Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect pages + blue screen=only able to open windows in safe mode.


  • This topic is locked This topic is locked
25 replies to this topic

#1 speed31982

speed31982

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 12 June 2012 - 12:23 PM

So I just started getting redirects on any link i would open. Followed by the blue screen that showed a bunch of errors that most were out of the screen to see. After that the computer would get to the screen showing the user accounts but upon clicking they would just freeze. The only way to get past that screen is to be in safe mode. I followed the beginning steps and downloaded the malware removal software that found about 21 infected files and then fixed them. Did another sweep which found none. Still will not work. I had to paste the logs because the computer will not let me resave any files in safe mode right now.


DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23 Run by Jordan at 23:33:21 on 2012-06-11 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1043 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = <local>;192.168.*.* mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425092625.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe uRun: [MySpaceIM] "c:\program files\myspace\im\MySpaceIM.exe" uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRunOnce: [RegistryDefrag] c:\program files\avg\avg pc tuneup 2011\registrydefrag.exe -report mRun: [<NO NAME>] mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AprvRemoveLegacyWordKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\word\addins\OfficeAddIn.OfficeAddIn mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe" mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\approv~1.lnk - c:\windows\installer\{4e01b649-0023-4eb5-9263-57de317c3418}\Icon9557F1BC1.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: army.mil\tamis Trusted Zone: army.mil\us Trusted Zone: army.mil\www.us Trusted Zone: mcafee.com\home Trusted Zone: newcelica.org\www Trusted Zone: umuc.edu\tychousa12 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{4CEBAB25-82E1-459E-8A52-AE63628DACB4} : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{4E2781EE-725A-41D5-9B50-1954A29935F1} : DhcpNameServer = 65.24.7.10 65.24.7.11 TCP: Interfaces\{AEF93E36-5E83-4022-808A-9DA717B4D3B6} : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\jcc36pvt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30046&client_id=8808116c0977d888f94cc4af&camp_id=2988&install_time=2011-09-12T22:50:51Z&pr=auto&tb_version=1.0.9000(G)&q= FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\windows\system32\c2mp\npdivx32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-16 464304] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-16 64912] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-7 169608] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-16 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-16 151880] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-16 340920] R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2011-6-16 59520] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-16 166288] S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088] S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2011-1-25 17408] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-19 24652] S2 WirelessUSB;WirelessUSB;c:\program files\cnet\wireless lan driver and utility\RtlService.exe [2011-2-7 36864] S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-16 57600] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-14 1840128] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576] S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\drivers\libusb0.sys [2010-6-29 28160] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22344] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-16 180848] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-16 59456] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-16 87656] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120] S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2009-1-2 256000] S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-25 27192] S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2011-2-11 693760] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-16 84072] . =============== Created Last 30 ================ . 6/12/2012 3:32 6/12/2012 1:25 6/12/2012 1:25 6/12/2012 1:25 6/12/2012 1:25 6/11/2012 16:59 6/10/2012 1:45 6/10/2012 1:42 6/9/2012 20:45 6/7/2012 12:57 6/7/2012 12:43 6/7/2012 12:43 5/17/2012 3:22 . ==================== Find3M ==================== . 4/3/2012 8:16 4/3/2012 8:16 4/2/2012 13:36 3/30/2012 12:39 3/20/2012 23:28 3/20/2012 17:11 3/15/2012 10:10 . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: ST332082 rev.3.AA -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x877E04B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x877e793c]; MOV EAX, [0x877e7ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x84057936] -> \Device\Harddisk0\DR0[0x876E5AC8] 3 CLASSPNP[0x84BA18B3] -> ntkrnlpa!IofCallDriver[0x84057936] -> [0x87185258] 5 acpi[0x806116BC] -> ntkrnlpa!IofCallDriver[0x84057936] -> [0x87185C90] \Driver\nvstor32[0x8776F528] -> IRP_MJ_CREATE -> 0x877E04B1 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } detected disk devices: \Device\0000006d -> \??\SCSI#Disk&Ven_ST332082&Prod_0AS#4&1ccb373b&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 23:34:34.58 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/14/2007 4:30:20 PM System Uptime: 6/11/2012 9:36:43 PM (2 hours ago) . Motherboard: ELITEGROUP | | C51PVGM-M Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/201mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 164.635 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.89 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 aaa AccessPORT Driver 1.2.2 AccessPORT Manager 2.0.1.5 AccessTUNER Race - MAZDASPEED USDM 2007-2008 MAZDASPEED3 (Cali-Fed.) 1.9.1.0-3024 Activation Assistant for the 2007 Microsoft Office suites ActivClient CAC x86 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Lightroom 3 Adobe Reader 8.1.2 AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update ApproveIt Desktop ArcSoft PhotoImpression 6 ArcSoft Print Creations Avanquest update AVG PC Tuneup 2011 10.0.0.24 BitTorrent Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CNet Wireless LAN Driver and Utility D-i-v-X AVI Codec Pack Pro 2.4.0 Digital Media Reader Download Updater (AOL LLC) DVDFab 8.0.6.8 (05/01/2011) DVDFab 8.0.9.2 (12/05/2011) Qt EPSON CX7400 User's Guide EPSON Printer Software EPSON Scan EPSON Stylus CX7400 Series Scanner Driver Update Gateway Connect Gateway Recovery Center Installer Google Desktop Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HTC Driver Installer HTC Sync IBM Lotus Forms Viewer 3.5.1 iTunes Java Auto Updater Java™ 6 Update 23 Java™ SE Runtime Environment 6 Update 1 LabSim Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC Logitech Desktop Messenger Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes Anti-Malware version 1.61.0.1400 McAfee AntiVirus Plus Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Web Platform Installer 3.0 Microsoft Works Microsoft WSE 2.0 SP3 Runtime MotoHelper 2.0.51 Driver 5.1.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.1.0 Motorola Phone Tools Mozilla Firefox 13.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers Power2Go 5.0 Quick Web Player QuickTime Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Revo Uninstaller Pro 2.5.3 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Click to Call Skype™ 5.5 Soft Data Fax Modem with SmartCP Spare Backup Sprint SmartView SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Viewer_armyifx Viewpoint Media Player Windows 7 Upgrade Advisor Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 6/9/2012 9:42:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/9/2012 9:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/9/2012 9:04:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:04:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/9/2012 9:03:03 PM, Error: EventLog [6008] - The previous system shutdown at 9:01:05 PM on 6/9/2012 was unexpected. 6/9/2012 8:08:15 PM, Error: EventLog [6008] - The previous system shutdown at 8:05:52 PM on 6/9/2012 was unexpected. 6/9/2012 4:49:02 PM, Error: EventLog [6008] - The previous system shutdown at 4:45:40 PM on 6/9/2012 was unexpected. 6/9/2012 10:17:19 PM, Error: EventLog [6008] - The previous system shutdown at 10:14:49 PM on 6/9/2012 was unexpected. 6/6/2012 9:29:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/11/2012 9:57:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 6/11/2012 9:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/11/2012 9:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/11/2012 9:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 6/11/2012 9:38:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bjrtwkl SASDIFSV SASKUTIL spldr Wanarpv6 6/11/2012 9:38:44 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2012 9:38:44 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2012 9:38:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2012 9:38:09 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode . 6/11/2012 9:38:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 6/11/2012 9:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81} 6/11/2012 9:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 6/11/2012 9:10:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/11/2012 9:08:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6 6/11/2012 9:07:04 PM, Error: EventLog [6008] - The previous system shutdown at 9:04:54 PM on 6/11/2012 was unexpected. 6/11/2012 7:19:51 PM, Error: Service Control Manager [7022] - The Windows Media Player Network Sharing Service service hung on starting. 6/11/2012 7:17:46 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting. 6/11/2012 7:15:41 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting. 6/11/2012 7:13:36 PM, Error: Service Control Manager [7022] - The McAfee Services service hung on starting. 6/11/2012 7:09:30 PM, Error: Service Control Manager [7022] - The Yahoo! Updater service hung on starting. 6/11/2012 7:09:30 PM, Error: Service Control Manager [7022] - The Process Monitor service hung on starting. 6/11/2012 7:08:09 PM, Error: Service Control Manager [7022] - The ActivIdentity Shared Store Service service hung on starting. 6/11/2012 7:06:03 PM, Error: EventLog [6008] - The previous system shutdown at 7:04:11 PM on 6/11/2012 was unexpected. 6/11/2012 2:24:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:22:06 PM on 6/11/2012 was unexpected. 6/11/2012 2:00:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/11/2012 12:53:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 6/11/2012 12:44:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:42:00 PM on 6/11/2012 was unexpected. 6/11/2012 12:42:00 PM, Error: EventLog [6008] - The previous system shutdown at 12:39:58 PM on 6/11/2012 was unexpected. 6/10/2012 9:24:10 PM, Error: EventLog [6008] - The previous system shutdown at 9:20:38 PM on 6/10/2012 was unexpected. 6/10/2012 12:17:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} 6/10/2012 12:11:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/10/2012 12:11:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/10/2012 12:10:27 PM, Error: EventLog [6008] - The previous system shutdown at 12:08:31 PM on 6/10/2012 was unexpected. 6/10/2012 11:22:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/10/2012 11:22:35 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 6/10/2012 10:44:48 AM, Error: EventLog [6008] - The previous system shutdown at 10:19:06 PM on 6/9/2012 was unexpected. . ==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 17 June 2012 - 12:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/456766 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 17 June 2012 - 06:45 PM

Hello, and welcome to BC!!! :thumbsup:

My name is bloopie, and I'll be helping you as best I can!

A few things to keep in mind while we are working together:

Please, when posting logs, make sure you have "Word Wrap" --off-- (with notepad and log open, please click Format at the top of the screen, then click Word Wrap from the dropdown menu to change).

Your log is very hard to read the way it is now. Also, please do not attach any logs. Copy and paste them here for ease of reading. :thumbup2:

=========

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.
  • And finally, please make no further changes to your machine unless instructed to do so, as this could hamper the cleaning process!!

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results (and make sure Word Wrap is off please).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


==========

I followed the beginning steps and downloaded the malware removal software that found about 21 infected files and then fixed them.


Are you referring to Malwarebytes AntiMalware? If so, please also provide that logfile. It can be found by running the program, and clicking the Logs tab at the top. Under which you can find you're most recent logfile as per the dates. Copy and paste the most recent log here.

bloopie

#4 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 18 June 2012 - 12:42 PM

Previously I could only run the computer in Safe mode... the following logs I was able to get in Normal Mode.

I am still getting redirection on any search engine, even after running MBAM numerous times in quick or full scan and coming up with no infections.

Attached Files



#5 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 18 June 2012 - 09:17 PM


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Jordan at 15:25:47 on 2012-06-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1033 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
"uInternet Settings,ProxyOverride = <local>;192.168.*.*"
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425092625.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
mRun: [<NO NAME>]
"mRun: [Malwarebytes' Anti-Malware] ""c:\program files\malwarebytes' anti-malware\mbamgui.exe"" /starttray"
"dRun: [msnmsgr] ""c:\program files\windows live\messenger\msnmsgr.exe"" /background"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: army.mil\tamis
Trusted Zone: army.mil\us
Trusted Zone: army.mil\www.us
Trusted Zone: mcafee.com\home
Trusted Zone: newcelica.org\www
Trusted Zone: umuc.edu\tychousa12
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4CEBAB25-82E1-459E-8A52-AE63628DACB4} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4E2781EE-725A-41D5-9B50-1954A29935F1} : DhcpNameServer = 65.24.7.10 65.24.7.11
TCP: Interfaces\{AEF93E36-5E83-4022-808A-9DA717B4D3B6} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\jcc36pvt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30046&client_id=8808116c0977d888f94cc4af&camp_id=2988&install_time=2011-09-12T22:50:51Z&pr=auto&tb_version=1.0.9000(G)&q=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? bjrtwkl;bjrtwkl
R? CASprint;Sprint Con App Svc
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590
R? HTCAND32;HTC Device Driver
"R? libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0"
R? mferkdet;McAfee Inc. mferkdet
R? mfetdi2k;McAfee Inc. mfetdi2k
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? motport;Motorola USB Diagnostic Port
R? MozillaMaintenance;Mozilla Maintenance Service
R? netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista
R? NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista
R? Revoflt;Revoflt
R? RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? ac.sharedstore;ActivIdentity Shared Store Service
S? cfwids;McAfee Inc. cfwids
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McShield;McAfee McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MotoHelper;MotoHelper Service
S? OrbisClient.Services;LabSim Configuration and Security
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SCR3XX2K;SCR3xx USB SmartCardReader
S? Viewpoint Manager Service;Viewpoint Manager Service
S? WirelessUSB;WirelessUSB
.
=============== Created Last 30 ================
.
6/15/2012 0:40 984064 -c--a-w- c:\windows\system32\crypt32.dll
6/15/2012 0:40 133120 -c--a-w- c:\windows\system32\cryptsvc.dll
6/15/2012 0:40 98304 -c--a-w- c:\windows\system32\cryptnet.dll
6/15/2012 0:38 180736 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
6/15/2012 0:38 2045440 -c--a-w- c:\windows\system32\win32k.sys
6/15/2012 0:12 -------- dc----w- C:\TDSSKiller_Quarantine
6/12/2012 1:25 -------- dc----w- c:\users\jordan\appdata\roaming\Malwarebytes
6/12/2012 1:25 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
6/12/2012 1:25 -------- dc----w- c:\programdata\Malwarebytes
6/12/2012 1:25 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
6/11/2012 16:59 -------- dc----w- c:\users\jordan\appdata\local\ElevatedDiagnostics
6/10/2012 1:45 -------- dc----w- c:\users\jordan\appdata\roaming\AVG
6/10/2012 1:42 -------- dc----w- c:\program files\AVG
6/7/2012 12:43 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
6/7/2012 12:43 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
5/17/2012 22:45 1800192 -c--a-w- c:\windows\system32\jscript9.dll
5/17/2012 22:35 1129472 -c--a-w- c:\windows\system32\wininet.dll
5/17/2012 22:35 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl
5/17/2012 22:29 142848 -c--a-w- c:\windows\system32\ieUnatt.exe
5/17/2012 22:24 2382848 -c--a-w- c:\windows\system32\mshtml.tlb
4/3/2012 8:16 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe
4/3/2012 8:16 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe
3/30/2012 12:39 905600 -c--a-w- c:\windows\system32\drivers\tcpip.sys
3/20/2012 23:28 53120 -c--a-w- c:\windows\system32\drivers\partmgr.sys
3/20/2012 17:11 151880 -c--a-w- c:\windows\system32\mfevtps.exe
.
============= FINISH: 15:27:16.54 ===============

Attached Files

  • Attached File  DDS.txt   10.39KB   1 downloads

Edited by speed31982, 18 June 2012 - 09:18 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 19 June 2012 - 01:11 PM

Hi again speed31982,

Thanks for posting that! :)

Please allow me some time to go through your logs and I will post back with instructions ASAP.

Keep in mind that I am still a trainee here at BC, and all of my posts must be approved by an instructor before I can post here.

Sometimes there will be slight delays because of that, but that also means there will be two sets of eyes checking your logs instead of just one. :thumbup2:

bloopie

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 19 June 2012 - 02:11 PM

Hello speed31982,

First off, please do not attach logs...copy and paste them here. :)

Please tell me if you have your original Windows CD/DVD available.

You have not yet responded to the above.

==========

:step1: Warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you'd like to continue with the cleaning process, then please keep reading.

==========

:step2:

  • Please download TDDS Qlook and save it to your desktop.
  • Double-click the program and run it.
  • Type the letter A and press ENTER.
  • A logfile will open (TDSSQ.txt), please copy and past the contents of that logfile into your next reply.

==========

:step3: Warning!

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

==========

:step4:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

In your next reply, please paste the following...do not attach them:

  • The TDSSQ.txt log
  • The new TDSSKiller log

bloopie

#8 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 June 2012 - 02:38 PM

Below is the TDSSkiller Log, and I also removed any viewpoint components. I then ran the TDSSKiller which resulted in no threats.
I do very much appreciate this help and taking every precaution I can on using this computer. To answer one of the first questions about having a Windows disk, the answer is no. This is my fiance's computer
and she has no idea where it went.


TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Tue 06/19/2012 15:27:40.89 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.39.0_14.06.2012_20.11.11_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\14.06.2012_20.11.13
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\object.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0013.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0013.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0012.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0012.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0011.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0000.dta

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.c


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\mbr0000\tsk0001.ini

[InfectedFile]
Type: Raw BB image


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\object.ini

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0000.ini

[InfectedFile]
Name: ldrm
Size: 512
File time: 2012/06/09 20:45:38.0253


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0001.ini

[InfectedFile]
Name: cmd.dll
Size: 30720
File time: 2012/06/09 20:45:38.0408


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0002.ini

[InfectedFile]
Name: cmd64.dll
Size: 3072
File time: 2012/06/09 20:45:38.0483


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0003.ini

[InfectedFile]
Name: sub.dll
Size: 10752
File time: 2012/06/09 20:45:38.0538


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0004.ini

[InfectedFile]
Name: subx.dll
Size: 10240
File time: 2012/06/09 20:45:39.0122


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0005.ini

[InfectedFile]
Name: drv32
Size: 38912
File time: 2012/06/09 20:45:39.0137


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0006.ini

[InfectedFile]
Name: config.ini
Size: 191
File time: 2012/06/09 20:45:39.0816


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0007.ini

[InfectedFile]
Name: drv64
Size: 22528
File time: 2012/06/09 20:45:39.0816


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0008.ini

[InfectedFile]
Name: servers.dat
Size: 217
File time: 2012/06/09 20:45:40.0161


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0009.ini

[InfectedFile]
Name: ldr16
Size: 1233
File time: 2012/06/09 20:45:40.0164


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0010.ini

[InfectedFile]
Name: ldr32
Size: 3142
File time: 2012/06/09 20:45:40.0166


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0011.ini

[InfectedFile]
Name: ldr64
Size: 3656
File time: 2012/06/09 20:45:40.0172


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0012.ini

[InfectedFile]
Name: s
Size: 55
File time: 2012/06/09 20:45:40.0177


=== C:\TDSSKiller_Quarantine\14.06.2012_20.11.13\mbr0000\tdlfs0000\tsk0013.ini

[InfectedFile]
Name: u
Size: 28
File time: 2012/06/10 00:13:54.0245

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 19 June 2012 - 03:43 PM

Hi again,

Thanks for the old TDSSKiller log.

I do very much appreciate this help

It's my pleasure! :thumbup2:



However you still haven't posted some very important logs that we need to see. It's important that you follow my instructions very closely, okay? :)

In post #3 at the very bottom I asked if you ran Malwarebytes Antimalware? If so, please post that log here. If not, what then did you run that found 21 infected files?

Also please post the latest TDSSKiller log you mentioned that found nothing...instructions for that are in my last post. :wink:

==========

If you have any trouble doing this just let me know and I will help you!

bloopie

#10 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 June 2012 - 04:24 PM

17:21:52.0655 4732 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:21:53.0110 4732 ============================================================
17:21:53.0110 4732 Current date / time: 2012/06/19 17:21:53.0110
17:21:53.0110 4732 SystemInfo:
17:21:53.0110 4732
17:21:53.0110 4732 OS Version: 6.0.6002 ServicePack: 2.0
17:21:53.0110 4732 Product type: Workstation
17:21:53.0110 4732 ComputerName: RACHELJORDAN
17:21:53.0110 4732 UserName: Jordan
17:21:53.0110 4732 Windows directory: C:\Windows
17:21:53.0110 4732 System windows directory: C:\Windows
17:21:53.0110 4732 Processor architecture: Intel x86
17:21:53.0110 4732 Number of processors: 2
17:21:53.0110 4732 Page size: 0x1000
17:21:53.0110 4732 Boot type: Normal boot
17:21:53.0110 4732 ============================================================
17:21:54.0826 4732 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:21:54.0863 4732 ============================================================
17:21:54.0863 4732 \Device\Harddisk0\DR0:
17:21:54.0864 4732 MBR partitions:
17:21:54.0864 4732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x140245B
17:21:54.0864 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x2402BE16
17:21:54.0864 4732 ============================================================
17:21:54.0909 4732 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:54.0932 4732 D: <-> \Device\Harddisk0\DR0\Partition0
17:21:54.0933 4732 ============================================================
17:21:54.0933 4732 Initialize success
17:21:54.0933 4732 ============================================================
17:21:58.0240 4848 ============================================================
17:21:58.0240 4848 Scan started
17:21:58.0240 4848 Mode: Manual;
17:21:58.0240 4848 ============================================================
17:22:00.0085 4848 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:22:00.0088 4848 !SASCORE - ok
17:22:00.0223 4848 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:22:00.0232 4848 ac.sharedstore - ok
17:22:00.0365 4848 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
17:22:00.0371 4848 ac97intc - ok
17:22:00.0445 4848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:22:00.0448 4848 ACPI - ok
17:22:00.0509 4848 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:22:00.0526 4848 adp94xx - ok
17:22:00.0548 4848 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:22:00.0569 4848 adpahci - ok
17:22:00.0588 4848 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:22:00.0598 4848 adpu160m - ok
17:22:00.0614 4848 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:22:00.0630 4848 adpu320 - ok
17:22:00.0681 4848 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:22:00.0688 4848 AeLookupSvc - ok
17:22:00.0734 4848 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
17:22:00.0736 4848 Afc - ok
17:22:00.0812 4848 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:22:01.0042 4848 AFD - ok
17:22:01.0157 4848 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:22:01.0187 4848 agp440 - ok
17:22:01.0328 4848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:22:01.0341 4848 aic78xx - ok
17:22:01.0385 4848 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:22:01.0390 4848 ALG - ok
17:22:01.0408 4848 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:22:01.0416 4848 aliide - ok
17:22:01.0459 4848 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:22:01.0465 4848 amdagp - ok
17:22:01.0494 4848 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:22:01.0502 4848 amdide - ok
17:22:01.0514 4848 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:22:01.0522 4848 AmdK7 - ok
17:22:01.0544 4848 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:22:01.0545 4848 AmdK8 - ok
17:22:01.0602 4848 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:22:01.0603 4848 Appinfo - ok
17:22:01.0699 4848 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:01.0713 4848 Apple Mobile Device - ok
17:22:01.0772 4848 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:22:01.0780 4848 arc - ok
17:22:01.0827 4848 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:22:01.0834 4848 arcsas - ok
17:22:01.0877 4848 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:01.0880 4848 AsyncMac - ok
17:22:01.0896 4848 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:22:01.0897 4848 atapi - ok
17:22:01.0934 4848 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:22:01.0953 4848 AudioEndpointBuilder - ok
17:22:01.0961 4848 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:22:01.0964 4848 Audiosrv - ok
17:22:02.0020 4848 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
17:22:02.0029 4848 bcm4sbxp - ok
17:22:02.0071 4848 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:22:02.0074 4848 Beep - ok
17:22:02.0116 4848 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:22:02.0139 4848 BFE - ok
17:22:02.0225 4848 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:22:02.0259 4848 BITS - ok
17:22:02.0285 4848 bjrtwkl - ok
17:22:02.0295 4848 blbdrive - ok
17:22:02.0331 4848 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:22:02.0334 4848 bowser - ok
17:22:02.0386 4848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:22:02.0394 4848 BrFiltLo - ok
17:22:02.0405 4848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:22:02.0413 4848 BrFiltUp - ok
17:22:02.0438 4848 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:22:02.0448 4848 Browser - ok
17:22:02.0499 4848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:22:02.0509 4848 Brserid - ok
17:22:02.0519 4848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:22:02.0527 4848 BrSerWdm - ok
17:22:02.0540 4848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:22:02.0544 4848 BrUsbMdm - ok
17:22:02.0557 4848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:22:02.0564 4848 BrUsbSer - ok
17:22:02.0586 4848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:22:02.0592 4848 BTHMODEM - ok
17:22:02.0692 4848 CASprint (9104c1213c40537ed681400c74793a0b) C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
17:22:02.0695 4848 CASprint - ok
17:22:02.0744 4848 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:22:02.0746 4848 cdfs - ok
17:22:02.0817 4848 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\Windows\system32\drivers\Cdr4_xp.sys
17:22:02.0818 4848 Cdr4_xp - ok
17:22:02.0844 4848 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\Windows\system32\drivers\Cdralw2k.sys
17:22:02.0859 4848 Cdralw2k - ok
17:22:02.0914 4848 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:22:02.0924 4848 cdrom - ok
17:22:02.0969 4848 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:22:02.0973 4848 CertPropSvc - ok
17:22:03.0017 4848 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:22:03.0103 4848 cfwids - ok
17:22:03.0123 4848 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:22:03.0129 4848 circlass - ok
17:22:03.0187 4848 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:22:03.0195 4848 CLFS - ok
17:22:03.0277 4848 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:03.0284 4848 clr_optimization_v2.0.50727_32 - ok
17:22:03.0383 4848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:22:03.0406 4848 clr_optimization_v4.0.30319_32 - ok
17:22:03.0475 4848 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:03.0483 4848 CmBatt - ok
17:22:03.0505 4848 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:22:03.0510 4848 cmdide - ok
17:22:03.0555 4848 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:22:03.0558 4848 Compbatt - ok
17:22:03.0581 4848 COMSysApp - ok
17:22:03.0593 4848 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:22:03.0607 4848 crcdisk - ok
17:22:03.0620 4848 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:22:03.0634 4848 Crusoe - ok
17:22:03.0692 4848 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:22:03.0695 4848 CryptSvc - ok
17:22:03.0770 4848 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:22:03.0780 4848 DcomLaunch - ok
17:22:03.0828 4848 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:22:03.0830 4848 DfsC - ok
17:22:03.0976 4848 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:22:04.0033 4848 DFSR - ok
17:22:04.0179 4848 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:22:04.0181 4848 Dhcp - ok
17:22:04.0249 4848 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:22:04.0252 4848 disk - ok
17:22:04.0338 4848 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:22:04.0445 4848 Dnscache - ok
17:22:04.0488 4848 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:22:04.0503 4848 dot3svc - ok
17:22:04.0566 4848 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:22:04.0583 4848 DPS - ok
17:22:04.0647 4848 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:22:04.0657 4848 drmkaud - ok
17:22:04.0754 4848 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:22:04.0759 4848 DXGKrnl - ok
17:22:04.0813 4848 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:22:04.0822 4848 E1G60 - ok
17:22:04.0874 4848 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:22:04.0883 4848 EapHost - ok
17:22:05.0012 4848 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:22:05.0025 4848 Ecache - ok
17:22:05.0214 4848 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:22:05.0234 4848 ehRecvr - ok
17:22:05.0263 4848 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:22:05.0279 4848 ehSched - ok
17:22:05.0286 4848 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:22:05.0287 4848 ehstart - ok
17:22:05.0359 4848 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:22:05.0378 4848 elxstor - ok
17:22:05.0426 4848 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:22:05.0451 4848 EMDMgmt - ok
17:22:05.0527 4848 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:22:05.0530 4848 EventSystem - ok
17:22:05.0594 4848 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:22:05.0608 4848 exfat - ok
17:22:05.0639 4848 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:22:05.0658 4848 fastfat - ok
17:22:05.0704 4848 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:22:05.0712 4848 fdc - ok
17:22:05.0731 4848 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:22:05.0738 4848 fdPHost - ok
17:22:05.0759 4848 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:22:05.0762 4848 FDResPub - ok
17:22:05.0811 4848 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:22:05.0813 4848 FileInfo - ok
17:22:05.0837 4848 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:22:05.0841 4848 Filetrace - ok
17:22:05.0862 4848 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:05.0870 4848 flpydisk - ok
17:22:05.0903 4848 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:22:05.0915 4848 FltMgr - ok
17:22:06.0033 4848 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:22:06.0041 4848 FontCache - ok
17:22:06.0135 4848 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:22:06.0137 4848 FontCache3.0.0.0 - ok
17:22:06.0165 4848 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:06.0280 4848 Fs_Rec - ok
17:22:06.0325 4848 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:22:06.0329 4848 gagp30kx - ok
17:22:06.0419 4848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:22:06.0422 4848 GEARAspiWDM - ok
17:22:06.0625 4848 GoogleDesktopManager-091907-194040 (8e78b31205ff9df8f671fa51c1ee10eb) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:22:06.0728 4848 GoogleDesktopManager-091907-194040 - ok
17:22:06.0956 4848 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:22:06.0991 4848 gpsvc - ok
17:22:07.0194 4848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:22:07.0226 4848 HdAudAddService - ok
17:22:07.0347 4848 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:22:07.0352 4848 HDAudBus - ok
17:22:07.0388 4848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:22:07.0394 4848 HidBth - ok
17:22:07.0444 4848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:22:07.0451 4848 HidIr - ok
17:22:07.0505 4848 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:22:07.0510 4848 hidserv - ok
17:22:07.0565 4848 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:22:07.0573 4848 HidUsb - ok
17:22:07.0634 4848 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:22:07.0645 4848 hkmsvc - ok
17:22:07.0713 4848 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:22:07.0721 4848 HpCISSs - ok
17:22:07.0823 4848 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:22:08.0073 4848 HSF_DPV - ok
17:22:08.0114 4848 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:22:08.0336 4848 HSXHWBS2 - ok
17:22:08.0403 4848 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:22:08.0503 4848 HTCAND32 - ok
17:22:08.0573 4848 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:22:08.0598 4848 HTTP - ok
17:22:08.0649 4848 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:22:08.0655 4848 i2omp - ok
17:22:08.0707 4848 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:22:08.0715 4848 i8042prt - ok
17:22:08.0808 4848 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
17:22:08.0857 4848 ialm - ok
17:22:08.0922 4848 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:22:08.0943 4848 iaStorV - ok
17:22:09.0067 4848 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:22:09.0117 4848 idsvc - ok
17:22:09.0135 4848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:22:09.0144 4848 iirsp - ok
17:22:09.0221 4848 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:22:09.0226 4848 IKEEXT - ok
17:22:09.0351 4848 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
17:22:09.0405 4848 IntcAzAudAddService - ok
17:22:09.0463 4848 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:22:09.0468 4848 intelide - ok
17:22:09.0515 4848 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:09.0521 4848 intelppm - ok
17:22:09.0593 4848 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:22:09.0602 4848 IPBusEnum - ok
17:22:09.0666 4848 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:09.0672 4848 IpFilterDriver - ok
17:22:09.0712 4848 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:22:09.0728 4848 iphlpsvc - ok
17:22:09.0733 4848 IpInIp - ok
17:22:09.0769 4848 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:22:09.0777 4848 IPMIDRV - ok
17:22:09.0807 4848 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:22:09.0822 4848 IPNAT - ok
17:22:09.0944 4848 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
17:22:09.0976 4848 iPod Service - ok
17:22:10.0026 4848 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:22:10.0034 4848 IRENUM - ok
17:22:10.0124 4848 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:22:10.0131 4848 isapnp - ok
17:22:10.0385 4848 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:22:10.0388 4848 iScsiPrt - ok
17:22:10.0431 4848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:22:10.0439 4848 iteatapi - ok
17:22:10.0451 4848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:22:10.0457 4848 iteraid - ok
17:22:10.0501 4848 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:10.0506 4848 kbdclass - ok
17:22:10.0556 4848 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:10.0564 4848 kbdhid - ok
17:22:10.0610 4848 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:22:10.0701 4848 KeyIso - ok
17:22:10.0740 4848 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:22:10.0754 4848 KSecDD - ok
17:22:10.0835 4848 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:22:10.0840 4848 KtmRm - ok
17:22:10.0891 4848 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:22:10.0895 4848 LanmanServer - ok
17:22:10.0967 4848 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:22:10.0986 4848 LanmanWorkstation - ok
17:22:11.0043 4848 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
17:22:11.0045 4848 libusb0 - ok
17:22:11.0096 4848 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:11.0104 4848 lltdio - ok
17:22:11.0167 4848 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:22:11.0180 4848 lltdsvc - ok
17:22:11.0228 4848 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:22:11.0239 4848 lmhosts - ok
17:22:11.0311 4848 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:22:11.0318 4848 LSI_FC - ok
17:22:11.0335 4848 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:22:11.0345 4848 LSI_SAS - ok
17:22:11.0402 4848 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:22:11.0409 4848 LSI_SCSI - ok
17:22:11.0445 4848 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:22:11.0447 4848 luafv - ok
17:22:11.0509 4848 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
17:22:11.0511 4848 LVPr2Mon - ok
17:22:11.0584 4848 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:22:11.0595 4848 LVPrcSrv - ok
17:22:11.0664 4848 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
17:22:11.0672 4848 LVRS - ok
17:22:11.0724 4848 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
17:22:11.0727 4848 LVUSBSta - ok
17:22:12.0013 4848 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
17:22:12.0147 4848 LVUVC - ok
17:22:12.0625 4848 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:22:12.0627 4848 MBAMProtector - ok
17:22:12.0692 4848 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:22:12.0698 4848 MBAMService - ok
17:22:12.0804 4848 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:22:12.0915 4848 McMPFSvc - ok
17:22:12.0920 4848 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:22:12.0923 4848 mcmscsvc - ok
17:22:12.0930 4848 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:22:12.0932 4848 McNaiAnn - ok
17:22:12.0938 4848 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:22:12.0940 4848 McNASvc - ok
17:22:13.0018 4848 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
17:22:13.0122 4848 McODS - ok
17:22:13.0128 4848 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:22:13.0130 4848 McProxy - ok
17:22:13.0198 4848 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:22:13.0317 4848 McShield - ok
17:22:13.0443 4848 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:22:13.0447 4848 Mcx2Svc - ok
17:22:13.0518 4848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:22:13.0529 4848 mdmxsdk - ok
17:22:13.0581 4848 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:22:13.0588 4848 megasas - ok
17:22:13.0659 4848 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:22:13.0661 4848 mfeapfk - ok
17:22:13.0727 4848 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:22:13.0839 4848 mfeavfk - ok
17:22:13.0860 4848 mfeavfk01 - ok
17:22:13.0898 4848 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:22:13.0900 4848 mfebopk - ok
17:22:13.0915 4848 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:22:13.0927 4848 mfefire - ok
17:22:14.0001 4848 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:22:14.0100 4848 mfefirek - ok
17:22:14.0176 4848 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:22:14.0190 4848 mfehidk - ok
17:22:14.0205 4848 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:22:14.0311 4848 mfenlfk - ok
17:22:14.0356 4848 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:22:14.0360 4848 mferkdet - ok
17:22:14.0381 4848 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
17:22:14.0388 4848 mfetdi2k - ok
17:22:14.0410 4848 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:22:14.0413 4848 mfevtp - ok
17:22:14.0464 4848 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:22:14.0589 4848 mfewfpk - ok
17:22:14.0631 4848 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:22:14.0639 4848 MMCSS - ok
17:22:14.0659 4848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:22:14.0660 4848 Modem - ok
17:22:14.0680 4848 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:22:14.0682 4848 monitor - ok
17:22:14.0700 4848 motccgp - ok
17:22:14.0709 4848 motccgpfl - ok
17:22:14.0716 4848 motmodem - ok
17:22:14.0807 4848 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
17:22:14.0817 4848 MotoHelper - ok
17:22:14.0839 4848 motport - ok
17:22:14.0872 4848 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:22:14.0878 4848 mouclass - ok
17:22:14.0969 4848 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:14.0983 4848 mouhid - ok
17:22:15.0044 4848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:22:15.0047 4848 MountMgr - ok
17:22:15.0117 4848 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:22:15.0120 4848 MozillaMaintenance - ok
17:22:15.0181 4848 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:22:15.0186 4848 mpio - ok
17:22:15.0215 4848 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:22:15.0224 4848 mpsdrv - ok
17:22:15.0298 4848 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:22:15.0320 4848 MpsSvc - ok
17:22:15.0362 4848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:22:15.0371 4848 Mraid35x - ok
17:22:15.0426 4848 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:22:15.0440 4848 MRxDAV - ok
17:22:15.0468 4848 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:15.0473 4848 mrxsmb - ok
17:22:15.0512 4848 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:15.0522 4848 mrxsmb10 - ok
17:22:15.0540 4848 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:15.0543 4848 mrxsmb20 - ok
17:22:15.0595 4848 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:22:15.0602 4848 msahci - ok
17:22:15.0615 4848 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:22:15.0626 4848 msdsm - ok
17:22:15.0650 4848 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:22:15.0671 4848 MSDTC - ok
17:22:15.0727 4848 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:22:15.0729 4848 Msfs - ok
17:22:15.0771 4848 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:22:15.0773 4848 msisadrv - ok
17:22:15.0794 4848 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:22:15.0806 4848 MSiSCSI - ok
17:22:15.0828 4848 msiserver - ok
17:22:15.0877 4848 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:15.0885 4848 MSKSSRV - ok
17:22:15.0900 4848 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:15.0904 4848 MSPCLOCK - ok
17:22:15.0916 4848 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:22:15.0922 4848 MSPQM - ok
17:22:15.0955 4848 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:22:15.0966 4848 MsRPC - ok
17:22:15.0996 4848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:22:15.0997 4848 mssmbios - ok
17:22:16.0003 4848 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:22:16.0012 4848 MSTEE - ok
17:22:16.0033 4848 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:22:16.0035 4848 Mup - ok
17:22:16.0100 4848 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:22:16.0116 4848 napagent - ok
17:22:16.0168 4848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:16.0185 4848 NativeWifiP - ok
17:22:16.0255 4848 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:22:16.0260 4848 NDIS - ok
17:22:16.0316 4848 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:16.0320 4848 NdisTapi - ok
17:22:16.0366 4848 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:16.0375 4848 Ndisuio - ok
17:22:16.0400 4848 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:16.0420 4848 NdisWan - ok
17:22:16.0446 4848 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:22:16.0452 4848 NDProxy - ok
17:22:16.0462 4848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:22:16.0465 4848 NetBIOS - ok
17:22:16.0497 4848 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:22:16.0512 4848 netbt - ok
17:22:16.0532 4848 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:22:16.0534 4848 Netlogon - ok
17:22:16.0572 4848 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:22:16.0576 4848 Netman - ok
17:22:16.0610 4848 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:22:16.0614 4848 netprofm - ok
17:22:16.0677 4848 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
17:22:16.0782 4848 netr73 - ok
17:22:16.0867 4848 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:22:16.0879 4848 NetTcpPortSharing - ok
17:22:17.0006 4848 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
17:22:17.0105 4848 NETw2v32 - ok
17:22:17.0247 4848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:22:17.0257 4848 nfrd960 - ok
17:22:17.0294 4848 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:22:17.0297 4848 NlaSvc - ok
17:22:17.0347 4848 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
17:22:17.0350 4848 Nmea - ok
17:22:17.0374 4848 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:22:17.0377 4848 Npfs - ok
17:22:17.0395 4848 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:22:17.0415 4848 nsi - ok
17:22:17.0452 4848 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:22:17.0455 4848 nsiproxy - ok
17:22:17.0532 4848 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:22:17.0570 4848 Ntfs - ok
17:22:17.0591 4848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:22:17.0599 4848 ntrigdigi - ok
17:22:17.0621 4848 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:22:17.0630 4848 Null - ok
17:22:17.0967 4848 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:18.0326 4848 nvlddmkm - ok
17:22:18.0476 4848 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:22:18.0484 4848 nvraid - ok
17:22:18.0502 4848 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:22:18.0505 4848 nvstor - ok
17:22:18.0559 4848 nvstor32 (4a9a6368bef61c9608fe7cc21b1f8886) C:\Windows\system32\DRIVERS\nvstor32.sys
17:22:18.0562 4848 nvstor32 - ok
17:22:18.0595 4848 nvsvc (56407b8616e4206ee02892a2ac712ef3) C:\Windows\system32\nvvsvc.exe
17:22:18.0720 4848 nvsvc - ok
17:22:18.0762 4848 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:22:18.0770 4848 nv_agp - ok
17:22:18.0823 4848 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
17:22:18.0826 4848 NWADI - ok
17:22:18.0851 4848 NwlnkFlt - ok
17:22:18.0858 4848 NwlnkFwd - ok
17:22:18.0973 4848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:22:19.0108 4848 odserv - ok
17:22:19.0143 4848 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
17:22:19.0149 4848 ohci1394 - ok
17:22:19.0228 4848 OrbisClient.Services (8b40a0a5af67f55ddd761940fd9cc01c) C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
17:22:19.0230 4848 OrbisClient.Services - ok
17:22:19.0292 4848 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:22:19.0304 4848 ose - ok
17:22:19.0400 4848 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:22:19.0433 4848 p2pimsvc - ok
17:22:19.0443 4848 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:22:19.0450 4848 p2psvc - ok
17:22:19.0507 4848 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
17:22:19.0513 4848 Parport - ok
17:22:19.0542 4848 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:22:19.0545 4848 partmgr - ok
17:22:19.0587 4848 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
17:22:19.0595 4848 Parvdm - ok
17:22:19.0649 4848 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
17:22:19.0651 4848 PCASp50 - ok
17:22:19.0697 4848 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:22:19.0715 4848 PcaSvc - ok
17:22:19.0764 4848 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:22:19.0776 4848 pci - ok
17:22:19.0810 4848 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:22:19.0812 4848 pciide - ok
17:22:19.0867 4848 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:19.0884 4848 pcmcia - ok
17:22:19.0936 4848 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\Windows\system32\PCTINDIS5.SYS
17:22:19.0940 4848 PCTINDIS5 - ok
17:22:20.0030 4848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:22:20.0073 4848 PEAUTH - ok
17:22:20.0211 4848 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:22:20.0278 4848 pla - ok
17:22:20.0522 4848 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:22:20.0545 4848 PlugPlay - ok
17:22:20.0597 4848 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:22:20.0603 4848 PNRPAutoReg - ok
17:22:20.0618 4848 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:22:20.0625 4848 PNRPsvc - ok
17:22:20.0668 4848 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:22:20.0688 4848 PolicyAgent - ok
17:22:20.0760 4848 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:20.0769 4848 PptpMiniport - ok
17:22:20.0793 4848 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:22:20.0801 4848 Processor - ok
17:22:20.0862 4848 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:22:20.0875 4848 ProfSvc - ok
17:22:20.0896 4848 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:22:20.0898 4848 ProtectedStorage - ok
17:22:20.0927 4848 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:22:20.0929 4848 PSched - ok
17:22:20.0969 4848 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
17:22:20.0972 4848 PxHelp20 - ok
17:22:21.0043 4848 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:22:21.0072 4848 ql2300 - ok
17:22:21.0098 4848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:22:21.0111 4848 ql40xx - ok
17:22:21.0237 4848 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:22:21.0262 4848 QWAVE - ok
17:22:21.0287 4848 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:22:21.0293 4848 QWAVEdrv - ok
17:22:21.0348 4848 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:21.0355 4848 RasAcd - ok
17:22:21.0409 4848 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:22:21.0426 4848 RasAuto - ok
17:22:21.0459 4848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:21.0467 4848 Rasl2tp - ok
17:22:21.0500 4848 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:22:21.0510 4848 RasMan - ok
17:22:21.0538 4848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:21.0545 4848 RasPppoe - ok
17:22:21.0588 4848 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:21.0597 4848 RasSstp - ok
17:22:21.0640 4848 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:21.0650 4848 rdbss - ok
17:22:21.0670 4848 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:21.0674 4848 RDPCDD - ok
17:22:21.0709 4848 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:22:21.0722 4848 rdpdr - ok
17:22:21.0762 4848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:22:21.0770 4848 RDPENCDD - ok
17:22:21.0826 4848 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:22:22.0015 4848 RDPWD - ok
17:22:22.0087 4848 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:22:22.0097 4848 RemoteAccess - ok
17:22:22.0146 4848 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:22:22.0164 4848 RemoteRegistry - ok
17:22:22.0214 4848 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
17:22:22.0327 4848 RimVSerPort - ok
17:22:22.0354 4848 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
17:22:22.0359 4848 ROOTMODEM - ok
17:22:22.0381 4848 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:22:22.0390 4848 RpcLocator - ok
17:22:22.0460 4848 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:22:22.0470 4848 RpcSs - ok
17:22:22.0494 4848 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:22.0501 4848 rspndr - ok
17:22:22.0558 4848 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:22:22.0653 4848 RTL8023xp - ok
17:22:22.0728 4848 RTL8192cu (fb96f0c906ca91e66c522c8bce6c8446) C:\Windows\system32\DRIVERS\RTL8192cu.sys
17:22:22.0850 4848 RTL8192cu - ok
17:22:22.0887 4848 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:22:22.0889 4848 SamSs - ok
17:22:22.0991 4848 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:22:22.0993 4848 SASDIFSV - ok
17:22:23.0041 4848 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:22:23.0044 4848 SASKUTIL - ok
17:22:23.0071 4848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:22:23.0081 4848 sbp2port - ok
17:22:23.0129 4848 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:22:23.0142 4848 SCardSvr - ok
17:22:23.0239 4848 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:22:23.0259 4848 Schedule - ok
17:22:23.0300 4848 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:22:23.0301 4848 SCPolicySvc - ok
17:22:23.0327 4848 SCR3XX2K (cc0ecd80978f29a41f5d4b4f5af890e8) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
17:22:23.0512 4848 SCR3XX2K - ok
17:22:23.0555 4848 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
17:22:23.0563 4848 sdbus - ok
17:22:23.0592 4848 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:22:23.0608 4848 SDRSVC - ok
17:22:23.0620 4848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:22:23.0625 4848 secdrv - ok
17:22:23.0647 4848 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:22:23.0657 4848 seclogon - ok
17:22:23.0670 4848 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:22:23.0677 4848 SENS - ok
17:22:23.0705 4848 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:22:23.0710 4848 Serenum - ok
17:22:23.0738 4848 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:22:23.0745 4848 Serial - ok
17:22:23.0765 4848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:22:23.0769 4848 sermouse - ok
17:22:23.0809 4848 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:22:23.0826 4848 SessionEnv - ok
17:22:23.0843 4848 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:22:23.0850 4848 sffdisk - ok
17:22:23.0863 4848 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:23.0871 4848 sffp_mmc - ok
17:22:23.0890 4848 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:22:23.0895 4848 sffp_sd - ok
17:22:23.0938 4848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:22:23.0946 4848 sfloppy - ok
17:22:23.0983 4848 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:22:24.0004 4848 SharedAccess - ok
17:22:24.0083 4848 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:22:24.0196 4848 ShellHWDetection - ok
17:22:24.0222 4848 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:22:24.0229 4848 sisagp - ok
17:22:24.0276 4848 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:22:24.0285 4848 SiSRaid2 - ok
17:22:24.0299 4848 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:22:24.0308 4848 SiSRaid4 - ok
17:22:24.0484 4848 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:22:24.0589 4848 slsvc - ok
17:22:24.0714 4848 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:22:24.0723 4848 SLUINotify - ok
17:22:24.0771 4848 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:22:24.0777 4848 Smb - ok
17:22:24.0806 4848 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:22:24.0813 4848 SNMPTRAP - ok
17:22:24.0863 4848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:22:24.0865 4848 spldr - ok
17:22:24.0916 4848 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:22:25.0049 4848 Spooler - ok
17:22:25.0135 4848 SprintRcAppSvc (0718d0cb64ee6c3561855ae0e7718f0b) C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
17:22:25.0138 4848 SprintRcAppSvc - ok
17:22:25.0181 4848 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:22:25.0198 4848 srv - ok
17:22:25.0229 4848 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:22:25.0241 4848 srv2 - ok
17:22:25.0274 4848 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:25.0280 4848 srvnet - ok
17:22:25.0315 4848 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:22:25.0329 4848 SSDPSRV - ok
17:22:25.0392 4848 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:22:25.0396 4848 SstpSvc - ok
17:22:25.0436 4848 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:22:25.0460 4848 stisvc - ok
17:22:25.0521 4848 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:22:25.0527 4848 swenum - ok
17:22:25.0606 4848 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\Windows\System32\drivers\swmsflt.sys
17:22:25.0608 4848 swmsflt - ok
17:22:25.0669 4848 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\Windows\system32\DRIVERS\swmx00.sys
17:22:25.0684 4848 swmx00 - ok
17:22:25.0745 4848 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\Windows\system32\DRIVERS\SWNC5E00.sys
17:22:25.0757 4848 SWNC5E00 - ok
17:22:25.0796 4848 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:22:25.0813 4848 swprv - ok
17:22:25.0833 4848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:22:25.0841 4848 Symc8xx - ok
17:22:25.0855 4848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:22:25.0862 4848 Sym_hi - ok
17:22:25.0876 4848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:22:25.0882 4848 Sym_u3 - ok
17:22:25.0930 4848 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:22:25.0956 4848 SysMain - ok
17:22:25.0986 4848 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:22:25.0997 4848 TabletInputService - ok
17:22:26.0031 4848 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:22:26.0036 4848 TapiSrv - ok
17:22:26.0058 4848 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:22:26.0066 4848 TBS - ok
17:22:26.0163 4848 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
17:22:26.0225 4848 Tcpip - ok
17:22:26.0245 4848 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
17:22:26.0251 4848 Tcpip6 - ok
17:22:26.0277 4848 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:22:26.0285 4848 tcpipreg - ok
17:22:26.0310 4848 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:22:26.0316 4848 TDPIPE - ok
17:22:26.0346 4848 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:22:26.0355 4848 TDTCP - ok
17:22:26.0380 4848 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:22:26.0389 4848 tdx - ok
17:22:26.0410 4848 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:22:26.0418 4848 TermDD - ok
17:22:26.0465 4848 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:22:26.0472 4848 TermService - ok
17:22:26.0504 4848 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:22:26.0508 4848 Themes - ok
17:22:26.0534 4848 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:22:26.0536 4848 THREADORDER - ok
17:22:26.0566 4848 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:22:26.0577 4848 TrkWks - ok
17:22:26.0614 4848 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:22:26.0615 4848 TrustedInstaller - ok
17:22:26.0645 4848 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:26.0654 4848 tssecsrv - ok
17:22:26.0675 4848 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:22:26.0682 4848 tunmp - ok
17:22:26.0691 4848 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:22:26.0701 4848 tunnel - ok
17:22:26.0723 4848 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:22:26.0732 4848 uagp35 - ok
17:22:26.0765 4848 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:22:26.0781 4848 udfs - ok
17:22:26.0818 4848 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:22:26.0828 4848 UI0Detect - ok
17:22:26.0841 4848 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:22:26.0847 4848 uliagpkx - ok
17:22:26.0870 4848 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:22:26.0886 4848 uliahci - ok
17:22:26.0934 4848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:22:26.0944 4848 UlSata - ok
17:22:26.0971 4848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:22:26.0985 4848 ulsata2 - ok
17:22:27.0009 4848 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:22:27.0018 4848 umbus - ok
17:22:27.0071 4848 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
17:22:27.0075 4848 UMPass - ok
17:22:27.0130 4848 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:22:27.0136 4848 upnphost - ok
17:22:27.0188 4848 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
17:22:27.0357 4848 USBAAPL - ok
17:22:27.0391 4848 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:22:27.0398 4848 usbaudio - ok
17:22:27.0456 4848 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:27.0465 4848 usbccgp - ok
17:22:27.0498 4848 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
17:22:27.0508 4848 USBCCID - ok
17:22:27.0533 4848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:22:27.0540 4848 usbcir - ok
17:22:27.0565 4848 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:22:27.0572 4848 usbehci - ok
17:22:27.0600 4848 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:22:27.0614 4848 usbhub - ok
17:22:27.0638 4848 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:22:27.0646 4848 usbohci - ok
17:22:27.0671 4848 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:22:27.0681 4848 usbprint - ok
17:22:27.0740 4848 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:22:27.0745 4848 usbscan - ok
17:22:27.0790 4848 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:27.0797 4848 USBSTOR - ok
17:22:27.0825 4848 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:22:27.0833 4848 usbuhci - ok
17:22:27.0942 4848 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
17:22:27.0955 4848 usnjsvc - ok
17:22:27.0982 4848 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:22:27.0991 4848 UxSms - ok
17:22:28.0034 4848 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:22:28.0057 4848 vds - ok
17:22:28.0108 4848 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:28.0116 4848 vga - ok
17:22:28.0133 4848 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:22:28.0142 4848 VgaSave - ok
17:22:28.0160 4848 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:22:28.0168 4848 viaagp - ok
17:22:28.0187 4848 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:22:28.0195 4848 ViaC7 - ok
17:22:28.0210 4848 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:22:28.0217 4848 viaide - ok
17:22:28.0243 4848 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:22:28.0245 4848 volmgr - ok
17:22:28.0282 4848 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:22:28.0299 4848 volmgrx - ok
17:22:28.0335 4848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:22:28.0344 4848 volsnap - ok
17:22:28.0396 4848 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:22:28.0413 4848 vsmraid - ok
17:22:28.0490 4848 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:22:28.0527 4848 VSS - ok
17:22:28.0583 4848 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:22:28.0604 4848 W32Time - ok
17:22:28.0684 4848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:22:28.0688 4848 WacomPen - ok
17:22:28.0737 4848 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:28.0746 4848 Wanarp - ok
17:22:28.0771 4848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:28.0773 4848 Wanarpv6 - ok
17:22:28.0835 4848 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:22:28.0861 4848 wcncsvc - ok
17:22:28.0923 4848 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:22:28.0938 4848 WcsPlugInService - ok
17:22:28.0970 4848 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:22:28.0978 4848 Wd - ok
17:22:29.0052 4848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:22:29.0069 4848 Wdf01000 - ok
17:22:29.0112 4848 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:22:29.0116 4848 WdiServiceHost - ok
17:22:29.0136 4848 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:22:29.0139 4848 WdiSystemHost - ok
17:22:29.0185 4848 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:22:29.0201 4848 WebClient - ok
17:22:29.0232 4848 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:22:29.0359 4848 Wecsvc - ok
17:22:29.0404 4848 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:22:29.0408 4848 wercplsupport - ok
17:22:29.0464 4848 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:22:29.0479 4848 WerSvc - ok
17:22:29.0546 4848 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:22:29.0763 4848 winachsf - ok
17:22:29.0778 4848 WinHttpAutoProxySvc - ok
17:22:29.0838 4848 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:22:29.0853 4848 Winmgmt - ok
17:22:29.0938 4848 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:22:30.0082 4848 WinRM - ok
17:22:30.0180 4848 WirelessUSB (ea569d48b2e755af6d96f03f3335d98a) C:\Program Files\CNet\Wireless LAN Driver and Utility\RtlService.exe
17:22:30.0182 4848 WirelessUSB - ok
17:22:30.0327 4848 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:22:30.0334 4848 Wlansvc - ok
17:22:30.0422 4848 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
17:22:30.0443 4848 WLSetupSvc - ok
17:22:30.0528 4848 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:22:30.0564 4848 WmiAcpi - ok
17:22:30.0647 4848 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:22:30.0663 4848 wmiApSrv - ok
17:22:30.0781 4848 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:22:30.0788 4848 WMPNetworkSvc - ok
17:22:30.0843 4848 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:22:30.0858 4848 WPCSvc - ok
17:22:30.0883 4848 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:22:30.0897 4848 WPDBusEnum - ok
17:22:30.0976 4848 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:22:30.0980 4848 WpdUsb - ok
17:22:31.0148 4848 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:22:31.0312 4848 WPFFontCache_v0400 - ok
17:22:31.0354 4848 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:22:31.0357 4848 ws2ifsl - ok
17:22:31.0408 4848 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:22:31.0411 4848 wscsvc - ok
17:22:31.0416 4848 WSearch - ok
17:22:31.0567 4848 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:22:31.0653 4848 wuauserv - ok
17:22:31.0801 4848 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:31.0812 4848 WUDFRd - ok
17:22:31.0864 4848 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:22:31.0876 4848 wudfsvc - ok
17:22:31.0938 4848 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
17:22:32.0030 4848 XAudio - ok
17:22:32.0067 4848 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
17:22:32.0093 4848 XAudioService - ok
17:22:32.0227 4848 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:22:32.0231 4848 YahooAUService - ok
17:22:32.0298 4848 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:22:32.0486 4848 \Device\Harddisk0\DR0 - ok
17:22:32.0489 4848 Boot (0x1200) (9197c29618ad4dc49140ea3ece05d425) \Device\Harddisk0\DR0\Partition0
17:22:32.0491 4848 \Device\Harddisk0\DR0\Partition0 - ok
17:22:32.0494 4848 Boot (0x1200) (3ba0461028fa55352d085d8162ba2ca3) \Device\Harddisk0\DR0\Partition1
17:22:32.0496 4848 \Device\Harddisk0\DR0\Partition1 - ok
17:22:32.0497 4848 ============================================================
17:22:32.0497 4848 Scan finished
17:22:32.0497 4848 ============================================================
17:22:32.0510 4840 Detected object count: 0
17:22:32.0510 4840 Actual detected object count: 0

#11 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 June 2012 - 04:27 PM

This was one run on the 14th.

20:11:11.0360 4108 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
20:11:13.0363 4108 ============================================================
20:11:13.0363 4108 Current date / time: 2012/06/14 20:11:13.0363
20:11:13.0363 4108 SystemInfo:
20:11:13.0363 4108
20:11:13.0363 4108 OS Version: 6.0.6002 ServicePack: 2.0
20:11:13.0363 4108 Product type: Workstation
20:11:13.0363 4108 ComputerName: RACHELJORDAN
20:11:13.0364 4108 UserName: Jordan
20:11:13.0364 4108 Windows directory: C:\Windows
20:11:13.0364 4108 System windows directory: C:\Windows
20:11:13.0364 4108 Processor architecture: Intel x86
20:11:13.0364 4108 Number of processors: 2
20:11:13.0364 4108 Page size: 0x1000
20:11:13.0364 4108 Boot type: Safe boot with network
20:11:13.0364 4108 ============================================================
20:11:15.0203 4108 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:11:15.0234 4108 ============================================================
20:11:15.0234 4108 \Device\Harddisk0\DR0:
20:11:15.0234 4108 MBR partitions:
20:11:15.0234 4108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x140245B
20:11:15.0234 4108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x2402BE16
20:11:15.0234 4108 ============================================================
20:11:15.0279 4108 C: <-> \Device\Harddisk0\DR0\Partition1
20:11:15.0312 4108 D: <-> \Device\Harddisk0\DR0\Partition0
20:11:15.0312 4108 ============================================================
20:11:15.0312 4108 Initialize success
20:11:15.0312 4108 ============================================================
20:11:30.0931 4416 ============================================================
20:11:30.0931 4416 Scan started
20:11:30.0931 4416 Mode: Manual;
20:11:30.0931 4416 ============================================================
20:11:35.0597 4416 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:11:35.0600 4416 !SASCORE - ok
20:11:35.0708 4416 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
20:11:35.0719 4416 ac.sharedstore - ok
20:11:35.0870 4416 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
20:11:35.0873 4416 ac97intc - ok
20:11:35.0925 4416 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:11:35.0936 4416 ACPI - ok
20:11:36.0009 4416 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:11:36.0025 4416 adp94xx - ok
20:11:36.0053 4416 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:11:36.0063 4416 adpahci - ok
20:11:36.0080 4416 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:11:36.0083 4416 adpu160m - ok
20:11:36.0104 4416 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:11:36.0117 4416 adpu320 - ok
20:11:36.0154 4416 aedqshjo (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\oppqrbe.sys
20:11:36.0156 4416 aedqshjo - ok
20:11:36.0176 4416 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:11:36.0177 4416 AeLookupSvc - ok
20:11:36.0222 4416 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
20:11:36.0224 4416 Afc - ok
20:11:36.0300 4416 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:11:36.0314 4416 AFD - ok
20:11:36.0410 4416 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:11:36.0418 4416 agp440 - ok
20:11:36.0481 4416 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:11:36.0484 4416 aic78xx - ok
20:11:36.0514 4416 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:11:36.0516 4416 ALG - ok
20:11:36.0543 4416 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:11:36.0544 4416 aliide - ok
20:11:36.0559 4416 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:11:36.0560 4416 amdagp - ok
20:11:36.0607 4416 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:11:36.0609 4416 amdide - ok
20:11:36.0642 4416 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:11:36.0644 4416 AmdK7 - ok
20:11:36.0674 4416 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:11:36.0675 4416 AmdK8 - ok
20:11:36.0731 4416 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:11:36.0732 4416 Appinfo - ok
20:11:36.0838 4416 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:36.0850 4416 Apple Mobile Device - ok
20:11:36.0923 4416 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:11:36.0924 4416 arc - ok
20:11:36.0953 4416 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:11:36.0955 4416 arcsas - ok
20:11:36.0996 4416 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:36.0997 4416 AsyncMac - ok
20:11:37.0043 4416 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:11:37.0044 4416 atapi - ok
20:11:37.0079 4416 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:11:37.0087 4416 AudioEndpointBuilder - ok
20:11:37.0091 4416 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:11:37.0094 4416 Audiosrv - ok
20:11:37.0158 4416 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:11:37.0159 4416 bcm4sbxp - ok
20:11:37.0192 4416 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:11:37.0194 4416 Beep - ok
20:11:37.0237 4416 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:11:37.0254 4416 BFE - ok
20:11:37.0343 4416 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:11:37.0448 4416 BITS - ok
20:11:37.0453 4416 bjrtwkl - ok
20:11:37.0459 4416 blbdrive - ok
20:11:37.0485 4416 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:11:37.0488 4416 bowser - ok
20:11:37.0547 4416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:11:37.0549 4416 BrFiltLo - ok
20:11:37.0568 4416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:11:37.0569 4416 BrFiltUp - ok
20:11:37.0609 4416 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:11:37.0612 4416 Browser - ok
20:11:37.0649 4416 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:11:37.0651 4416 Brserid - ok
20:11:37.0670 4416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:11:37.0671 4416 BrSerWdm - ok
20:11:37.0686 4416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:11:37.0688 4416 BrUsbMdm - ok
20:11:37.0702 4416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:11:37.0703 4416 BrUsbSer - ok
20:11:37.0723 4416 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:11:37.0725 4416 BTHMODEM - ok
20:11:37.0822 4416 CASprint (9104c1213c40537ed681400c74793a0b) C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
20:11:37.0826 4416 CASprint - ok
20:11:37.0869 4416 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:37.0871 4416 cdfs - ok
20:11:37.0930 4416 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\Windows\system32\drivers\Cdr4_xp.sys
20:11:37.0931 4416 Cdr4_xp - ok
20:11:37.0971 4416 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\Windows\system32\drivers\Cdralw2k.sys
20:11:37.0973 4416 Cdralw2k - ok
20:11:38.0003 4416 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:11:38.0004 4416 cdrom - ok
20:11:38.0048 4416 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:11:38.0050 4416 CertPropSvc - ok
20:11:38.0071 4416 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
20:11:38.0073 4416 cfwids - ok
20:11:38.0105 4416 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:11:38.0107 4416 circlass - ok
20:11:38.0149 4416 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:11:38.0159 4416 CLFS - ok
20:11:38.0202 4416 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:38.0206 4416 clr_optimization_v2.0.50727_32 - ok
20:11:38.0296 4416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:38.0326 4416 clr_optimization_v4.0.30319_32 - ok
20:11:38.0386 4416 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:38.0388 4416 CmBatt - ok
20:11:38.0426 4416 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:11:38.0427 4416 cmdide - ok
20:11:38.0451 4416 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:38.0452 4416 Compbatt - ok
20:11:38.0456 4416 COMSysApp - ok
20:11:38.0463 4416 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:11:38.0464 4416 crcdisk - ok
20:11:38.0492 4416 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:11:38.0494 4416 Crusoe - ok
20:11:38.0531 4416 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:11:38.0544 4416 CryptSvc - ok
20:11:38.0624 4416 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:11:38.0642 4416 DcomLaunch - ok
20:11:38.0682 4416 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:11:38.0685 4416 DfsC - ok
20:11:38.0836 4416 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:11:38.0899 4416 DFSR - ok
20:11:39.0033 4416 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:11:39.0043 4416 Dhcp - ok
20:11:39.0112 4416 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:11:39.0114 4416 disk - ok
20:11:39.0178 4416 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:11:39.0189 4416 Dnscache - ok
20:11:39.0217 4416 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:11:39.0229 4416 dot3svc - ok
20:11:39.0292 4416 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:11:39.0301 4416 DPS - ok
20:11:39.0344 4416 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:11:39.0345 4416 drmkaud - ok
20:11:39.0399 4416 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:39.0415 4416 DXGKrnl - ok
20:11:39.0482 4416 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:11:39.0485 4416 E1G60 - ok
20:11:39.0528 4416 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:11:39.0531 4416 EapHost - ok
20:11:39.0593 4416 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:11:39.0605 4416 Ecache - ok
20:11:39.0667 4416 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:11:39.0684 4416 ehRecvr - ok
20:11:39.0718 4416 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:11:39.0731 4416 ehSched - ok
20:11:39.0741 4416 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:11:39.0743 4416 ehstart - ok
20:11:39.0809 4416 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:11:39.0819 4416 elxstor - ok
20:11:39.0879 4416 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:11:39.0906 4416 EMDMgmt - ok
20:11:39.0949 4416 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:11:39.0956 4416 EventSystem - ok
20:11:39.0990 4416 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:11:39.0995 4416 exfat - ok
20:11:40.0028 4416 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:11:40.0040 4416 fastfat - ok
20:11:40.0109 4416 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:11:40.0111 4416 fdc - ok
20:11:40.0128 4416 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:11:40.0130 4416 fdPHost - ok
20:11:40.0155 4416 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:11:40.0158 4416 FDResPub - ok
20:11:40.0207 4416 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:11:40.0209 4416 FileInfo - ok
20:11:40.0235 4416 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:11:40.0237 4416 Filetrace - ok
20:11:40.0330 4416 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:40.0350 4416 flpydisk - ok
20:11:40.0391 4416 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:11:40.0403 4416 FltMgr - ok
20:11:40.0511 4416 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:11:40.0565 4416 FontCache - ok
20:11:40.0631 4416 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:11:40.0635 4416 FontCache3.0.0.0 - ok
20:11:40.0657 4416 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:40.0659 4416 Fs_Rec - ok
20:11:40.0692 4416 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:11:40.0694 4416 gagp30kx - ok
20:11:40.0733 4416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:40.0734 4416 GEARAspiWDM - ok
20:11:40.0877 4416 GoogleDesktopManager-091907-194040 (8e78b31205ff9df8f671fa51c1ee10eb) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:11:40.0944 4416 GoogleDesktopManager-091907-194040 - ok
20:11:41.0059 4416 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:11:41.0078 4416 gpsvc - ok
20:11:41.0149 4416 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:11:41.0159 4416 HdAudAddService - ok
20:11:41.0219 4416 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:41.0238 4416 HDAudBus - ok
20:11:41.0268 4416 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:11:41.0270 4416 HidBth - ok
20:11:41.0288 4416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:11:41.0290 4416 HidIr - ok
20:11:41.0311 4416 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:11:41.0313 4416 hidserv - ok
20:11:41.0328 4416 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:11:41.0330 4416 HidUsb - ok
20:11:41.0358 4416 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:11:41.0362 4416 hkmsvc - ok
20:11:41.0388 4416 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:11:41.0390 4416 HpCISSs - ok
20:11:41.0465 4416 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:11:41.0501 4416 HSF_DPV - ok
20:11:41.0523 4416 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:11:41.0534 4416 HSXHWBS2 - ok
20:11:41.0587 4416 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:11:41.0588 4416 HTCAND32 - ok
20:11:41.0640 4416 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:11:41.0653 4416 HTTP - ok
20:11:41.0690 4416 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:11:41.0691 4416 i2omp - ok
20:11:41.0740 4416 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:11:41.0742 4416 i8042prt - ok
20:11:41.0826 4416 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
20:11:41.0885 4416 ialm - ok
20:11:41.0924 4416 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:11:41.0936 4416 iaStorV - ok
20:11:42.0034 4416 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:11:42.0071 4416 idsvc - ok
20:11:42.0091 4416 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:11:42.0093 4416 iirsp - ok
20:11:42.0141 4416 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:11:42.0154 4416 IKEEXT - ok
20:11:42.0277 4416 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
20:11:42.0354 4416 IntcAzAudAddService - ok
20:11:42.0443 4416 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
20:11:42.0445 4416 intelide - ok
20:11:42.0537 4416 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:42.0539 4416 intelppm - ok
20:11:42.0598 4416 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:11:42.0602 4416 IPBusEnum - ok
20:11:42.0657 4416 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:42.0658 4416 IpFilterDriver - ok
20:11:42.0693 4416 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:11:42.0737 4416 iphlpsvc - ok
20:11:42.0741 4416 IpInIp - ok
20:11:42.0779 4416 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:11:42.0781 4416 IPMIDRV - ok
20:11:42.0824 4416 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:11:42.0836 4416 IPNAT - ok
20:11:42.0948 4416 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
20:11:42.0983 4416 iPod Service - ok
20:11:43.0016 4416 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:11:43.0018 4416 IRENUM - ok
20:11:43.0091 4416 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:11:43.0093 4416 isapnp - ok
20:11:43.0143 4416 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:11:43.0154 4416 iScsiPrt - ok
20:11:43.0189 4416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:11:43.0191 4416 iteatapi - ok
20:11:43.0219 4416 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:11:43.0220 4416 iteraid - ok
20:11:43.0299 4416 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:43.0301 4416 kbdclass - ok
20:11:43.0600 4416 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:11:43.0719 4416 kbdhid - ok
20:11:43.0956 4416 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:11:43.0995 4416 KeyIso - ok
20:11:45.0663 4416 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:11:45.0717 4416 KSecDD - ok
20:11:45.0871 4416 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:11:45.0910 4416 KtmRm - ok
20:11:45.0997 4416 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:11:46.0096 4416 LanmanServer - ok
20:11:46.0239 4416 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:11:46.0250 4416 LanmanWorkstation - ok
20:11:46.0815 4416 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
20:11:46.0914 4416 libusb0 - ok
20:11:47.0341 4416 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:47.0399 4416 lltdio - ok
20:11:47.0708 4416 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:11:47.0714 4416 lltdsvc - ok
20:11:47.0782 4416 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:11:47.0785 4416 lmhosts - ok
20:11:47.0867 4416 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:11:47.0870 4416 LSI_FC - ok
20:11:47.0901 4416 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:11:47.0904 4416 LSI_SAS - ok
20:11:47.0961 4416 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:11:47.0968 4416 LSI_SCSI - ok
20:11:48.0025 4416 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:11:48.0030 4416 luafv - ok
20:11:48.0104 4416 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
20:11:48.0106 4416 LVPr2Mon - ok
20:11:48.0210 4416 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:11:48.0225 4416 LVPrcSrv - ok
20:11:48.0305 4416 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
20:11:48.0318 4416 LVRS - ok
20:11:48.0412 4416 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
20:11:48.0421 4416 LVUSBSta - ok
20:11:48.0787 4416 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
20:11:48.0940 4416 LVUVC - ok
20:11:49.0109 4416 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
20:11:49.0116 4416 MBAMProtector - ok
20:11:49.0231 4416 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:11:49.0283 4416 MBAMService - ok
20:11:50.0702 4416 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:11:50.0779 4416 McMPFSvc - ok
20:11:50.0785 4416 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:11:50.0787 4416 mcmscsvc - ok
20:11:50.0793 4416 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:11:50.0796 4416 McNaiAnn - ok
20:11:50.0802 4416 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:11:50.0804 4416 McNASvc - ok
20:11:50.0911 4416 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
20:11:50.0957 4416 McODS - ok
20:11:50.0964 4416 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:11:50.0966 4416 McProxy - ok
20:11:51.0043 4416 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:11:51.0055 4416 McShield - ok
20:11:51.0178 4416 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:11:51.0181 4416 Mcx2Svc - ok
20:11:51.0254 4416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:11:51.0256 4416 mdmxsdk - ok
20:11:51.0322 4416 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:11:51.0324 4416 megasas - ok
20:11:51.0388 4416 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
20:11:51.0393 4416 mfeapfk - ok
20:11:51.0475 4416 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
20:11:51.0495 4416 mfeavfk - ok
20:11:51.0534 4416 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
20:11:51.0537 4416 mfebopk - ok
20:11:51.0561 4416 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:11:51.0576 4416 mfefire - ok
20:11:51.0630 4416 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
20:11:51.0647 4416 mfefirek - ok
20:11:51.0745 4416 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
20:11:51.0765 4416 mfehidk - ok
20:11:51.0828 4416 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:11:51.0830 4416 mfenlfk - ok
20:11:51.0909 4416 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
20:11:51.0923 4416 mferkdet - ok
20:11:51.0951 4416 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
20:11:51.0958 4416 mfetdi2k - ok
20:11:52.0006 4416 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
20:11:52.0018 4416 mfevtp - ok
20:11:52.0076 4416 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
20:11:52.0089 4416 mfewfpk - ok
20:11:52.0134 4416 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:11:52.0137 4416 MMCSS - ok
20:11:52.0171 4416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:11:52.0173 4416 Modem - ok
20:11:52.0200 4416 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:11:52.0203 4416 monitor - ok
20:11:52.0229 4416 motccgp - ok
20:11:52.0236 4416 motccgpfl - ok
20:11:52.0245 4416 motmodem - ok
20:11:52.0351 4416 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
20:11:52.0386 4416 MotoHelper - ok
20:11:52.0418 4416 motport - ok
20:11:52.0451 4416 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:11:52.0453 4416 mouclass - ok
20:11:52.0513 4416 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:52.0515 4416 mouhid - ok
20:11:52.0573 4416 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:11:52.0575 4416 MountMgr - ok
20:11:52.0667 4416 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:11:52.0682 4416 MozillaMaintenance - ok
20:11:52.0756 4416 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:11:52.0759 4416 mpio - ok
20:11:52.0811 4416 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:11:52.0813 4416 mpsdrv - ok
20:11:52.0884 4416 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:11:52.0899 4416 MpsSvc - ok
20:11:52.0936 4416 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:11:52.0938 4416 Mraid35x - ok
20:11:52.0988 4416 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:11:52.0993 4416 MRxDAV - ok
20:11:53.0055 4416 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:53.0068 4416 mrxsmb - ok
20:11:53.0124 4416 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:53.0134 4416 mrxsmb10 - ok
20:11:53.0160 4416 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:53.0163 4416 mrxsmb20 - ok
20:11:53.0227 4416 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:11:53.0229 4416 msahci - ok
20:11:53.0252 4416 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:11:53.0254 4416 msdsm - ok
20:11:53.0295 4416 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:11:53.0300 4416 MSDTC - ok
20:11:53.0364 4416 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:11:53.0365 4416 Msfs - ok
20:11:53.0408 4416 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:11:53.0410 4416 msisadrv - ok
20:11:53.0443 4416 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:11:53.0457 4416 MSiSCSI - ok
20:11:53.0481 4416 msiserver - ok
20:11:53.0535 4416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:53.0544 4416 MSKSSRV - ok
20:11:53.0557 4416 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:53.0559 4416 MSPCLOCK - ok
20:11:53.0573 4416 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:11:53.0577 4416 MSPQM - ok
20:11:53.0619 4416 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:11:53.0627 4416 MsRPC - ok
20:11:53.0658 4416 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:53.0660 4416 mssmbios - ok
20:11:53.0706 4416 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:11:53.0708 4416 MSTEE - ok
20:11:53.0745 4416 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:11:53.0747 4416 Mup - ok
20:11:53.0812 4416 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:11:53.0877 4416 napagent - ok
20:11:53.0930 4416 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:53.0942 4416 NativeWifiP - ok
20:11:54.0029 4416 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:11:54.0045 4416 NDIS - ok
20:11:54.0095 4416 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:54.0096 4416 NdisTapi - ok
20:11:54.0210 4416 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:54.0228 4416 Ndisuio - ok
20:11:54.0262 4416 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:54.0276 4416 NdisWan - ok
20:11:54.0332 4416 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:11:54.0334 4416 NDProxy - ok
20:11:54.0349 4416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:11:54.0350 4416 NetBIOS - ok
20:11:54.0383 4416 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:11:54.0395 4416 netbt - ok
20:11:54.0418 4416 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:11:54.0420 4416 Netlogon - ok
20:11:54.0483 4416 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:11:54.0492 4416 Netman - ok
20:11:54.0514 4416 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:11:54.0524 4416 netprofm - ok
20:11:54.0599 4416 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
20:11:54.0615 4416 netr73 - ok
20:11:54.0687 4416 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:11:54.0703 4416 NetTcpPortSharing - ok
20:11:54.0917 4416 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
20:11:54.0966 4416 NETw2v32 - ok
20:11:55.0131 4416 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:11:55.0133 4416 nfrd960 - ok
20:11:55.0198 4416 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:11:55.0208 4416 NlaSvc - ok
20:11:55.0258 4416 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
20:11:55.0260 4416 Nmea - ok
20:11:55.0294 4416 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:11:55.0296 4416 Npfs - ok
20:11:55.0353 4416 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:11:55.0356 4416 nsi - ok
20:11:55.0379 4416 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:11:55.0381 4416 nsiproxy - ok
20:11:55.0490 4416 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:11:55.0533 4416 Ntfs - ok
20:11:55.0579 4416 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:11:55.0583 4416 ntrigdigi - ok
20:11:55.0617 4416 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:11:55.0619 4416 Null - ok
20:11:56.0315 4416 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:56.0490 4416 nvlddmkm - ok
20:11:56.0654 4416 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:11:56.0657 4416 nvraid - ok
20:11:56.0689 4416 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:11:56.0691 4416 nvstor - ok
20:11:56.0789 4416 nvstor32 (4a9a6368bef61c9608fe7cc21b1f8886) C:\Windows\system32\DRIVERS\nvstor32.sys
20:11:56.0801 4416 nvstor32 - ok
20:11:56.0878 4416 nvsvc (56407b8616e4206ee02892a2ac712ef3) C:\Windows\system32\nvvsvc.exe
20:11:56.0936 4416 nvsvc - ok
20:11:57.0000 4416 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:11:57.0004 4416 nv_agp - ok
20:11:57.0088 4416 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
20:11:57.0112 4416 NWADI - ok
20:11:57.0129 4416 NwlnkFlt - ok
20:11:57.0156 4416 NwlnkFwd - ok
20:11:57.0432 4416 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:11:57.0491 4416 odserv - ok
20:11:57.0537 4416 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
20:11:57.0539 4416 ohci1394 - ok
20:11:57.0636 4416 OrbisClient.Services (8b40a0a5af67f55ddd761940fd9cc01c) C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
20:11:57.0694 4416 OrbisClient.Services - ok
20:11:57.0799 4416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:57.0813 4416 ose - ok
20:11:58.0042 4416 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:11:58.0067 4416 p2pimsvc - ok
20:11:58.0092 4416 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:11:58.0098 4416 p2psvc - ok
20:11:58.0202 4416 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
20:11:58.0219 4416 Parport - ok
20:11:58.0289 4416 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:11:58.0292 4416 partmgr - ok
20:11:58.0342 4416 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
20:11:58.0343 4416 Parvdm - ok
20:11:58.0422 4416 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
20:11:58.0424 4416 PCASp50 - ok
20:11:58.0461 4416 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:11:58.0464 4416 PcaSvc - ok
20:11:58.0509 4416 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:11:58.0521 4416 pci - ok
20:11:58.0555 4416 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:11:58.0557 4416 pciide - ok
20:11:58.0661 4416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:58.0666 4416 pcmcia - ok
20:11:58.0731 4416 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\Windows\system32\PCTINDIS5.SYS
20:11:58.0735 4416 PCTINDIS5 - ok
20:11:58.0928 4416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:11:59.0049 4416 PEAUTH - ok
20:11:59.0387 4416 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:11:59.0453 4416 pla - ok
20:11:59.0596 4416 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:11:59.0608 4416 PlugPlay - ok
20:11:59.0757 4416 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:11:59.0764 4416 PNRPAutoReg - ok
20:11:59.0776 4416 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:11:59.0782 4416 PNRPsvc - ok
20:11:59.0936 4416 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:11:59.0977 4416 PolicyAgent - ok
20:12:00.0097 4416 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:00.0129 4416 PptpMiniport - ok
20:12:00.0190 4416 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:12:00.0193 4416 Processor - ok
20:12:00.0262 4416 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:12:00.0276 4416 ProfSvc - ok
20:12:00.0307 4416 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:12:00.0309 4416 ProtectedStorage - ok
20:12:00.0371 4416 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:12:00.0374 4416 PSched - ok
20:12:00.0422 4416 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:12:00.0424 4416 PxHelp20 - ok
20:12:00.0503 4416 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:12:00.0540 4416 ql2300 - ok
20:12:00.0606 4416 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:12:00.0618 4416 ql40xx - ok
20:12:00.0683 4416 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:12:00.0701 4416 QWAVE - ok
20:12:00.0781 4416 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:12:00.0783 4416 QWAVEdrv - ok
20:12:00.0809 4416 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:00.0814 4416 RasAcd - ok
20:12:00.0854 4416 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:12:00.0867 4416 RasAuto - ok
20:12:00.0920 4416 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:00.0923 4416 Rasl2tp - ok
20:12:01.0130 4416 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:12:01.0146 4416 RasMan - ok
20:12:01.0167 4416 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:01.0170 4416 RasPppoe - ok
20:12:01.0228 4416 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:01.0231 4416 RasSstp - ok
20:12:01.0269 4416 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:01.0286 4416 rdbss - ok
20:12:01.0349 4416 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:01.0350 4416 RDPCDD - ok
20:12:01.0398 4416 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:12:01.0407 4416 rdpdr - ok
20:12:01.0414 4416 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:12:01.0416 4416 RDPENCDD - ok
20:12:01.0491 4416 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:12:01.0502 4416 RDPWD - ok
20:12:01.0565 4416 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:12:01.0574 4416 RemoteAccess - ok
20:12:01.0617 4416 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:12:01.0629 4416 RemoteRegistry - ok
20:12:01.0702 4416 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
20:12:01.0709 4416 Revoflt - ok
20:12:01.0774 4416 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
20:12:01.0776 4416 RimVSerPort - ok
20:12:01.0840 4416 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:12:01.0842 4416 ROOTMODEM - ok
20:12:01.0867 4416 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:12:01.0895 4416 RpcLocator - ok
20:12:02.0029 4416 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:12:02.0098 4416 RpcSs - ok
20:12:02.0121 4416 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:02.0123 4416 rspndr - ok
20:12:02.0177 4416 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
20:12:02.0180 4416 RTL8023xp - ok
20:12:02.0270 4416 RTL8192cu (fb96f0c906ca91e66c522c8bce6c8446) C:\Windows\system32\DRIVERS\RTL8192cu.sys
20:12:02.0295 4416 RTL8192cu - ok
20:12:02.0356 4416 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:12:02.0357 4416 SamSs - ok
20:12:02.0457 4416 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:12:02.0479 4416 SASDIFSV - ok
20:12:02.0527 4416 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:12:02.0529 4416 SASKUTIL - ok
20:12:02.0565 4416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:12:02.0864 4416 sbp2port - ok
20:12:03.0171 4416 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:12:03.0178 4416 SCardSvr - ok
20:12:03.0254 4416 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:12:03.0276 4416 Schedule - ok
20:12:03.0303 4416 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:12:03.0305 4416 SCPolicySvc - ok
20:12:03.0346 4416 SCR3XX2K (cc0ecd80978f29a41f5d4b4f5af890e8) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
20:12:03.0348 4416 SCR3XX2K - ok
20:12:03.0394 4416 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
20:12:03.0397 4416 sdbus - ok
20:12:03.0453 4416 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:12:03.0466 4416 SDRSVC - ok
20:12:03.0497 4416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:12:03.0498 4416 secdrv - ok
20:12:03.0532 4416 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:12:03.0535 4416 seclogon - ok
20:12:03.0563 4416 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:12:03.0567 4416 SENS - ok
20:12:03.0607 4416 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:12:03.0609 4416 Serenum - ok
20:12:03.0650 4416 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:12:03.0662 4416 Serial - ok
20:12:03.0691 4416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:12:03.0694 4416 sermouse - ok
20:12:03.0746 4416 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:12:03.0762 4416 SessionEnv - ok
20:12:03.0797 4416 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:12:03.0798 4416 sffdisk - ok
20:12:03.0823 4416 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:03.0825 4416 sffp_mmc - ok
20:12:03.0863 4416 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:12:03.0865 4416 sffp_sd - ok
20:12:03.0891 4416 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:12:03.0893 4416 sfloppy - ok
20:12:03.0953 4416 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:12:03.0970 4416 SharedAccess - ok
20:12:04.0007 4416 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:12:04.0034 4416 ShellHWDetection - ok
20:12:04.0063 4416 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:12:04.0066 4416 sisagp - ok
20:12:04.0140 4416 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:12:04.0142 4416 SiSRaid2 - ok
20:12:04.0174 4416 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:12:04.0177 4416 SiSRaid4 - ok
20:12:04.0388 4416 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:12:04.0487 4416 slsvc - ok
20:12:04.0643 4416 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:12:04.0646 4416 SLUINotify - ok
20:12:04.0711 4416 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:12:04.0714 4416 Smb - ok
20:12:04.0742 4416 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:12:04.0745 4416 SNMPTRAP - ok
20:12:04.0781 4416 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:12:04.0783 4416 spldr - ok
20:12:04.0828 4416 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:12:04.0840 4416 Spooler - ok
20:12:04.0934 4416 SprintRcAppSvc (0718d0cb64ee6c3561855ae0e7718f0b) C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
20:12:04.0938 4416 SprintRcAppSvc - ok
20:12:04.0984 4416 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:12:05.0009 4416 srv - ok
20:12:05.0055 4416 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:12:05.0069 4416 srv2 - ok
20:12:05.0110 4416 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:05.0115 4416 srvnet - ok
20:12:05.0152 4416 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:12:05.0163 4416 SSDPSRV - ok
20:12:05.0228 4416 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:12:05.0241 4416 SstpSvc - ok
20:12:05.0331 4416 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:12:05.0357 4416 stisvc - ok
20:12:05.0407 4416 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:12:05.0409 4416 swenum - ok
20:12:05.0492 4416 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\Windows\System32\drivers\swmsflt.sys
20:12:05.0493 4416 swmsflt - ok
20:12:05.0550 4416 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\Windows\system32\DRIVERS\swmx00.sys
20:12:05.0562 4416 swmx00 - ok
20:12:05.0623 4416 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\Windows\system32\DRIVERS\SWNC5E00.sys
20:12:05.0634 4416 SWNC5E00 - ok
20:12:05.0728 4416 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:12:05.0757 4416 swprv - ok
20:12:05.0805 4416 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:12:05.0807 4416 Symc8xx - ok
20:12:05.0827 4416 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:12:05.0830 4416 Sym_hi - ok
20:12:05.0858 4416 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:12:05.0859 4416 Sym_u3 - ok
20:12:05.0951 4416 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:12:05.0967 4416 SysMain - ok
20:12:05.0997 4416 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:12:06.0001 4416 TabletInputService - ok
20:12:06.0068 4416 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:12:06.0087 4416 TapiSrv - ok
20:12:06.0127 4416 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:12:06.0130 4416 TBS - ok
20:12:06.0213 4416 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:12:06.0244 4416 Tcpip - ok
20:12:06.0263 4416 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:06.0271 4416 Tcpip6 - ok
20:12:06.0312 4416 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:12:06.0314 4416 tcpipreg - ok
20:12:06.0360 4416 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:12:06.0362 4416 TDPIPE - ok
20:12:06.0415 4416 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:12:06.0417 4416 TDTCP - ok
20:12:06.0432 4416 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:12:06.0435 4416 tdx - ok
20:12:06.0504 4416 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:12:06.0506 4416 TermDD - ok
20:12:06.0567 4416 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:12:06.0597 4416 TermService - ok
20:12:06.0699 4416 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:12:06.0704 4416 Themes - ok
20:12:06.0746 4416 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:12:06.0748 4416 THREADORDER - ok
20:12:06.0813 4416 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:12:06.0837 4416 TrkWks - ok
20:12:06.0924 4416 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:12:06.0926 4416 TrustedInstaller - ok
20:12:06.0980 4416 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:06.0982 4416 tssecsrv - ok
20:12:07.0010 4416 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:12:07.0012 4416 tunmp - ok
20:12:07.0069 4416 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:07.0072 4416 tunnel - ok
20:12:07.0121 4416 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:12:07.0123 4416 uagp35 - ok
20:12:07.0180 4416 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:12:07.0185 4416 udfs - ok
20:12:07.0253 4416 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:12:07.0257 4416 UI0Detect - ok
20:12:07.0290 4416 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:12:07.0293 4416 uliagpkx - ok
20:12:07.0319 4416 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:12:07.0333 4416 uliahci - ok
20:12:07.0356 4416 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:12:07.0359 4416 UlSata - ok
20:12:07.0382 4416 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:12:07.0387 4416 ulsata2 - ok
20:12:07.0436 4416 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:12:07.0438 4416 umbus - ok
20:12:07.0486 4416 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
20:12:07.0488 4416 UMPass - ok
20:12:07.0520 4416 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:12:07.0560 4416 upnphost - ok
20:12:07.0610 4416 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:12:07.0613 4416 USBAAPL - ok
20:12:07.0685 4416 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:12:07.0688 4416 usbaudio - ok
20:12:07.0791 4416 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:07.0804 4416 usbccgp - ok
20:12:07.0891 4416 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
20:12:07.0904 4416 USBCCID - ok
20:12:07.0944 4416 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:12:07.0947 4416 usbcir - ok
20:12:07.0992 4416 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:12:07.0994 4416 usbehci - ok
20:12:08.0052 4416 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:08.0062 4416 usbhub - ok
20:12:08.0115 4416 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:12:08.0117 4416 usbohci - ok
20:12:08.0146 4416 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:08.0149 4416 usbprint - ok
20:12:08.0236 4416 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:08.0239 4416 usbscan - ok
20:12:08.0293 4416 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:08.0296 4416 USBSTOR - ok
20:12:08.0357 4416 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:12:08.0359 4416 usbuhci - ok
20:12:08.0469 4416 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
20:12:08.0473 4416 usnjsvc - ok
20:12:08.0509 4416 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:12:08.0513 4416 UxSms - ok
20:12:08.0565 4416 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:12:08.0610 4416 vds - ok
20:12:08.0647 4416 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:08.0650 4416 vga - ok
20:12:08.0735 4416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:12:08.0737 4416 VgaSave - ok
20:12:08.0787 4416 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:12:08.0789 4416 viaagp - ok
20:12:08.0811 4416 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:12:08.0813 4416 ViaC7 - ok
20:12:08.0846 4416 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:12:08.0848 4416 viaide - ok
20:12:08.0907 4416 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
20:12:08.0910 4416 Viewpoint Manager Service - ok
20:12:08.0941 4416 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:12:08.0943 4416 volmgr - ok
20:12:09.0018 4416 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:12:09.0042 4416 volmgrx - ok
20:12:09.0097 4416 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:12:09.0104 4416 volsnap - ok
20:12:09.0193 4416 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:12:09.0231 4416 vsmraid - ok
20:12:09.0344 4416 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:12:09.0404 4416 VSS - ok
20:12:09.0470 4416 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:12:09.0528 4416 W32Time - ok
20:12:09.0613 4416 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:12:09.0616 4416 WacomPen - ok
20:12:09.0665 4416 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:09.0667 4416 Wanarp - ok
20:12:09.0676 4416 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:09.0678 4416 Wanarpv6 - ok
20:12:09.0728 4416 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:12:09.0756 4416 wcncsvc - ok
20:12:09.0790 4416 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:12:09.0793 4416 WcsPlugInService - ok
20:12:09.0856 4416 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:12:09.0858 4416 Wd - ok
20:12:09.0956 4416 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:12:09.0969 4416 Wdf01000 - ok
20:12:10.0014 4416 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:12:10.0019 4416 WdiServiceHost - ok
20:12:10.0028 4416 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:12:10.0031 4416 WdiSystemHost - ok
20:12:10.0079 4416 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:12:10.0088 4416 WebClient - ok
20:12:10.0117 4416 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:12:10.0130 4416 Wecsvc - ok
20:12:10.0187 4416 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:12:10.0191 4416 wercplsupport - ok
20:12:10.0232 4416 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:12:10.0245 4416 WerSvc - ok
20:12:10.0316 4416 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:12:10.0342 4416 winachsf - ok
20:12:10.0351 4416 WinHttpAutoProxySvc - ok
20:12:10.0415 4416 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:12:10.0426 4416 Winmgmt - ok
20:12:10.0534 4416 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:12:10.0616 4416 WinRM - ok
20:12:10.0715 4416 WirelessUSB (ea569d48b2e755af6d96f03f3335d98a) C:\Program Files\CNet\Wireless LAN Driver and Utility\RtlService.exe
20:12:10.0718 4416 WirelessUSB - ok
20:12:10.0840 4416 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:12:10.0866 4416 Wlansvc - ok
20:12:10.0990 4416 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:12:10.0999 4416 WLSetupSvc - ok
20:12:11.0072 4416 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:12:11.0074 4416 WmiAcpi - ok
20:12:11.0153 4416 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:12:11.0162 4416 wmiApSrv - ok
20:12:11.0252 4416 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:12:11.0274 4416 WMPNetworkSvc - ok
20:12:11.0329 4416 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:12:11.0342 4416 WPCSvc - ok
20:12:11.0393 4416 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:12:11.0398 4416 WPDBusEnum - ok
20:12:11.0467 4416 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:12:11.0469 4416 WpdUsb - ok
20:12:11.0651 4416 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:12:11.0673 4416 WPFFontCache_v0400 - ok
20:12:11.0719 4416 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:11.0720 4416 ws2ifsl - ok
20:12:11.0751 4416 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:12:11.0755 4416 wscsvc - ok
20:12:11.0775 4416 WSearch - ok
20:12:11.0920 4416 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:12:12.0000 4416 wuauserv - ok
20:12:12.0145 4416 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:12.0151 4416 WUDFRd - ok
20:12:12.0183 4416 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:12:12.0187 4416 wudfsvc - ok
20:12:12.0243 4416 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:12:12.0244 4416 XAudio - ok
20:12:12.0279 4416 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
20:12:12.0291 4416 XAudioService - ok
20:12:12.0410 4416 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:12:12.0479 4416 YahooAUService - ok
20:12:12.0550 4416 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:12:12.0579 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:12:12.0579 4416 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:12:12.0588 4416 Boot (0x1200) (9197c29618ad4dc49140ea3ece05d425) \Device\Harddisk0\DR0\Partition0
20:12:12.0594 4416 \Device\Harddisk0\DR0\Partition0 - ok
20:12:12.0621 4416 Boot (0x1200) (3ba0461028fa55352d085d8162ba2ca3) \Device\Harddisk0\DR0\Partition1
20:12:12.0623 4416 \Device\Harddisk0\DR0\Partition1 - ok
20:12:12.0624 4416 ============================================================
20:12:12.0624 4416 Scan finished
20:12:12.0624 4416 ============================================================
20:12:12.0657 4280 Detected object count: 1
20:12:12.0658 4280 Actual detected object count: 1
20:12:28.0035 4280 \Device\Harddisk0\DR0\# - copied to quarantine
20:12:28.0036 4280 \Device\Harddisk0\DR0 - copied to quarantine
20:12:28.0093 4280 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:12:28.0130 4280 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:12:28.0160 4280 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:12:28.0189 4280 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:12:28.0194 4280 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:12:28.0207 4280 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:12:28.0209 4280 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:12:28.0217 4280 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:12:28.0219 4280 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:12:28.0221 4280 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:12:28.0224 4280 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:12:28.0227 4280 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:12:28.0228 4280 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:12:28.0230 4280 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:12:28.0300 4280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:12:28.0335 4280 \Device\Harddisk0\DR0 - ok
20:12:29.0235 4280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:12:44.0663 4888 Deinitialize success

#12 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 June 2012 - 04:33 PM

This was one of the ones I ran in safe mode before I started this forum because in safe mode it would not let me make an account.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23

Run by Jordan at 23:33:21 on 2012-06-11

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1043 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E

uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = <local>;192.168.*.*

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120425092625.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe

uRun: [MySpaceIM] "c:\program files\myspace\im\MySpaceIM.exe"

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

uRunOnce: [RegistryDefrag] c:\program files\avg\avg pc tuneup 2011\registrydefrag.exe -report

mRun: [<NO NAME>]

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray

mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AprvRemoveLegacyWordKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\word\addins\OfficeAddIn.OfficeAddIn

mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn

mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\approv~1.lnk - c:\windows\installer\{4e01b649-0023-4eb5-9263-57de317c3418}\Icon9557F1BC1.ico

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: army.mil\tamis

Trusted Zone: army.mil\us

Trusted Zone: army.mil\www.us

Trusted Zone: mcafee.com\home

Trusted Zone: newcelica.org\www

Trusted Zone: umuc.edu\tychousa12

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{4CEBAB25-82E1-459E-8A52-AE63628DACB4} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{4E2781EE-725A-41D5-9B50-1954A29935F1} : DhcpNameServer = 65.24.7.10 65.24.7.11

TCP: Interfaces\{AEF93E36-5E83-4022-808A-9DA717B4D3B6} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\jcc36pvt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30046&client_id=8808116c0977d888f94cc4af&camp_id=2988&install_time=2011-09-12T22:50:51Z&pr=auto&tb_version=1.0.9000(G)&q=

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-16 464304]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-16 64912]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-7 169608]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-16 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-16 151880]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-16 340920]

R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2011-6-16 59520]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 214904]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-16 166288]

S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]

S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\testout\orbis\OrbisClient.Services.exe [2011-1-25 17408]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-19 24652]

S2 WirelessUSB;WirelessUSB;c:\program files\cnet\wireless lan driver and utility\RtlService.exe [2011-2-7 36864]

S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-16 57600]

S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-14 1840128]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]

S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\drivers\libusb0.sys [2010-6-29 28160]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22344]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-16 180848]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-16 59456]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-16 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2009-1-2 256000]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-25 27192]

S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2011-2-11 693760]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-16 84072]

.

=============== Created Last 30 ================

.

41072.14786

41072.05917

41072.05912

41072.05912

41072.05911

41071.70773

41070.07341

41070.0714

41069.86464

41067.5399

41067.53032

41067.53032

41046.14049

.

==================== Find3M ====================

.

41002.34458

41002.34457

41001.56691

40998.52721

40988.97836

40988.71634

40983.42397

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 Disk: ST332082 rev.3.AA -> Harddisk0\DR0 ->

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x877E04B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x877e793c]; MOV EAX, [0x877e7ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x84057936] -> \Device\Harddisk0\DR0[0x876E5AC8]

3 CLASSPNP[0x84BA18B3] -> ntkrnlpa!IofCallDriver[0x84057936] -> [0x87185258]

5 acpi[0x806116BC] -> ntkrnlpa!IofCallDriver[0x84057936] -> [0x87185C90]

\Driver\nvstor32[0x8776F528] -> IRP_MJ_CREATE -> 0x877E04B1

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }

detected disk devices:

\Device\0000006d -> \??\SCSI#Disk&Ven_ST332082&Prod_0AS#4&1ccb373b&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:34:34.58 ===============


Edited by speed31982, 19 June 2012 - 04:40 PM.


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 19 June 2012 - 04:44 PM

Hi again,

Thank you very much! :thumbup2:

Please give me some time to go over these logs, and I will come back with instruction tomorrow.

I will not be able to post back tonight, just FYI. :wink:

bloopie

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 PM

Posted 20 June 2012 - 07:10 AM

Hello again,

Please refrain from using AVG PC Tuneup's registry cleaner (if it's still installed). You may not notice any improvement in system speed by using registry cleaners, and if the program makes one small mistake it could leave your computer unbootable! These programs are not foolproof and should not be used. Just something to consider. :)

==========

:step1: P2P Program warning

Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

:step2: Run Combofix:

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you. Please copy and paste that log in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please post the Combofix log in your next reply, and let me know how the computer is running now!


bloopie

#15 speed31982

speed31982
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 20 June 2012 - 10:16 AM

ComboFix 12-06-20.01 - Jordan 06/20/2012 10:47:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.800 [GMT -4:00]
Running from: c:\users\Jordan\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2409936383
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 14:57 . 2012-06-20 15:09 -------- dc----w- c:\users\Jordan\AppData\Local\temp
2012-06-20 14:57 . 2012-06-20 14:57 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-06-20 14:57 . 2012-06-20 14:57 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2012-06-20 14:57 . 2012-06-20 14:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-15 00:40 . 2012-04-23 16:00 984064 -c--a-w- c:\windows\system32\crypt32.dll
2012-06-15 00:40 . 2012-04-23 16:00 133120 -c--a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 00:40 . 2012-04-23 16:00 98304 -c--a-w- c:\windows\system32\cryptnet.dll
2012-06-15 00:38 . 2012-05-01 14:03 180736 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-15 00:38 . 2012-05-15 19:51 2045440 -c--a-w- c:\windows\system32\win32k.sys
2012-06-15 00:12 . 2012-06-15 00:12 -------- dc----w- C:\TDSSKiller_Quarantine
2012-06-12 01:25 . 2012-06-12 01:25 -------- dc----w- c:\users\Jordan\AppData\Roaming\Malwarebytes
2012-06-12 01:25 . 2012-06-12 01:25 -------- dc----w- c:\programdata\Malwarebytes
2012-06-12 01:25 . 2012-04-04 19:56 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 01:25 . 2012-06-12 01:25 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 16:59 . 2012-06-11 17:58 -------- dc----w- c:\users\Jordan\AppData\Local\ElevatedDiagnostics
2012-06-10 01:45 . 2012-06-10 01:45 -------- dc----w- c:\users\Jordan\AppData\Roaming\AVG
2012-06-10 01:42 . 2012-06-10 01:42 -------- dc----w- c:\program files\AVG
2012-06-07 12:43 . 2012-06-07 12:43 770384 -c--a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 12:43 . 2012-06-07 12:43 421200 -c--a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 03:22 . 2012-05-17 03:22 677136 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:16 . 2012-05-12 00:07 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 00:07 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-12 00:08 905600 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2003-03-19 01:20 . 2011-07-29 16:54 1060864 -c--a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 08:42 . 2011-07-29 16:54 348160 -c--a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-06-17 18:44 . 2012-01-04 01:35 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-16 05:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-03-16 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
backup=c:\windows\pss\ApproveIt StartUp.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyExcelKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyWordKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2011-06-29 11:10 406568 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acevents]
2011-06-29 11:10 153640 ----a-w- c:\program files\ActivIdentity\ActivClient\acevents.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApproveItForOfficeSetup]
2010-01-26 14:26 155648 -c--a-w- c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 12:50 2656528 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2012-03-22 01:16 1318816 -c--a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-03-22 01:16 1318816 -c--a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 22:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-20 05:04 13535776 -c--a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-20 05:04 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 23:15 81912 -c--a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-12-01 05:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27 17351304 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2008-10-15 16:02 17664 -c--a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-03-16 116608]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5618E
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: army.mil\tamis
Trusted Zone: army.mil\us
Trusted Zone: army.mil\www.us
Trusted Zone: mcafee.com\home
Trusted Zone: newcelica.org\www
Trusted Zone: umuc.edu\tychousa12
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\jcc36pvt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30046&client_id=8808116c0977d888f94cc4af&camp_id=2988&install_time=2011-09-12T22:50Z&pr=auto&tb_version=1.0.9000(G)&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6808)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\mfevtps.exe
c:\program files\Motorola\MotoHelper\MotoHelperService.exe
c:\program files\TestOut\Orbis\OrbisClient.Services.exe
c:\program files\CNet\Wireless LAN Driver and Utility\RtlService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\CNet\Wireless LAN Driver and Utility\RtWlan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-06-20 11:14:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 15:14
.
Pre-Run: 188,125,491,200 bytes free
Post-Run: 189,612,748,800 bytes free
.
- - End Of File - - AC25661EE323B83A7721DBDDA74A0C43




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users