:29:51.0164 3372 ose - ok
13:29:51.0320 3372 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:51.0352 3372 p2pimsvc - ok
13:29:51.0367 3372 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:51.0383 3372 p2psvc - ok
13:29:51.0414 3372 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:29:51.0414 3372 Parport - ok
13:29:51.0476 3372 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:29:51.0492 3372 partmgr - ok
13:29:51.0523 3372 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:29:51.0523 3372 Parvdm - ok
13:29:51.0586 3372 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:29:51.0586 3372 PcaSvc - ok
13:29:51.0632 3372 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:29:51.0632 3372 pci - ok
13:29:51.0664 3372 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
13:29:51.0679 3372 pciide - ok
13:29:51.0742 3372 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:29:51.0742 3372 pcmcia - ok
13:29:51.0913 3372 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:29:51.0944 3372 PEAUTH - ok
13:29:52.0210 3372 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:29:52.0272 3372 pla - ok
13:29:52.0475 3372 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:29:52.0490 3372 PlugPlay - ok
13:29:52.0615 3372 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:52.0631 3372 PNRPAutoReg - ok
13:29:52.0646 3372 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:52.0662 3372 PNRPsvc - ok
13:29:52.0724 3372 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:29:52.0740 3372 PolicyAgent - ok
13:29:52.0896 3372 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:52.0896 3372 PptpMiniport - ok
13:29:52.0958 3372 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:29:52.0958 3372 Processor - ok
13:29:53.0036 3372 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:29:53.0036 3372 ProfSvc - ok
13:29:53.0099 3372 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:53.0099 3372 ProtectedStorage - ok
13:29:53.0161 3372 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:29:53.0177 3372 PSched - ok
13:29:53.0239 3372 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
13:29:53.0239 3372 PxHelp20 - ok
13:29:53.0442 3372 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:29:53.0504 3372 ql2300 - ok
13:29:53.0567 3372 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:29:53.0567 3372 ql40xx - ok
13:29:53.0692 3372 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:29:53.0692 3372 QWAVE - ok
13:29:53.0754 3372 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:29:53.0754 3372 QWAVEdrv - ok
13:29:53.0832 3372 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:53.0832 3372 RasAcd - ok
13:29:53.0894 3372 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:29:53.0894 3372 RasAuto - ok
13:29:53.0988 3372 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:53.0988 3372 Rasl2tp - ok
13:29:54.0128 3372 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:29:54.0144 3372 RasMan - ok
13:29:54.0206 3372 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:54.0206 3372 RasPppoe - ok
13:29:54.0284 3372 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:54.0284 3372 RasSstp - ok
13:29:54.0425 3372 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:54.0425 3372 rdbss - ok
13:29:54.0534 3372 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:54.0550 3372 RDPCDD - ok
13:29:54.0643 3372 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:29:54.0659 3372 rdpdr - ok
13:29:54.0706 3372 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:29:54.0706 3372 RDPENCDD - ok
13:29:54.0815 3372 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:29:54.0830 3372 RDPWD - ok
13:29:54.0893 3372 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:29:54.0893 3372 RemoteAccess - ok
13:29:55.0049 3372 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:29:55.0049 3372 RemoteRegistry - ok
13:29:55.0174 3372 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:29:55.0174 3372 RFCOMM - ok
13:29:55.0252 3372 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:29:55.0252 3372 rimmptsk - ok
13:29:55.0345 3372 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:29:55.0345 3372 rimsptsk - ok
13:29:55.0361 3372 RimUsb - ok
13:29:55.0501 3372 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
13:29:55.0501 3372 RimVSerPort - ok
13:29:55.0610 3372 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:29:55.0610 3372 rismxdp - ok
13:29:55.0720 3372 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
13:29:55.0720 3372 ROOTMODEM - ok
13:29:55.0813 3372 RoxLiveShare9 - ok
13:29:55.0891 3372 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:29:55.0891 3372 RpcLocator - ok
13:29:56.0125 3372 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:56.0125 3372 RpcSs - ok
13:29:56.0266 3372 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:56.0266 3372 rspndr - ok
13:29:56.0422 3372 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:56.0422 3372 SamSs - ok
13:29:56.0531 3372 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:29:56.0531 3372 sbp2port - ok
13:29:56.0656 3372 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:29:56.0656 3372 SCardSvr - ok
13:29:56.0874 3372 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:29:56.0890 3372 Schedule - ok
13:29:57.0046 3372 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:57.0046 3372 SCPolicySvc - ok
13:29:57.0170 3372 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
13:29:57.0186 3372 sdbus - ok
13:29:57.0326 3372 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:29:57.0326 3372 SDRSVC - ok
13:29:57.0498 3372 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:29:57.0498 3372 secdrv - ok
13:29:57.0638 3372 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:29:57.0638 3372 seclogon - ok
13:29:57.0763 3372 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:29:57.0763 3372 SENS - ok
13:29:57.0872 3372 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:29:57.0872 3372 Serenum - ok
13:29:57.0935 3372 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:29:57.0950 3372 Serial - ok
13:29:58.0060 3372 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:29:58.0075 3372 sermouse - ok
13:29:58.0309 3372 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:29:58.0309 3372 ServiceLayer - ok
13:29:58.0434 3372 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:29:58.0450 3372 SessionEnv - ok
13:29:58.0606 3372 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:29:58.0606 3372 sffdisk - ok
13:29:58.0715 3372 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:58.0715 3372 sffp_mmc - ok
13:29:58.0777 3372 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:29:58.0777 3372 sffp_sd - ok
13:29:58.0902 3372 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:29:58.0902 3372 sfloppy - ok
13:29:59.0167 3372 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:29:59.0167 3372 SharedAccess - ok
13:29:59.0276 3372 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
13:29:59.0276 3372 ShellHWDetection - ok
13:29:59.0323 3372 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:29:59.0323 3372 sisagp - ok
13:29:59.0448 3372 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:29:59.0448 3372 SiSRaid2 - ok
13:29:59.0542 3372 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:29:59.0542 3372 SiSRaid4 - ok
13:30:00.0072 3372 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:30:00.0197 3372 slsvc - ok
13:30:00.0400 3372 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:30:00.0415 3372 SLUINotify - ok
13:30:00.0602 3372 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:30:00.0602 3372 Smb - ok
13:30:00.0680 3372 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:30:00.0680 3372 SNMPTRAP - ok
13:30:00.0727 3372 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:30:00.0727 3372 spldr - ok
13:30:00.0790 3372 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:30:00.0790 3372 Spooler - ok
13:30:00.0883 3372 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:30:01.0008 3372 srv - ok
13:30:01.0070 3372 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:30:01.0086 3372 srv2 - ok
13:30:01.0117 3372 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:30:01.0117 3372 srvnet - ok
13:30:01.0180 3372 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:30:01.0195 3372 SSDPSRV - ok
13:30:01.0273 3372 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:30:01.0273 3372 ssmdrv - ok
13:30:01.0351 3372 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:30:01.0351 3372 SstpSvc - ok
13:30:01.0429 3372 STIrUsb (2fd8d04caea633365564324282056abc) C:\Windows\system32\DRIVERS\irstusb.sys
13:30:01.0429 3372 STIrUsb - ok
13:30:01.0616 3372 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:30:01.0616 3372 stisvc - ok
13:30:01.0772 3372 stllssvr (b254b1434208f280edf3785613dcc41b) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:30:01.0772 3372 stllssvr - ok
13:30:01.0835 3372 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:30:01.0835 3372 swenum - ok
13:30:01.0928 3372 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:30:01.0928 3372 swprv - ok
13:30:01.0975 3372 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:30:01.0975 3372 Symc8xx - ok
13:30:02.0006 3372 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:30:02.0022 3372 Sym_hi - ok
13:30:02.0069 3372 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:30:02.0069 3372 Sym_u3 - ok
13:30:02.0178 3372 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
13:30:02.0178 3372 SynTP - ok
13:30:02.0318 3372 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:30:02.0381 3372 SysMain - ok
13:30:02.0428 3372 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:30:02.0428 3372 TabletInputService - ok
13:30:02.0552 3372 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:30:02.0552 3372 TapiSrv - ok
13:30:02.0630 3372 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:30:02.0630 3372 TBS - ok
13:30:02.0818 3372 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:30:02.0864 3372 Tcpip - ok
13:30:02.0896 3372 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:30:02.0896 3372 Tcpip6 - ok
13:30:02.0958 3372 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:30:02.0958 3372 tcpipreg - ok
13:30:03.0005 3372 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:30:03.0005 3372 TDPIPE - ok
13:30:03.0083 3372 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:30:03.0098 3372 TDTCP - ok
13:30:03.0145 3372 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:30:03.0145 3372 tdx - ok
13:30:03.0192 3372 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:30:03.0208 3372 TermDD - ok
13:30:03.0317 3372 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:30:03.0332 3372 TermService - ok
13:30:03.0410 3372 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
13:30:03.0410 3372 Themes - ok
13:30:03.0551 3372 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:30:03.0566 3372 THREADORDER - ok
13:30:03.0629 3372 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:30:03.0629 3372 TrkWks - ok
13:30:03.0754 3372 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:30:03.0754 3372 TrustedInstaller - ok
13:30:03.0816 3372 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:03.0816 3372 tssecsrv - ok
13:30:03.0910 3372 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:30:03.0910 3372 tunmp - ok
13:30:03.0941 3372 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:30:03.0956 3372 tunnel - ok
13:30:04.0003 3372 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:30:04.0003 3372 uagp35 - ok
13:30:04.0066 3372 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:30:04.0066 3372 udfs - ok
13:30:04.0144 3372 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:30:04.0144 3372 UI0Detect - ok
13:30:04.0159 3372 UIUSys - ok
13:30:04.0190 3372 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:30:04.0190 3372 uliagpkx - ok
13:30:04.0253 3372 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:30:04.0253 3372 uliahci - ok
13:30:04.0300 3372 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:30:04.0300 3372 UlSata - ok
13:30:04.0346 3372 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:30:04.0346 3372 ulsata2 - ok
13:30:04.0424 3372 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:30:04.0424 3372 umbus - ok
13:30:04.0518 3372 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
13:30:04.0534 3372 UmRdpService - ok
13:30:04.0612 3372 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:30:04.0612 3372 upnphost - ok
13:30:04.0643 3372 usb6xxxk - ok
13:30:04.0705 3372 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:30:04.0721 3372 usbccgp - ok
13:30:04.0783 3372 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:30:04.0783 3372 usbcir - ok
13:30:04.0846 3372 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:30:04.0846 3372 usbehci - ok
13:30:04.0892 3372 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:30:04.0908 3372 usbhub - ok
13:30:04.0955 3372 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:30:04.0955 3372 usbohci - ok
13:30:04.0986 3372 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:30:04.0986 3372 usbprint - ok
13:30:05.0064 3372 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:30:05.0064 3372 usbscan - ok
13:30:05.0095 3372 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:30:05.0095 3372 USBSTOR - ok
13:30:05.0173 3372 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:30:05.0173 3372 usbuhci - ok
13:30:05.0267 3372 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:30:05.0267 3372 UxSms - ok
13:30:05.0376 3372 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:30:05.0376 3372 vds - ok
13:30:05.0438 3372 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:30:05.0454 3372 vga - ok
13:30:05.0516 3372 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:30:05.0516 3372 VgaSave - ok
13:30:05.0594 3372 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:30:05.0594 3372 viaagp - ok
13:30:05.0657 3372 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:30:05.0657 3372 ViaC7 - ok
13:30:05.0704 3372 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:30:05.0704 3372 viaide - ok
13:30:05.0766 3372 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:30:05.0782 3372 volmgr - ok
13:30:05.0860 3372 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:30:05.0875 3372 volmgrx - ok
13:30:05.0953 3372 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:30:05.0953 3372 volsnap - ok
13:30:06.0016 3372 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:30:06.0016 3372 vsmraid - ok
13:30:06.0187 3372 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:30:06.0234 3372 VSS - ok
13:30:06.0343 3372 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:30:06.0343 3372 W32Time - ok
13:30:06.0484 3372 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:30:06.0484 3372 WacomPen - ok
13:30:06.0593 3372 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:06.0593 3372 Wanarp - ok
13:30:06.0608 3372 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:06.0608 3372 Wanarpv6 - ok
13:30:06.0780 3372 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
13:30:06.0811 3372 wbengine - ok
13:30:06.0967 3372 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:30:06.0983 3372 wcncsvc - ok
13:30:07.0014 3372 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:30:07.0014 3372 WcsPlugInService - ok
13:30:07.0108 3372 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:30:07.0108 3372 Wd - ok
13:30:07.0201 3372 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:30:07.0217 3372 Wdf01000 - ok
13:30:07.0279 3372 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:30:07.0279 3372 WdiServiceHost - ok
13:30:07.0295 3372 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:30:07.0295 3372 WdiSystemHost - ok
13:30:07.0388 3372 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:30:07.0388 3372 WebClient - ok
13:30:07.0435 3372 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
13:30:07.0435 3372 Wecsvc - ok
13:30:07.0498 3372 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:30:07.0498 3372 wercplsupport - ok
13:30:07.0591 3372 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:30:07.0591 3372 WerSvc - ok
13:30:07.0716 3372 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:30:07.0747 3372 winachsf - ok
13:30:07.0888 3372 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:30:07.0919 3372 WinDefend - ok
13:30:07.0934 3372 WinHttpAutoProxySvc - ok
13:30:08.0059 3372 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:30:08.0059 3372 Winmgmt - ok
13:30:08.0231 3372 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
13:30:08.0262 3372 WinRM - ok
13:30:08.0434 3372 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:30:08.0449 3372 Wlansvc - ok
13:30:08.0543 3372 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:30:08.0543 3372 WmiAcpi - ok
13:30:08.0636 3372 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:30:08.0636 3372 wmiApSrv - ok
13:30:08.0870 3372 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:08.0917 3372 WMPNetworkSvc - ok
13:30:08.0980 3372 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:30:08.0980 3372 WPDBusEnum - ok
13:30:09.0058 3372 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:30:09.0058 3372 WpdUsb - ok
13:30:09.0104 3372 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:30:09.0104 3372 ws2ifsl - ok
13:30:09.0151 3372 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:30:09.0167 3372 wscsvc - ok
13:30:09.0182 3372 WSearch - ok
13:30:09.0510 3372 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:30:09.0572 3372 wuauserv - ok
13:30:09.0900 3372 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:09.0900 3372 WUDFRd - ok
13:30:09.0962 3372 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:30:09.0962 3372 wudfsvc - ok
13:30:10.0009 3372 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
13:30:10.0009 3372 XAudio - ok
13:30:10.0087 3372 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
13:30:10.0087 3372 XAudioService - ok
13:30:10.0150 3372 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
13:30:10.0196 3372 \Device\Harddisk0\DR0 - ok
13:30:10.0196 3372 Boot (0x1200) (16bd98dc1cccdfd20a6d94c939c25bb6) \Device\Harddisk0\DR0\Partition0
13:30:10.0212 3372 \Device\Harddisk0\DR0\Partition0 - ok
13:30:10.0212 3372 Boot (0x1200) (663423f8f0f4804237259060cca621e9) \Device\Harddisk0\DR0\Partition1
13:30:10.0228 3372 \Device\Harddisk0\DR0\Partition1 - ok
13:30:10.0228 3372 ============================================================
13:30:10.0228 3372 Scan finished
13:30:10.0228 3372 ============================================================
13:30:10.0259 2092 Detected object count: 0
13:30:10.0259 2092 Actual detected object count: 0

------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 13:31:09
-----------------------------
13:31:09.898 OS Version: Windows 6.0.6002 Service Pack 2
13:31:09.913 Number of processors: 1 586 0xE08
13:31:09.913 ComputerName: WRITINGLAPTOP UserName: Leela
13:31:11.255 Initialize success
13:34:28.178 AVAST engine defs: 12052601
13:34:37.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:34:37.148 Disk 0 Vendor: FUJITSU_MHV2060BH_PL 892C Size: 57241MB BusType: 3
13:34:37.163 Disk 0 MBR read successfully
13:34:37.163 Disk 0 MBR scan
13:34:37.195 Disk 0 unknown MBR code
13:34:37.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50971 MB offset 63
13:34:37.241 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6267 MB offset 104390370
13:34:37.257 Disk 0 scanning sectors +117226305
13:34:37.351 Disk 0 scanning C:\Windows\system32\drivers
13:35:07.131 Service scanning
13:35:50.405 Modules scanning
13:36:00.280 Disk 0 trace - called modules:
13:36:00.311 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll
13:36:00.327 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8b1f0]
13:36:00.343 3 CLASSPNP.SYS[885558b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84c4a030]
13:36:01.201 AVAST engine scan C:\Windows
13:36:06.208 AVAST engine scan C:\Windows\system32
13:42:23.369 AVAST engine scan C:\Windows\system32\drivers
13:42:53.665 AVAST engine scan C:\Users\Leela
13:59:55.886 AVAST engine scan C:\ProgramData
14:01:41.139 Scan finished successfully
14:06:19.973 Disk 0 MBR has been saved successfully to "C:\Users\Leela\Desktop\MBR.dat"
14:06:19.973 The log file has been saved successfully to "C:\Users\Leela\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 AM

Posted 26 May 2012 - 04:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users