Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero.Access and Sirefef


  • This topic is locked This topic is locked
26 replies to this topic

#1 onshow

onshow

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 02 July 2012 - 08:06 PM

i recently cleaned a sirefef.h and zero.access rootkit threat (or so i thought i did) and all was working fine (with the exception of me not being able to save views of my folders or desktop.

I recently received notification on Trend Micro that services.exe was infected with sirefef.l

Hitman Pro also detects services.exe as being infected (but i have the free version which does not clean it)

Please advise how i can clear this infection.

i am running Windows 7.

BC AdBot (Login to Remove)

 


#2 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 02 July 2012 - 08:40 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by papd at 11:29:12 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2991.941 [GMT 10:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Trend Micro Security Agent *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Super_DVD_Creator_9.82\NMSAccessU.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
\\SQLSVR01\Central\ClientFrameWork.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\plugin\TMAS\TMAS_OL\TMAS_OL.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWinMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE /UNINSTALL
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED
mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe
mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe
mRun: [Nuance PDF Professional 6-reminder] "c:\program files\nuance\pdf professional 6\ereg\ereg.exe" -r "c:\programdata\nuance\pdf professional 6\ereg\Ereg.ini"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IFXSPMGT] "c:\program files\hewlett-packard\embedded security software\ifxspmgt.exe" /NotifyLogon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Connection Manager.exe]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
StartupFolder: c:\users\papd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {00134F72-5284-44F7-95A8-52A619F70752} - hxxp://sbs-server.accountants.local:8059/officescan/console/ClientInstall/WinNTChk.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.16.10 192.168.1.1
TCP: Interfaces\{1ACC2824-4EC9-4E89-B9F0-6CD4D0A8882C} : DhcpNameServer = 192.168.16.10 192.168.1.1
TCP: Interfaces\{1ACC2824-4EC9-4E89-B9F0-6CD4D0A8882C}\24967605F6E646542344630314 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1ACC2824-4EC9-4E89-B9F0-6CD4D0A8882C}\9696039314835383072796D6162797 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{C9C9C354-3EE1-4C99-B178-45E0153B8F23} : DhcpNameServer = 192.168.16.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\client server security agent\uiframework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.16.10 www.twitter.com
Hosts: 192.168.16.10 www.myspace.com
Hosts: 192.168.16.10 twitter.com
Hosts: 192.168.16.10 myspace.com
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-2-2 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-2-2 13256]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-4-12 111632]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2010-1-26 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-2-2 40088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-4 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-3-9 81920]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-7-22 196320]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2011-6-2 133688]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-3-25 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-2-2 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2010-1-20 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-3-2 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 654408]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-5-20 635416]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-9-5 113264]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2011-4-29 1687360]
R2 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-9-10 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-10 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-9-10 38912]
R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2010-3-13 82760]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-7-22 65296]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-10 2320920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-10 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-2 22344]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-3-2 7517696]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\drivers\qcfilterhp2k.sys [2011-4-29 5248]
R3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\drivers\qcombushp.sys [2011-4-29 123976]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2011-4-29 375296]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2011-4-29 190592]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2010-9-10 73344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-3 1153368]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-19 1664304]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-25 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-22 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-12-8 362040]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-1-1 6758912]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-1-7 20080]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [2012-7-2 335504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-27 52224]
.
=============== Created Last 30 ================
.
2012-07-02 04:04:44 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-07-02 00:10:53 -------- d-----w- c:\users\papd\appdata\roaming\FixZeroAccess
2012-06-27 10:17:05 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 22:42:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:42:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:41:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:41:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-13 22:59:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:58:58 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:58:55 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:58:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:58:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:58:53 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:58:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:58:49 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:58:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:58:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:29:05 -------- d-----w- c:\program files\iPod
2012-06-13 04:29:04 -------- d-----w- c:\program files\iTunes
2012-06-12 10:15:46 -------- d-----w- c:\windows\BF2CAF71704E4F3A9A897D962B445272.TMP
2012-06-12 10:06:04 396416 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-06-12 10:04:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-12 09:17:54 -------- d-----w- c:\program files\HitmanPro
2012-06-12 07:28:17 -------- d-----w- c:\users\papd\appdata\roaming\SUPERAntiSpyware.com
2012-06-12 07:27:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-12 07:27:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-12 06:43:54 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 03:53:49 -------- d-----w- C:\MATS
2012-06-11 12:03:47 -------- d-----w- c:\program files\FileASSASSIN
2012-06-10 13:10:39 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-10 13:10:38 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-10 13:07:11 -------- d-----w- c:\users\papd\appdata\roaming\Ad-Aware Antivirus
2012-06-10 12:44:02 -------- d-----w- c:\program files\CCleaner
2012-06-10 12:27:20 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-10 12:27:20 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-06-10 12:27:04 -------- d-----w- c:\users\papd\appdata\roaming\Simply Super Software
2012-06-10 12:27:04 -------- d-----w- c:\programdata\Simply Super Software
2012-06-10 06:31:13 -------- d-----w- c:\users\papd\appdata\roaming\QuickScan
2012-06-10 02:37:26 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-10 02:37:26 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-09 17:28:02 -------- d-----w- c:\users\papd\appdata\roaming\addpcs
2012-06-09 17:27:12 -------- d-----w- c:\program files\Temp File Cleaner
2012-06-09 16:33:52 6737808 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-06-09 06:51:44 11264 ----a-w- c:\windows\DCEBoot.exe
2012-06-09 06:18:51 -------- d-----w- c:\users\papd\appdata\local\{F7D32BC9-B1FA-11E1-8270-B8AC6F996F26}
2012-06-09 06:17:43 -------- d-----w- c:\users\papd\appdata\roaming\Uqep
2012-06-09 06:17:43 -------- d-----w- c:\users\papd\appdata\roaming\Irywq
2012-06-09 06:17:43 -------- d-----w- c:\users\papd\appdata\roaming\Irik
2012-06-09 06:05:51 6737808 ------w- c:\programdata\microsoft\windows defender\definition updates\{383dc809-b41c-4144-8250-7d701c994a1a}\mpengine.dll
.
==================== Find3M ====================
.
2012-07-02 22:53:33 111632 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-02 22:53:32 148664 ----a-w- c:\windows\system32\WRusr.dll
2012-06-23 10:03:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 10:03:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 06:09:35 102400 ----a-w- c:\windows\RegBootClean.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:31:22.66 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 02 July 2012 - 11:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 03 July 2012 - 12:35 AM

Security check results:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro Security Agent
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Temp File Cleaner
Java™ 6 Update 29
Java Card Security for HP ProtectTools
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent plugin TMAS\TMAS_OL\TMAS_OL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 03 July 2012 - 12:39 AM

Very good - let me have the combofix report when it is complete



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 03 July 2012 - 01:21 AM

thanks for the help so far Gringo.

combofix ran successfully and slooks like it cleaned the services.exe file. I have noticed that my folder views are now being saved, which was a problem i had before.

here are the results:

ComboFix 12-07-02.01 - papd 03/07/2012 15:48:17.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2991.1288 [GMT 10:00]
Running from: c:\users\PAPD\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Trend Micro Security Agent *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\PAPD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\PAPD\Documents\A7BEBFEB.tmp
c:\users\Public\Documents\11A1E7D1.tmp
c:\windows\TEMP\WRusr.dll-980029-0.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 05:57 . 2012-07-03 06:05 -------- d-----w- c:\users\PAPD\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\users\robs\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\users\PAPD01\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 05:57 . 2012-07-03 05:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-02 04:04 . 2012-07-02 04:12 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-07-02 00:10 . 2012-07-02 00:10 -------- d-----w- c:\users\PAPD\AppData\Roaming\FixZeroAccess
2012-06-27 10:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 22:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:42 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:42 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:42 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:41 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:41 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 22:59 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:58 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:58 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:58 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:58 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:58 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:58 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:58 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:58 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:58 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:29 . 2012-06-13 04:29 -------- d-----w- c:\program files\iPod
2012-06-13 04:29 . 2012-06-13 04:30 -------- d-----w- c:\program files\iTunes
2012-06-12 10:15 . 2012-06-12 10:15 -------- d-----w- c:\windows\BF2CAF71704E4F3A9A897D962B445272.TMP
2012-06-12 10:06 . 2012-06-12 10:24 396416 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-06-12 10:04 . 2012-06-12 10:04 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-12 09:17 . 2012-06-12 09:18 -------- d-----w- c:\program files\HitmanPro
2012-06-12 07:28 . 2012-06-12 07:28 -------- d-----w- c:\users\PAPD\AppData\Roaming\SUPERAntiSpyware.com
2012-06-12 07:27 . 2012-06-20 22:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-12 07:27 . 2012-06-12 07:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-12 06:43 . 2012-06-12 06:44 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 03:53 . 2012-06-12 03:58 -------- d-----w- C:\MATS
2012-06-11 12:03 . 2012-06-12 09:44 -------- d-----w- c:\program files\FileASSASSIN
2012-06-10 13:16 . 2012-06-10 13:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Ad-Aware Antivirus
2012-06-10 13:10 . 2012-06-12 03:53 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-10 13:10 . 2012-06-10 13:10 -------- d-----w- c:\programdata\Lavasoft
2012-06-10 13:10 . 2012-06-12 23:15 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-10 13:07 . 2012-06-12 02:23 -------- d-----w- c:\users\PAPD\AppData\Roaming\Ad-Aware Antivirus
2012-06-10 12:44 . 2012-07-02 00:45 -------- d-----w- c:\program files\CCleaner
2012-06-10 12:27 . 2003-02-02 10:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-06-10 12:27 . 2002-03-05 15:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-10 12:27 . 2012-06-10 12:27 -------- d-----w- c:\users\PAPD\AppData\Roaming\Simply Super Software
2012-06-10 12:27 . 2012-06-10 12:27 -------- d-----w- c:\programdata\Simply Super Software
2012-06-10 06:31 . 2012-06-10 06:31 -------- d-----w- c:\users\PAPD\AppData\Roaming\QuickScan
2012-06-10 02:37 . 2012-06-10 05:52 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-10 02:37 . 2012-06-10 02:37 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-09 17:28 . 2012-06-09 17:28 -------- d-----w- c:\users\PAPD\AppData\Roaming\addpcs
2012-06-09 17:27 . 2012-06-09 17:27 -------- d-----w- c:\program files\Temp File Cleaner
2012-06-09 06:51 . 2012-06-10 12:54 11264 ----a-w- c:\windows\DCEBoot.exe
2012-06-09 06:18 . 2012-06-09 06:18 -------- d-----w- c:\users\PAPD\AppData\Local\{F7D32BC9-B1FA-11E1-8270-B8AC6F996F26}
2012-06-09 06:17 . 2012-06-09 06:31 -------- d-----w- c:\users\PAPD\AppData\Roaming\Uqep
2012-06-09 06:17 . 2012-06-09 06:17 -------- d-----w- c:\users\PAPD\AppData\Roaming\Irywq
2012-06-09 06:17 . 2012-06-09 06:17 -------- d-----w- c:\users\PAPD\AppData\Roaming\Irik
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 22:53 . 2012-04-11 23:40 111632 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-02 22:53 . 2012-04-11 23:40 148664 ----a-w- c:\windows\system32\WRusr.dll
2012-06-23 10:03 . 2012-05-25 10:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 10:03 . 2011-05-14 08:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-10 06:09 . 2011-02-13 14:52 102400 ----a-w- c:\windows\RegBootClean.exe
2012-05-23 06:00 . 2012-05-23 06:00 10240 ----a-r- c:\users\PAPD\AppData\Roaming\Microsoft\Installer\{BF2CAF71-704E-4F3A-9A89-7D962B445272}\IconBF2CAF712.exe
2012-05-08 16:40 . 2012-07-03 05:59 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{950F9B02-32ED-48DC-87F0-D44D6EF89388}\mpengine.dll
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-23 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-06-30 1273856]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-06-30 111904]
"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-25 121064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2010-02-24 1160480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-06-02 14904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-02 688360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-03-09 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
.
c:\users\PAPD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 795936]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-2 969792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ------w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543588532-1624789277-537290951-1263\Scripts\Logon\0\0]
"Script"=\\Sbs-server\hostsDeploy\deployHosts.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543588532-1624789277-537290951-1343\Scripts\Logon\0\0]
"Script"=\\Sbs-server\hostsDeploy\deployDCHosts.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2543588532-1624789277-537290951-500\Scripts\Logon\0\0]
"Script"=\\Sbs-server\hostsDeploy\deployHosts.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"estar"=c:\system.sav\Util\HideDOS.EXE c:\system.sav\util\estartwk\twk7.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\PAPD\AppData\Local\Temp\Rar$EX07.256\Run\a2ddax86.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]
S1 RsvLock;RsvLock; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S2 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SMManager;HP Connection Manager Service;c:\program files\Hewlett-Packard\HP Connection Manager\SMManager.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys [x]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 03:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 10:03]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForpapd.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:15]
.
2012-07-03 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-03-07 17:29]
.
2012-07-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-02-03 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.16.10 192.168.1.1
DPF: {00134F72-5284-44F7-95A8-52A619F70752} - hxxp://sbs-server.accountants.local:8059/officescan/console/ClientInstall/WinNTChk.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HP Connection Manager.exe - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(6936)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxrENU.lrc
c:\windows\system32\igfxsrvc.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNamespaceExt.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNeLib.dll
c:\program files\WIDCOMM\Bluetooth Software\btwapi.dll
c:\program files\WIDCOMM\Bluetooth Software\btosif.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Super_DVD_Creator_9.82\NMSAccessU.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
c:\windows\regedit.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
c:\program files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Completion time: 2012-07-03 16:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 06:16
.
Pre-Run: 82,097,614,848 bytes free
Post-Run: 82,027,802,624 bytes free
.
- - End Of File - - 55F3107473A31A7C77456793A19F2D16

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 03 July 2012 - 01:33 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 03 July 2012 - 01:44 AM

TDSS Report here:

16:43:00.0274 2140 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
16:43:01.0226 2140 ============================================================
16:43:01.0226 2140 Current date / time: 2012/07/03 16:43:01.0226
16:43:01.0226 2140 SystemInfo:
16:43:01.0226 2140
16:43:01.0226 2140 OS Version: 6.1.7601 ServicePack: 1.0
16:43:01.0226 2140 Product type: Workstation
16:43:01.0226 2140 ComputerName: PAPD01-HP
16:43:01.0226 2140 UserName: papd
16:43:01.0226 2140 Windows directory: C:\windows
16:43:01.0226 2140 System windows directory: C:\windows
16:43:01.0226 2140 Processor architecture: Intel x86
16:43:01.0226 2140 Number of processors: 4
16:43:01.0226 2140 Page size: 0x1000
16:43:01.0226 2140 Boot type: Normal boot
16:43:01.0226 2140 ============================================================
16:43:02.0661 2140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:43:02.0707 2140 Drive \Device\Harddisk1\DR1 - Size: 0xEEC00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:43:02.0707 2140 ============================================================
16:43:02.0707 2140 \Device\Harddisk0\DR0:
16:43:02.0707 2140 MBR partitions:
16:43:02.0707 2140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
16:43:02.0707 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
16:43:02.0707 2140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
16:43:02.0707 2140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
16:43:02.0707 2140 \Device\Harddisk1\DR1:
16:43:02.0707 2140 MBR partitions:
16:43:02.0707 2140 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774080
16:43:02.0707 2140 ============================================================
16:43:02.0770 2140 C: <-> \Device\Harddisk0\DR0\Partition1
16:43:02.0785 2140 F: <-> \Device\Harddisk0\DR0\Partition3
16:43:02.0848 2140 Y: <-> \Device\Harddisk0\DR0\Partition0
16:43:02.0848 2140 ============================================================
16:43:02.0848 2140 Initialize success
16:43:02.0848 2140 ============================================================
16:43:08.0591 7236 ============================================================
16:43:08.0591 7236 Scan started
16:43:08.0591 7236 Mode: Manual;
16:43:08.0591 7236 ============================================================
16:43:10.0167 7236 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:43:10.0182 7236 !SASCORE - ok
16:43:10.0385 7236 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
16:43:10.0416 7236 1394ohci - ok
16:43:10.0510 7236 A2DDA - ok
16:43:10.0588 7236 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:43:10.0604 7236 ac.sharedstore - ok
16:43:10.0650 7236 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\windows\system32\DRIVERS\Accelerometer.sys
16:43:10.0697 7236 Accelerometer - ok
16:43:10.0806 7236 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
16:43:10.0869 7236 ACPI - ok
16:43:10.0916 7236 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
16:43:10.0931 7236 AcpiPmi - ok
16:43:11.0056 7236 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:11.0056 7236 AdobeARMservice - ok
16:43:11.0150 7236 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:11.0181 7236 AdobeFlashPlayerUpdateSvc - ok
16:43:11.0243 7236 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:43:11.0290 7236 adp94xx - ok
16:43:11.0352 7236 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:43:11.0462 7236 adpahci - ok
16:43:11.0524 7236 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:43:11.0571 7236 adpu320 - ok
16:43:11.0618 7236 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
16:43:11.0633 7236 AeLookupSvc - ok
16:43:11.0696 7236 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
16:43:11.0711 7236 AESTFilters - ok
16:43:11.0789 7236 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
16:43:11.0789 7236 AFD - ok
16:43:11.0836 7236 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:43:11.0836 7236 AgereModemAudio - ok
16:43:11.0961 7236 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\windows\system32\DRIVERS\AGRSM.sys
16:43:12.0039 7236 AgereSoftModem - ok
16:43:12.0086 7236 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
16:43:12.0132 7236 agp440 - ok
16:43:12.0179 7236 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:43:12.0226 7236 aic78xx - ok
16:43:12.0304 7236 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
16:43:12.0351 7236 ALG - ok
16:43:12.0413 7236 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
16:43:12.0429 7236 aliide - ok
16:43:12.0460 7236 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
16:43:12.0507 7236 amdagp - ok
16:43:12.0554 7236 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
16:43:12.0554 7236 amdide - ok
16:43:12.0585 7236 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:43:12.0632 7236 AmdK8 - ok
16:43:12.0678 7236 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:43:12.0710 7236 AmdPPM - ok
16:43:12.0772 7236 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
16:43:12.0819 7236 amdsata - ok
16:43:12.0881 7236 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:43:12.0959 7236 amdsbs - ok
16:43:12.0990 7236 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
16:43:13.0006 7236 amdxata - ok
16:43:13.0100 7236 Amsp (a119a4aeb0e23884c4a92be3f5f5ab12) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:43:13.0100 7236 Amsp - ok
16:43:13.0178 7236 AnyDVD (133b7b6d6a3ec9e46fbe742ee1516c37) C:\windows\system32\Drivers\AnyDVD.sys
16:43:13.0209 7236 AnyDVD - ok
16:43:13.0256 7236 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
16:43:13.0287 7236 AppID - ok
16:43:13.0334 7236 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
16:43:13.0349 7236 AppIDSvc - ok
16:43:13.0412 7236 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
16:43:13.0427 7236 Appinfo - ok
16:43:13.0568 7236 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:13.0568 7236 Apple Mobile Device - ok
16:43:13.0661 7236 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
16:43:13.0661 7236 AppMgmt - ok
16:43:13.0692 7236 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:43:13.0739 7236 arc - ok
16:43:13.0786 7236 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:43:13.0833 7236 arcsas - ok
16:43:13.0942 7236 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:43:13.0989 7236 aspnet_state - ok
16:43:14.0035 7236 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:43:14.0035 7236 AsyncMac - ok
16:43:14.0082 7236 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
16:43:14.0082 7236 atapi - ok
16:43:14.0145 7236 atksgt (547f07839f71a4357a5e503646cac2b0) C:\windows\system32\DRIVERS\atksgt.sys
16:43:14.0176 7236 atksgt - ok
16:43:14.0254 7236 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:43:14.0285 7236 AudioEndpointBuilder - ok
16:43:14.0285 7236 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:43:14.0301 7236 Audiosrv - ok
16:43:14.0347 7236 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
16:43:14.0410 7236 AxInstSV - ok
16:43:14.0488 7236 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:43:14.0566 7236 b06bdrv - ok
16:43:14.0722 7236 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:43:14.0769 7236 b57nd60x - ok
16:43:14.0815 7236 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
16:43:14.0831 7236 BDESVC - ok
16:43:14.0847 7236 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:43:14.0878 7236 Beep - ok
16:43:15.0003 7236 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
16:43:15.0065 7236 BFE - ok
16:43:15.0159 7236 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
16:43:15.0190 7236 BITS - ok
16:43:15.0221 7236 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:43:15.0252 7236 blbdrive - ok
16:43:15.0377 7236 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:43:15.0393 7236 Bonjour Service - ok
16:43:15.0424 7236 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
16:43:15.0455 7236 bowser - ok
16:43:15.0486 7236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:43:15.0517 7236 BrFiltLo - ok
16:43:15.0549 7236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:43:15.0580 7236 BrFiltUp - ok
16:43:15.0642 7236 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
16:43:15.0689 7236 BridgeMP - ok
16:43:15.0876 7236 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
16:43:15.0923 7236 Browser - ok
16:43:16.0079 7236 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:43:16.0141 7236 Brserid - ok
16:43:16.0157 7236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:43:16.0173 7236 BrSerWdm - ok
16:43:16.0204 7236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:43:16.0235 7236 BrUsbMdm - ok
16:43:16.0282 7236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:43:16.0344 7236 BrUsbSer - ok
16:43:16.0391 7236 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
16:43:16.0438 7236 BthEnum - ok
16:43:16.0485 7236 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:43:16.0500 7236 BTHMODEM - ok
16:43:16.0578 7236 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:43:16.0594 7236 BthPan - ok
16:43:16.0750 7236 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
16:43:16.0812 7236 BTHPORT - ok
16:43:17.0031 7236 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
16:43:17.0077 7236 bthserv - ok
16:43:17.0109 7236 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
16:43:17.0155 7236 BTHUSB - ok
16:43:17.0249 7236 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys
16:43:17.0296 7236 btwaudio - ok
16:43:17.0530 7236 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
16:43:17.0561 7236 btwavdt - ok
16:43:18.0044 7236 btwdins (e2aced92a998e339dc5964c94e3ddb55) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:43:18.0076 7236 btwdins - ok
16:43:18.0434 7236 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
16:43:18.0544 7236 btwl2cap - ok
16:43:18.0653 7236 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
16:43:18.0700 7236 btwrchid - ok
16:43:18.0824 7236 catchme - ok
16:43:18.0871 7236 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:43:18.0902 7236 cdfs - ok
16:43:18.0965 7236 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
16:43:19.0012 7236 cdrom - ok
16:43:19.0043 7236 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:43:19.0043 7236 CertPropSvc - ok
16:43:19.0074 7236 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:43:19.0105 7236 circlass - ok
16:43:19.0183 7236 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:43:19.0183 7236 CLFS - ok
16:43:19.0261 7236 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:19.0277 7236 clr_optimization_v2.0.50727_32 - ok
16:43:19.0558 7236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:19.0589 7236 clr_optimization_v4.0.30319_32 - ok
16:43:19.0636 7236 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:43:19.0651 7236 CmBatt - ok
16:43:19.0792 7236 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
16:43:19.0807 7236 cmdide - ok
16:43:20.0197 7236 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
16:43:20.0228 7236 CNG - ok
16:43:20.0275 7236 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:43:20.0306 7236 Compbatt - ok
16:43:20.0384 7236 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
16:43:20.0400 7236 CompositeBus - ok
16:43:20.0400 7236 COMSysApp - ok
16:43:20.0618 7236 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
16:43:20.0650 7236 cpudrv - ok
16:43:20.0696 7236 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:43:20.0696 7236 crcdisk - ok
16:43:20.0759 7236 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
16:43:20.0774 7236 CryptSvc - ok
16:43:20.0821 7236 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
16:43:20.0915 7236 CSC - ok
16:43:21.0008 7236 CscService (15f93b37f6801943360d9eb42485d5d3) C:\windows\System32\cscsvc.dll
16:43:21.0008 7236 CscService - ok
16:43:21.0040 7236 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
16:43:21.0055 7236 DAMDrv - ok
16:43:21.0118 7236 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\windows\system32\DRIVERS\dc3d.sys
16:43:21.0149 7236 dc3d - ok
16:43:21.0289 7236 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:43:21.0289 7236 DcomLaunch - ok
16:43:21.0320 7236 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
16:43:21.0367 7236 defragsvc - ok
16:43:21.0398 7236 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
16:43:21.0461 7236 DfsC - ok
16:43:21.0539 7236 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
16:43:21.0586 7236 Dhcp - ok
16:43:21.0601 7236 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:43:21.0601 7236 discache - ok
16:43:21.0632 7236 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:43:21.0664 7236 Disk - ok
16:43:21.0726 7236 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
16:43:21.0757 7236 Dnscache - ok
16:43:21.0835 7236 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
16:43:21.0944 7236 dot3svc - ok
16:43:22.0053 7236 DpHost (cace0fdd5d1ea41a36ac8ce590330834) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
16:43:22.0053 7236 DpHost - ok
16:43:22.0100 7236 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
16:43:22.0163 7236 DPS - ok
16:43:22.0194 7236 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:43:22.0209 7236 drmkaud - ok
16:43:22.0287 7236 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
16:43:22.0397 7236 DXGKrnl - ok
16:43:22.0506 7236 e1kexpress (20c70a4226c9a066d2ead0c814083a95) C:\windows\system32\DRIVERS\e1k6232.sys
16:43:22.0553 7236 e1kexpress - ok
16:43:22.0599 7236 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
16:43:22.0615 7236 EapHost - ok
16:43:22.0787 7236 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:43:22.0927 7236 ebdrv - ok
16:43:23.0255 7236 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
16:43:23.0255 7236 EFS - ok
16:43:23.0348 7236 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
16:43:23.0442 7236 ehRecvr - ok
16:43:23.0551 7236 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
16:43:23.0598 7236 ehSched - ok
16:43:23.0754 7236 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\windows\system32\Drivers\ElbyCDIO.sys
16:43:23.0801 7236 ElbyCDIO - ok
16:43:23.0863 7236 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:43:23.0894 7236 elxstor - ok
16:43:23.0925 7236 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
16:43:23.0988 7236 ErrDev - ok
16:43:24.0144 7236 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
16:43:24.0144 7236 EventSystem - ok
16:43:24.0300 7236 EvtEng (33abddb21de2f4bb1b05a5a3a671bd64) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:43:24.0331 7236 EvtEng - ok
16:43:24.0378 7236 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:43:24.0409 7236 exfat - ok
16:43:24.0456 7236 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:43:24.0487 7236 fastfat - ok
16:43:24.0581 7236 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
16:43:24.0581 7236 Fax - ok
16:43:24.0596 7236 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:43:24.0643 7236 fdc - ok
16:43:24.0674 7236 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
16:43:24.0721 7236 fdPHost - ok
16:43:24.0783 7236 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
16:43:24.0815 7236 FDResPub - ok
16:43:24.0830 7236 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:43:24.0846 7236 FileInfo - ok
16:43:24.0861 7236 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:43:24.0893 7236 Filetrace - ok
16:43:24.0955 7236 FLCDLOCK (614b050875190ffe7abbaf0cbb4fbbba) c:\Windows\system32\flcdlock.exe
16:43:25.0049 7236 FLCDLOCK - ok
16:43:25.0064 7236 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:43:25.0080 7236 flpydisk - ok
16:43:25.0111 7236 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:43:25.0127 7236 FltMgr - ok
16:43:25.0236 7236 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
16:43:25.0329 7236 FontCache - ok
16:43:25.0392 7236 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:25.0392 7236 FontCache3.0.0.0 - ok
16:43:25.0423 7236 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:43:25.0454 7236 FsDepends - ok
16:43:25.0532 7236 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
16:43:25.0579 7236 fssfltr - ok
16:43:25.0766 7236 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:43:25.0844 7236 fsssvc - ok
16:43:26.0125 7236 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
16:43:26.0140 7236 Fs_Rec - ok
16:43:26.0187 7236 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
16:43:26.0187 7236 fvevol - ok
16:43:26.0234 7236 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:43:26.0281 7236 gagp30kx - ok
16:43:26.0359 7236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:43:26.0390 7236 GEARAspiWDM - ok
16:43:26.0499 7236 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
16:43:26.0546 7236 gpsvc - ok
16:43:26.0577 7236 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:43:26.0593 7236 hcw85cir - ok
16:43:26.0671 7236 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
16:43:26.0733 7236 HdAudAddService - ok
16:43:26.0796 7236 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
16:43:26.0842 7236 HDAudBus - ok
16:43:26.0874 7236 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
16:43:26.0905 7236 HECI - ok
16:43:26.0936 7236 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:43:26.0936 7236 HidBatt - ok
16:43:26.0967 7236 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:43:27.0014 7236 HidBth - ok
16:43:27.0076 7236 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:43:27.0092 7236 HidIr - ok
16:43:27.0123 7236 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
16:43:27.0123 7236 hidserv - ok
16:43:27.0170 7236 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
16:43:27.0217 7236 HidUsb - ok
16:43:27.0310 7236 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
16:43:27.0357 7236 hkmsvc - ok
16:43:27.0435 7236 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
16:43:27.0513 7236 HomeGroupListener - ok
16:43:27.0560 7236 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
16:43:27.0607 7236 HomeGroupProvider - ok
16:43:27.0732 7236 HP Power Assistant Service (ef7d31fa67218a62acb717bdbd2b8cd4) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
16:43:27.0732 7236 HP Power Assistant Service - ok
16:43:27.0794 7236 HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
16:43:27.0794 7236 HP ProtectTools Service - ok
16:43:27.0934 7236 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:43:27.0981 7236 HP Support Assistant Service - ok
16:43:28.0044 7236 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:43:28.0059 7236 HP Wireless Assistant Service - ok
16:43:28.0090 7236 HPDayStarterService (18b19a49a2b92c356d225012ce354e60) c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
16:43:28.0090 7236 HPDayStarterService - ok
16:43:28.0278 7236 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:43:28.0278 7236 HPDrvMntSvc.exe - ok
16:43:28.0387 7236 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\windows\system32\DRIVERS\hpdskflt.sys
16:43:28.0418 7236 hpdskflt - ok
16:43:28.0480 7236 HpFkCryptService (5afb3f9b74553bd933555e1c800d2ce1) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
16:43:28.0480 7236 HpFkCryptService - ok
16:43:28.0543 7236 HPFSService (8205da7b4191acd96f76b81e42945754) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
16:43:28.0558 7236 HPFSService - ok
16:43:28.0605 7236 hpHotkeyMonitor (4d94f4d7782657e79eb1352570b563db) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
16:43:28.0621 7236 hpHotkeyMonitor - ok
16:43:28.0652 7236 HpqKbFiltr (ee9f88368739554dcca142ae0214bcb1) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
16:43:28.0668 7236 HpqKbFiltr - ok
16:43:28.0777 7236 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
16:43:28.0792 7236 hpqwmiex - ok
16:43:28.0855 7236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
16:43:28.0902 7236 HpSAMD - ok
16:43:28.0995 7236 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\windows\system32\Hpservice.exe
16:43:29.0011 7236 hpsrv - ok
16:43:29.0089 7236 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
16:43:29.0104 7236 HTTP - ok
16:43:29.0136 7236 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
16:43:29.0136 7236 hwpolicy - ok
16:43:29.0182 7236 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
16:43:29.0198 7236 i8042prt - ok
16:43:29.0385 7236 IAANTMON (d782f0c741ee2d50ac8d38774597fb2b) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:43:29.0401 7236 IAANTMON - ok
16:43:29.0448 7236 iaStor (d9d3f168a2fd4c2380d98821a3ff3357) C:\windows\system32\DRIVERS\iaStor.sys
16:43:29.0463 7236 iaStor - ok
16:43:29.0526 7236 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
16:43:29.0588 7236 iaStorV - ok
16:43:29.0728 7236 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:29.0791 7236 idsvc - ok
16:43:29.0931 7236 IFXSpMgtSrv (f52def944a2b149af079d094baab22e1) C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
16:43:29.0947 7236 IFXSpMgtSrv - ok
16:43:30.0009 7236 IFXTCS (32d2f6c67511c90a3fe2c31de887a767) C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
16:43:30.0025 7236 IFXTCS - ok
16:43:30.0898 7236 igfx (40f8a0f85bce94f766808aeee8f96fa8) C:\windows\system32\DRIVERS\igdkmd32.sys
16:43:31.0241 7236 igfx - ok
16:43:31.0413 7236 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:43:31.0444 7236 iirsp - ok
16:43:31.0538 7236 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
16:43:31.0600 7236 IKEEXT - ok
16:43:31.0663 7236 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
16:43:31.0694 7236 Impcd - ok
16:43:31.0787 7236 IntcDAud (c4fa261b9b5c9822d26020949605ac43) C:\windows\system32\DRIVERS\IntcDAud.sys
16:43:31.0834 7236 IntcDAud - ok
16:43:31.0881 7236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
16:43:31.0897 7236 intelide - ok
16:43:31.0928 7236 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:43:31.0959 7236 intelppm - ok
16:43:32.0006 7236 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
16:43:32.0006 7236 IPBusEnum - ok
16:43:32.0037 7236 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:43:32.0037 7236 IpFilterDriver - ok
16:43:32.0131 7236 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
16:43:32.0162 7236 iphlpsvc - ok
16:43:32.0224 7236 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
16:43:32.0287 7236 IPMIDRV - ok
16:43:32.0318 7236 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:43:32.0349 7236 IPNAT - ok
16:43:32.0458 7236 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
16:43:32.0474 7236 iPod Service - ok
16:43:32.0505 7236 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:43:32.0521 7236 IRENUM - ok
16:43:32.0661 7236 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
16:43:32.0692 7236 isapnp - ok
16:43:32.0723 7236 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
16:43:32.0739 7236 iScsiPrt - ok
16:43:32.0801 7236 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
16:43:32.0801 7236 kbdclass - ok
16:43:32.0833 7236 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
16:43:32.0848 7236 kbdhid - ok
16:43:32.0895 7236 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:32.0895 7236 KeyIso - ok
16:43:32.0911 7236 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
16:43:32.0926 7236 KSecDD - ok
16:43:32.0973 7236 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
16:43:33.0020 7236 KSecPkg - ok
16:43:33.0129 7236 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
16:43:33.0129 7236 KSS - ok
16:43:33.0176 7236 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
16:43:33.0223 7236 KtmRm - ok
16:43:33.0269 7236 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
16:43:33.0301 7236 LanmanServer - ok
16:43:33.0347 7236 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
16:43:33.0394 7236 LanmanWorkstation - ok
16:43:33.0534 7236 LightScribeService (6e7b4e75e8a226edc8a9a8b1c3510f9b) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:43:33.0550 7236 LightScribeService - ok
16:43:33.0597 7236 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\windows\system32\DRIVERS\lirsgt.sys
16:43:33.0597 7236 lirsgt - ok
16:43:33.0644 7236 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:43:33.0675 7236 lltdio - ok
16:43:33.0722 7236 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
16:43:33.0753 7236 lltdsvc - ok
16:43:33.0768 7236 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
16:43:33.0800 7236 lmhosts - ok
16:43:33.0878 7236 LMS (271f79326cd571bd271d45c47148ed78) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:43:33.0893 7236 LMS - ok
16:43:33.0940 7236 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:43:33.0971 7236 LSI_FC - ok
16:43:34.0002 7236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:43:34.0034 7236 LSI_SAS - ok
16:43:34.0049 7236 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:43:34.0065 7236 LSI_SAS2 - ok
16:43:34.0080 7236 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:43:34.0127 7236 LSI_SCSI - ok
16:43:34.0158 7236 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:43:34.0205 7236 luafv - ok
16:43:34.0268 7236 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
16:43:34.0283 7236 MBAMProtector - ok
16:43:34.0377 7236 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:43:34.0408 7236 MBAMService - ok
16:43:34.0470 7236 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
16:43:34.0470 7236 Mcx2Svc - ok
16:43:34.0517 7236 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:43:34.0517 7236 megasas - ok
16:43:34.0548 7236 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:43:34.0580 7236 MegaSR - ok
16:43:34.0611 7236 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:43:34.0611 7236 MMCSS - ok
16:43:34.0642 7236 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:43:34.0658 7236 Modem - ok
16:43:34.0673 7236 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:43:34.0673 7236 monitor - ok
16:43:34.0720 7236 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
16:43:34.0751 7236 mouclass - ok
16:43:34.0767 7236 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:43:34.0798 7236 mouhid - ok
16:43:34.0860 7236 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
16:43:34.0860 7236 mountmgr - ok
16:43:34.0907 7236 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
16:43:34.0938 7236 mpio - ok
16:43:34.0970 7236 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:43:35.0016 7236 mpsdrv - ok
16:43:35.0126 7236 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
16:43:35.0126 7236 MpsSvc - ok
16:43:35.0172 7236 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
16:43:35.0188 7236 MRxDAV - ok
16:43:35.0219 7236 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
16:43:35.0235 7236 mrxsmb - ok
16:43:35.0391 7236 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:43:35.0438 7236 mrxsmb10 - ok
16:43:35.0469 7236 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:43:35.0484 7236 mrxsmb20 - ok
16:43:35.0500 7236 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
16:43:35.0531 7236 msahci - ok
16:43:35.0562 7236 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
16:43:35.0578 7236 msdsm - ok
16:43:35.0687 7236 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
16:43:35.0703 7236 MSDTC - ok
16:43:35.0734 7236 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:43:35.0750 7236 Msfs - ok
16:43:35.0750 7236 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:43:35.0781 7236 mshidkmdf - ok
16:43:35.0812 7236 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
16:43:35.0843 7236 msisadrv - ok
16:43:35.0890 7236 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
16:43:35.0921 7236 MSiSCSI - ok
16:43:35.0921 7236 msiserver - ok
16:43:35.0937 7236 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:43:35.0952 7236 MSKSSRV - ok
16:43:35.0968 7236 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:43:35.0968 7236 MSPCLOCK - ok
16:43:35.0984 7236 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:43:35.0984 7236 MSPQM - ok
16:43:36.0015 7236 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:43:36.0046 7236 MsRPC - ok
16:43:36.0186 7236 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
16:43:36.0233 7236 mssmbios - ok
16:43:36.0264 7236 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:43:36.0264 7236 MSTEE - ok
16:43:36.0280 7236 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:43:36.0296 7236 MTConfig - ok
16:43:36.0374 7236 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:43:36.0420 7236 Mup - ok
16:43:36.0530 7236 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
16:43:36.0545 7236 napagent - ok
16:43:36.0592 7236 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:43:36.0654 7236 NativeWifiP - ok
16:43:36.0764 7236 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
16:43:36.0779 7236 NDIS - ok
16:43:36.0795 7236 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:43:36.0810 7236 NdisCap - ok
16:43:36.0826 7236 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:43:36.0826 7236 NdisTapi - ok
16:43:36.0873 7236 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
16:43:36.0904 7236 Ndisuio - ok
16:43:36.0951 7236 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
16:43:37.0029 7236 NdisWan - ok
16:43:37.0200 7236 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
16:43:37.0216 7236 NDProxy - ok
16:43:37.0263 7236 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\windows\system32\HPZinw12.dll
16:43:37.0263 7236 Net Driver HPZ12 - ok
16:43:37.0278 7236 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:43:37.0278 7236 NetBIOS - ok
16:43:37.0388 7236 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
16:43:37.0403 7236 NetBT - ok
16:43:37.0419 7236 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:37.0419 7236 Netlogon - ok
16:43:37.0481 7236 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
16:43:37.0512 7236 Netman - ok
16:43:37.0543 7236 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
16:43:37.0559 7236 netprofm - ok
16:43:37.0668 7236 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:37.0699 7236 NetTcpPortSharing - ok
16:43:38.0167 7236 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
16:43:38.0479 7236 NETw5s32 - ok
16:43:39.0150 7236 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\windows\system32\DRIVERS\NETwNs32.sys
16:43:39.0649 7236 NETwNs32 - ok
16:43:39.0743 7236 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:43:39.0743 7236 nfrd960 - ok
16:43:39.0790 7236 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
16:43:39.0805 7236 NlaSvc - ok
16:43:39.0915 7236 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\Super_DVD_Creator_9.82\NMSAccessU.exe
16:43:39.0915 7236 NMSAccessU - ok
16:43:39.0946 7236 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:43:39.0946 7236 Npfs - ok
16:43:39.0961 7236 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
16:43:40.0008 7236 nsi - ok
16:43:40.0024 7236 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:43:40.0024 7236 nsiproxy - ok
16:43:40.0211 7236 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
16:43:40.0242 7236 Ntfs - ok
16:43:40.0367 7236 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:43:40.0367 7236 Null - ok
16:43:40.0429 7236 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
16:43:40.0476 7236 nvraid - ok
16:43:40.0523 7236 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
16:43:40.0554 7236 nvstor - ok
16:43:40.0632 7236 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
16:43:40.0663 7236 nv_agp - ok
16:43:40.0695 7236 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
16:43:40.0726 7236 ohci1394 - ok
16:43:40.0804 7236 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:40.0819 7236 ose - ok
16:43:41.0287 7236 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:43:41.0318 7236 osppsvc - ok
16:43:41.0474 7236 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:43:41.0490 7236 p2pimsvc - ok
16:43:41.0521 7236 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
16:43:41.0568 7236 p2psvc - ok
16:43:41.0630 7236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:43:41.0677 7236 Parport - ok
16:43:41.0724 7236 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
16:43:41.0740 7236 partmgr - ok
16:43:41.0755 7236 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:43:41.0755 7236 Parvdm - ok
16:43:41.0818 7236 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
16:43:41.0849 7236 pbfilter - ok
16:43:41.0864 7236 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
16:43:41.0880 7236 PcaSvc - ok
16:43:41.0927 7236 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
16:43:41.0974 7236 pci - ok
16:43:42.0020 7236 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
16:43:42.0020 7236 pciide - ok
16:43:42.0052 7236 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:43:42.0083 7236 pcmcia - ok
16:43:42.0130 7236 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:43:42.0130 7236 pcw - ok
16:43:42.0145 7236 pdfcDispatcher - ok
16:43:42.0332 7236 PdiService (4a8cc4d25525f456069887d5e8c53225) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
16:43:42.0332 7236 PdiService - ok
16:43:42.0395 7236 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:43:42.0426 7236 PEAUTH - ok
16:43:42.0535 7236 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
16:43:42.0535 7236 PeerDistSvc - ok
16:43:42.0629 7236 PersonalSecureDrive (b27f1df5abc5240480d4d2d9666867a5) C:\windows\System32\drivers\psd.sys
16:43:42.0660 7236 PersonalSecureDrive - ok
16:43:42.0785 7236 PersonalSecureDriveService (ed3fd75339c3b6fec93eae2513e0a46e) C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
16:43:42.0800 7236 PersonalSecureDriveService - ok
16:43:42.0910 7236 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
16:43:42.0941 7236 pla - ok
16:43:43.0050 7236 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
16:43:43.0066 7236 PlugPlay - ok
16:43:43.0112 7236 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\windows\system32\HPZipm12.dll
16:43:43.0144 7236 Pml Driver HPZ12 - ok
16:43:43.0175 7236 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
16:43:43.0175 7236 PNRPAutoReg - ok
16:43:43.0237 7236 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:43:43.0237 7236 PNRPsvc - ok
16:43:43.0301 7236 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\windows\system32\DRIVERS\point32.sys
16:43:43.0332 7236 Point32 - ok
16:43:43.0379 7236 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
16:43:43.0394 7236 PolicyAgent - ok
16:43:43.0441 7236 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
16:43:43.0441 7236 Power - ok
16:43:43.0472 7236 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:43:43.0488 7236 PptpMiniport - ok
16:43:43.0519 7236 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:43:43.0519 7236 Processor - ok
16:43:43.0566 7236 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
16:43:43.0566 7236 ProfSvc - ok
16:43:43.0613 7236 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:43.0613 7236 ProtectedStorage - ok
16:43:43.0628 7236 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:43:43.0628 7236 Psched - ok
16:43:43.0675 7236 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
16:43:43.0675 7236 PxHelp20 - ok
16:43:43.0753 7236 QBCFMonitorService (92ee9539fd098a98ad1b9213a31f53f7) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:43:43.0753 7236 QBCFMonitorService - ok
16:43:43.0784 7236 QBFCService (f96b91c823702f55dfdc676f046933ec) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:43:43.0800 7236 QBFCService - ok
16:43:43.0831 7236 qcfilterhp2k (34a8537519c22ae23e0d2041b47b577d) C:\windows\system32\DRIVERS\qcfilterhp2k.sys
16:43:43.0862 7236 qcfilterhp2k - ok
16:43:43.0893 7236 qcombushp (cb5f093563aa7f502dd6c4063a6511cd) C:\windows\system32\DRIVERS\qcombushp.sys
16:43:43.0925 7236 qcombushp - ok
16:43:44.0003 7236 qcusbnethp2k (65f798f08bc72c86d88fd2c02cfefcc9) C:\windows\system32\DRIVERS\qcusbnethp2k.sys
16:43:44.0065 7236 qcusbnethp2k - ok
16:43:44.0127 7236 qcusbserhp2k (6e7c572e60553046a42c2377deeff6a9) C:\windows\system32\DRIVERS\qcusbserhp2k.sys
16:43:44.0190 7236 qcusbserhp2k - ok
16:43:44.0361 7236 QDLService2kHP (6e780837d7a737e3ab258465158ecafb) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
16:43:44.0408 7236 QDLService2kHP - ok
16:43:44.0673 7236 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:43:44.0767 7236 ql2300 - ok
16:43:44.0861 7236 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:43:44.0907 7236 ql40xx - ok
16:43:45.0001 7236 QuickBooksDB21 - ok
16:43:45.0048 7236 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
16:43:45.0095 7236 QWAVE - ok
16:43:45.0126 7236 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:43:45.0141 7236 QWAVEdrv - ok
16:43:45.0157 7236 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:43:45.0173 7236 RasAcd - ok
16:43:45.0188 7236 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:43:45.0204 7236 RasAgileVpn - ok
16:43:45.0219 7236 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
16:43:45.0235 7236 RasAuto - ok
16:43:45.0250 7236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:43:45.0266 7236 Rasl2tp - ok
16:43:45.0328 7236 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
16:43:45.0375 7236 RasMan - ok
16:43:45.0406 7236 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:43:45.0422 7236 RasPppoe - ok
16:43:45.0453 7236 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:43:45.0469 7236 RasSstp - ok
16:43:45.0609 7236 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
16:43:45.0656 7236 rdbss - ok
16:43:45.0718 7236 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:43:45.0718 7236 rdpbus - ok
16:43:45.0750 7236 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
16:43:45.0750 7236 RDPCDD - ok
16:43:45.0796 7236 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
16:43:45.0828 7236 RDPDR - ok
16:43:45.0843 7236 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:43:45.0843 7236 RDPENCDD - ok
16:43:45.0859 7236 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:43:45.0859 7236 RDPREFMP - ok
16:43:45.0906 7236 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
16:43:45.0952 7236 RDPWD - ok
16:43:46.0015 7236 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
16:43:46.0046 7236 rdyboost - ok
16:43:46.0186 7236 RegSrvc (03d281098ce722210c48e1e8cafea260) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:43:46.0202 7236 RegSrvc - ok
16:43:46.0233 7236 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
16:43:46.0264 7236 RemoteAccess - ok
16:43:46.0311 7236 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
16:43:46.0327 7236 RemoteRegistry - ok
16:43:46.0374 7236 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:43:46.0389 7236 RFCOMM - ok
16:43:46.0436 7236 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
16:43:46.0452 7236 rimspci - ok
16:43:46.0514 7236 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
16:43:46.0530 7236 RimUsb - ok
16:43:46.0592 7236 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
16:43:46.0623 7236 risdpcie - ok
16:43:46.0670 7236 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\windows\system32\DRIVERS\rixdpe86.sys
16:43:46.0686 7236 rixdpcie - ok
16:43:46.0701 7236 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
16:43:46.0701 7236 RpcEptMapper - ok
16:43:46.0732 7236 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
16:43:46.0779 7236 RpcLocator - ok
16:43:46.0920 7236 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:43:46.0920 7236 RpcSs - ok
16:43:46.0951 7236 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:43:46.0951 7236 rspndr - ok
16:43:46.0966 7236 RsvLock (6c50aded23d160c95fc9859748c253dd) C:\windows\system32\drivers\RsvLock.sys
16:43:46.0982 7236 RsvLock - ok
16:43:46.0998 7236 rtsuvc (40ae35f1fdbac1f4b0c53d2ed77a0e3f) C:\windows\system32\DRIVERS\rtsuvc.sys
16:43:47.0013 7236 rtsuvc - ok
16:43:47.0044 7236 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
16:43:47.0060 7236 s3cap - ok
16:43:47.0076 7236 SafeBoot (31b48cb3d35d076291e3b8afd9a7f203) C:\windows\system32\drivers\SafeBoot.sys
16:43:47.0107 7236 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 31b48cb3d35d076291e3b8afd9a7f203
16:43:47.0107 7236 SafeBoot ( LockedFile.Multi.Generic ) - warning
16:43:47.0107 7236 SafeBoot - detected LockedFile.Multi.Generic (1)
16:43:47.0138 7236 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:47.0138 7236 SamSs - ok
16:43:47.0185 7236 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:43:47.0216 7236 SASDIFSV - ok
16:43:47.0263 7236 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:43:47.0294 7236 SASKUTIL - ok
16:43:47.0325 7236 SbAlg (67215032a3039e5b78bbbbb4f21b904e) C:\windows\system32\drivers\SbAlg.sys
16:43:47.0341 7236 SbAlg - ok
16:43:47.0403 7236 SbFsLock (cd8e12bb9b16c55def2ac52b78a09f09) C:\windows\system32\drivers\SbFsLock.sys
16:43:47.0434 7236 SbFsLock - ok
16:43:47.0497 7236 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
16:43:47.0544 7236 sbp2port - ok
16:43:47.0731 7236 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:43:47.0762 7236 SBSDWSCService - ok
16:43:47.0902 7236 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
16:43:47.0980 7236 SCardSvr - ok
16:43:48.0043 7236 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\windows\system32\drivers\SCDEmu.sys
16:43:48.0058 7236 SCDEmu - ok
16:43:48.0090 7236 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
16:43:48.0105 7236 scfilter - ok
16:43:48.0183 7236 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
16:43:48.0199 7236 Schedule - ok
16:43:48.0230 7236 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:43:48.0246 7236 SCPolicySvc - ok
16:43:48.0292 7236 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys
16:43:48.0339 7236 sdbus - ok
16:43:48.0433 7236 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
16:43:48.0464 7236 SDRSVC - ok
16:43:48.0558 7236 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:43:48.0573 7236 SeaPort - ok
16:43:48.0636 7236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:43:48.0651 7236 secdrv - ok
16:43:48.0651 7236 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
16:43:48.0667 7236 seclogon - ok
16:43:48.0682 7236 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
16:43:48.0714 7236 SENS - ok
16:43:48.0760 7236 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
16:43:48.0792 7236 SensrSvc - ok
16:43:48.0823 7236 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:43:48.0870 7236 Serenum - ok
16:43:48.0901 7236 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:43:48.0948 7236 Serial - ok
16:43:48.0979 7236 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:43:49.0026 7236 sermouse - ok
16:43:49.0072 7236 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
16:43:49.0072 7236 SessionEnv - ok
16:43:49.0119 7236 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
16:43:49.0135 7236 sffdisk - ok
16:43:49.0150 7236 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
16:43:49.0166 7236 sffp_mmc - ok
16:43:49.0181 7236 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
16:43:49.0181 7236 sffp_sd - ok
16:43:49.0197 7236 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:43:49.0228 7236 sfloppy - ok
16:43:49.0306 7236 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
16:43:49.0431 7236 SharedAccess - ok
16:43:49.0493 7236 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
16:43:49.0509 7236 ShellHWDetection - ok
16:43:49.0556 7236 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
16:43:49.0571 7236 sisagp - ok
16:43:49.0603 7236 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:43:49.0634 7236 SiSRaid2 - ok
16:43:49.0649 7236 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:43:49.0665 7236 SiSRaid4 - ok
16:43:49.0696 7236 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:43:49.0712 7236 Smb - ok
16:43:49.0790 7236 SMManager (2e5f15cf86b2d1a4ea53b473129bea14) C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
16:43:49.0790 7236 SMManager - ok
16:43:49.0837 7236 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
16:43:49.0852 7236 SNMPTRAP - ok
16:43:49.0868 7236 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:43:49.0899 7236 spldr - ok
16:43:49.0946 7236 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
16:43:49.0946 7236 Spooler - ok
16:43:50.0117 7236 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
16:43:50.0180 7236 sppsvc - ok
16:43:50.0289 7236 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
16:43:50.0320 7236 sppuinotify - ok
16:43:50.0398 7236 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
16:43:50.0445 7236 srv - ok
16:43:50.0492 7236 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
16:43:50.0507 7236 srv2 - ok
16:43:50.0523 7236 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
16:43:50.0554 7236 srvnet - ok
16:43:50.0585 7236 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
16:43:50.0601 7236 SSDPSRV - ok
16:43:50.0617 7236 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
16:43:50.0632 7236 SstpSvc - ok
16:43:50.0710 7236 STacSV (03f6cf42a1db74290448cde668578c87) C:\Program Files\IDT\WDM\STacSV.exe
16:43:50.0726 7236 STacSV - ok
16:43:50.0757 7236 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:43:50.0773 7236 stexstor - ok
16:43:50.0835 7236 STHDA (8a8246f40792956e957f3e8d0c188963) C:\windows\system32\DRIVERS\stwrt.sys
16:43:50.0866 7236 STHDA - ok
16:43:50.0944 7236 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
16:43:50.0960 7236 StiSvc - ok
16:43:50.0991 7236 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:43:51.0007 7236 stllssvr - ok
16:43:51.0038 7236 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
16:43:51.0053 7236 storflt - ok
16:43:51.0069 7236 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
16:43:51.0100 7236 StorSvc - ok
16:43:51.0131 7236 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
16:43:51.0131 7236 storvsc - ok
16:43:51.0350 7236 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
16:43:51.0397 7236 Stuffit Archive Name Service - ok
16:43:51.0521 7236 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
16:43:51.0568 7236 swenum - ok
16:43:51.0631 7236 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
16:43:51.0662 7236 swprv - ok
16:43:51.0802 7236 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
16:43:51.0849 7236 SynTP - ok
16:43:52.0005 7236 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
16:43:52.0052 7236 SysMain - ok
16:43:52.0083 7236 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
16:43:52.0130 7236 TabletInputService - ok
16:43:52.0177 7236 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
16:43:52.0192 7236 TapiSrv - ok
16:43:52.0208 7236 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
16:43:52.0208 7236 TBS - ok
16:43:52.0348 7236 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
16:43:52.0395 7236 Tcpip - ok
16:43:52.0582 7236 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
16:43:52.0598 7236 TCPIP6 - ok
16:43:52.0691 7236 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
16:43:52.0738 7236 tcpipreg - ok
16:43:52.0785 7236 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
16:43:52.0816 7236 TDPIPE - ok
16:43:52.0879 7236 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
16:43:52.0894 7236 TDTCP - ok
16:43:52.0925 7236 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
16:43:52.0925 7236 tdx - ok
16:43:52.0972 7236 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
16:43:52.0988 7236 TermDD - ok
16:43:53.0050 7236 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
16:43:53.0066 7236 TermService - ok
16:43:53.0081 7236 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
16:43:53.0081 7236 Themes - ok
16:43:53.0112 7236 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:43:53.0112 7236 THREADORDER - ok
16:43:53.0144 7236 tmactmon (7131c804d8847b695125bb8d91d64ee0) C:\windows\system32\DRIVERS\tmactmon.sys
16:43:53.0159 7236 tmactmon - ok
16:43:53.0206 7236 tmcomm (09f386a6ec8d6c37bfa0d5394cb186c1) C:\windows\system32\DRIVERS\tmcomm.sys
16:43:53.0222 7236 tmcomm - ok
16:43:53.0237 7236 tmevtmgr (c75310cbd1bccf3469c834143bc2390c) C:\windows\system32\DRIVERS\tmevtmgr.sys
16:43:53.0253 7236 tmevtmgr - ok
16:43:53.0346 7236 TmListen (570efc7cfced6c3dac162a48d093de03) C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
16:43:53.0362 7236 TmListen - ok
16:43:53.0424 7236 tmtdi (69bf24e2871088115f422d6c7f41c400) C:\windows\system32\DRIVERS\tmtdi.sys
16:43:53.0424 7236 tmtdi - ok
16:43:53.0456 7236 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
16:43:53.0471 7236 TPM - ok
16:43:53.0487 7236 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
16:43:53.0487 7236 TrkWks - ok
16:43:53.0549 7236 TrufosAlt (c380e830a4bd08440e6757213f126db7) C:\windows\system32\DRIVERS\TrufosAlt.sys
16:43:53.0596 7236 TrufosAlt - ok
16:43:53.0658 7236 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
16:43:53.0705 7236 TrustedInstaller - ok
16:43:53.0736 7236 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
16:43:53.0752 7236 tssecsrv - ok
16:43:53.0799 7236 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
16:43:53.0814 7236 TsUsbFlt - ok
16:43:53.0861 7236 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
16:43:53.0877 7236 tunnel - ok
16:43:53.0892 7236 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:43:53.0924 7236 uagp35 - ok
16:43:53.0970 7236 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
16:43:54.0002 7236 udfs - ok
16:43:54.0033 7236 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
16:43:54.0048 7236 UI0Detect - ok
16:43:54.0080 7236 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
16:43:54.0095 7236 uliagpkx - ok
16:43:54.0142 7236 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys
16:43:54.0158 7236 umbus - ok
16:43:54.0189 7236 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:43:54.0189 7236 UmPass - ok
16:43:54.0236 7236 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\windows\System32\umrdp.dll
16:43:54.0251 7236 UmRdpService - ok
16:43:54.0438 7236 UNS (5713e039c0622f40347735cba460b8fc) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:43:54.0485 7236 UNS - ok
16:43:54.0594 7236 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
16:43:54.0610 7236 upnphost - ok
16:43:54.0672 7236 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
16:43:54.0704 7236 USBAAPL - ok
16:43:54.0750 7236 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
16:43:54.0750 7236 usbccgp - ok
16:43:54.0797 7236 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
16:43:54.0813 7236 usbcir - ok
16:43:54.0844 7236 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
16:43:54.0875 7236 usbehci - ok
16:43:54.0922 7236 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
16:43:54.0953 7236 usbhub - ok
16:43:54.0969 7236 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
16:43:54.0984 7236 usbohci - ok
16:43:55.0016 7236 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:43:55.0016 7236 usbprint - ok
16:43:55.0062 7236 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:43:55.0094 7236 USBSTOR - ok
16:43:55.0094 7236 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
16:43:55.0109 7236 usbuhci - ok
16:43:55.0140 7236 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
16:43:55.0172 7236 usbvideo - ok
16:43:55.0203 7236 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
16:43:55.0218 7236 UxSms - ok
16:43:55.0250 7236 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:55.0250 7236 VaultSvc - ok
16:43:55.0359 7236 vcsFPService (8c72e0e88e5a1a70691135864f2f7f1b) C:\windows\system32\vcsFPService.exe
16:43:55.0406 7236 vcsFPService - ok
16:43:55.0530 7236 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
16:43:55.0546 7236 vdrvroot - ok
16:43:55.0593 7236 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
16:43:55.0655 7236 vds - ok
16:43:55.0702 7236 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:43:55.0718 7236 vga - ok
16:43:55.0718 7236 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:43:55.0733 7236 VgaSave - ok
16:43:55.0780 7236 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
16:43:55.0811 7236 vhdmp - ok
16:43:55.0874 7236 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
16:43:55.0905 7236 viaagp - ok
16:43:55.0952 7236 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:43:55.0983 7236 ViaC7 - ok
16:43:55.0998 7236 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
16:43:56.0030 7236 viaide - ok
16:43:56.0092 7236 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
16:43:56.0139 7236 vmbus - ok
16:43:56.0170 7236 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
16:43:56.0186 7236 VMBusHID - ok
16:43:56.0201 7236 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
16:43:56.0217 7236 volmgr - ok
16:43:56.0248 7236 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:43:56.0248 7236 volmgrx - ok
16:43:56.0279 7236 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
16:43:56.0342 7236 volsnap - ok
16:43:56.0388 7236 vpcbus (b26536add1d748cda104d856c979ae79) C:\windows\system32\DRIVERS\vpchbus.sys
16:43:56.0420 7236 vpcbus - ok
16:43:56.0482 7236 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\windows\system32\DRIVERS\vpcnfltr.sys
16:43:56.0513 7236 vpcnfltr - ok
16:43:56.0544 7236 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\windows\system32\DRIVERS\vpcusb.sys
16:43:56.0560 7236 vpcusb - ok
16:43:56.0591 7236 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\windows\system32\drivers\vpcvmm.sys
16:43:56.0622 7236 vpcvmm - ok
16:43:56.0654 7236 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:43:56.0685 7236 vsmraid - ok
16:43:56.0794 7236 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
16:43:56.0825 7236 VSS - ok
16:43:56.0856 7236 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:43:56.0856 7236 vwifibus - ok
16:43:56.0872 7236 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:43:56.0888 7236 vwififlt - ok
16:43:56.0934 7236 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
16:43:56.0950 7236 vwifimp - ok
16:43:56.0981 7236 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
16:43:56.0997 7236 W32Time - ok
16:43:57.0028 7236 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:43:57.0028 7236 WacomPen - ok
16:43:57.0075 7236 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:43:57.0090 7236 WANARP - ok
16:43:57.0090 7236 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:43:57.0090 7236 Wanarpv6 - ok
16:43:57.0184 7236 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
16:43:57.0231 7236 WatAdminSvc - ok
16:43:57.0387 7236 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
16:43:57.0449 7236 wbengine - ok
16:43:57.0465 7236 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
16:43:57.0480 7236 WbioSrvc - ok
16:43:57.0543 7236 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
16:43:57.0558 7236 wcncsvc - ok
16:43:57.0574 7236 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
16:43:57.0589 7236 WcsPlugInService - ok
16:43:57.0621 7236 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:43:57.0621 7236 Wd - ok
16:43:57.0667 7236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:43:57.0714 7236 Wdf01000 - ok
16:43:57.0730 7236 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:43:57.0761 7236 WdiServiceHost - ok
16:43:57.0761 7236 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:43:57.0761 7236 WdiSystemHost - ok
16:43:57.0823 7236 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
16:43:57.0839 7236 WebClient - ok
16:43:57.0870 7236 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
16:43:57.0886 7236 Wecsvc - ok
16:43:57.0901 7236 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
16:43:57.0917 7236 wercplsupport - ok
16:43:57.0948 7236 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
16:43:57.0948 7236 WerSvc - ok
16:43:57.0964 7236 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:43:57.0979 7236 WfpLwf - ok
16:43:57.0995 7236 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:43:57.0995 7236 WIMMount - ok
16:43:58.0073 7236 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:43:58.0120 7236 WinDefend - ok
16:43:58.0135 7236 WinHttpAutoProxySvc - ok
16:43:58.0213 7236 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
16:43:58.0229 7236 Winmgmt - ok
16:43:58.0307 7236 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
16:43:58.0416 7236 WinRM - ok
16:43:58.0479 7236 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUSB.sys
16:43:58.0494 7236 WinUSB - ok
16:43:58.0557 7236 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
16:43:58.0557 7236 Wlansvc - ok
16:43:58.0603 7236 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:43:58.0619 7236 wlcrasvc - ok
16:43:58.0915 7236 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:43:58.0962 7236 wlidsvc - ok
16:43:59.0118 7236 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
16:43:59.0134 7236 WmiAcpi - ok
16:43:59.0181 7236 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
16:43:59.0227 7236 wmiApSrv - ok
16:43:59.0368 7236 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:43:59.0399 7236 WMPNetworkSvc - ok
16:43:59.0477 7236 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
16:43:59.0508 7236 WPCSvc - ok
16:43:59.0555 7236 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
16:43:59.0555 7236 WPDBusEnum - ok
16:43:59.0633 7236 WRkrn (a5966236ed9fd3bb656919fb7681ebc7) C:\windows\system32\drivers\WRkrn.sys
16:43:59.0633 7236 WRkrn - ok
16:43:59.0742 7236 WRSVC (e2874ffd168a5e673d4c323324bfe167) C:\Program Files\Webroot\WRSA.exe
16:43:59.0742 7236 WRSVC - ok
16:43:59.0773 7236 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:43:59.0773 7236 ws2ifsl - ok
16:43:59.0805 7236 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
16:43:59.0820 7236 wscsvc - ok
16:43:59.0820 7236 WSearch - ok
16:43:59.0961 7236 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
16:44:00.0054 7236 wuauserv - ok
16:44:00.0148 7236 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
16:44:00.0163 7236 WudfPf - ok
16:44:00.0195 7236 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
16:44:00.0241 7236 WUDFRd - ok
16:44:00.0319 7236 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
16:44:00.0335 7236 wudfsvc - ok
16:44:00.0366 7236 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
16:44:00.0382 7236 WwanSvc - ok
16:44:00.0429 7236 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:44:00.0647 7236 \Device\Harddisk0\DR0 - ok
16:44:00.0647 7236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:44:00.0663 7236 \Device\Harddisk1\DR1 - ok
16:44:00.0663 7236 Boot (0x1200) (a84ae2198e50fe1ca880d5fd2f027f0f) \Device\Harddisk0\DR0\Partition0
16:44:00.0663 7236 \Device\Harddisk0\DR0\Partition0 - ok
16:44:00.0678 7236 Boot (0x1200) (4a46ffcf3d39fd75934c5ae59608c621) \Device\Harddisk0\DR0\Partition1
16:44:00.0678 7236 \Device\Harddisk0\DR0\Partition1 - ok
16:44:00.0709 7236 Boot (0x1200) (4f1e9285f7a17e260aee8ef738c49352) \Device\Harddisk0\DR0\Partition2
16:44:00.0709 7236 \Device\Harddisk0\DR0\Partition2 - ok
16:44:00.0709 7236 Boot (0x1200) (ca9c28dd2f45ae479596182891266972) \Device\Harddisk0\DR0\Partition3
16:44:00.0725 7236 \Device\Harddisk0\DR0\Partition3 - ok
16:44:00.0725 7236 Boot (0x1200) (72e5beedf00700c12670c4345a36b99a) \Device\Harddisk1\DR1\Partition0
16:44:00.0725 7236 \Device\Harddisk1\DR1\Partition0 - ok
16:44:00.0725 7236 ============================================================
16:44:00.0725 7236 Scan finished
16:44:00.0725 7236 ============================================================
16:44:00.0741 8724 Detected object count: 1
16:44:00.0741 8724 Actual detected object count: 1
16:44:11.0473 8724 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
16:44:11.0473 8724 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 03 July 2012 - 02:43 AM

that looks very good - now I would like to see the aswMBR report please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 03 July 2012 - 06:34 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 16:45:52
-----------------------------
16:45:52.916 OS Version: Windows 6.1.7601 Service Pack 1
16:45:52.916 Number of processors: 4 586 0x2505
16:45:52.916 ComputerName: PAPD01-HP UserName: papd
16:45:55.537 Initialize success
16:48:41.301 AVAST engine defs: 12070202
16:54:03.763 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:54:03.763 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
16:54:03.778 Disk 0 MBR read successfully
16:54:03.794 Disk 0 MBR scan
16:54:03.841 Disk 0 Windows VISTA default MBR code
16:54:03.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:54:03.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287534 MB offset 616448
16:54:03.981 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589486080
16:54:04.044 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620943360
16:54:04.090 Disk 0 scanning sectors +625127424
16:54:04.199 Disk 0 scanning C:\windows\system32\drivers
16:54:35.147 Service scanning
16:55:08.358 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
16:55:22.038 Service WRkrn C:\windows\System32\drivers\WRkrn.sys **LOCKED** 32
16:55:24.253 Modules scanning
16:55:38.416 Disk 0 trace - called modules:
16:55:38.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
16:55:38.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873a1030]
16:55:38.432 3 CLASSPNP.SYS[8bb5859e] -> nt!IofCallDriver -> [0x873a08f0]
16:55:38.432 5 hpdskflt.sys[8bff5f92] -> nt!IofCallDriver -> [0x868c35d0]
16:55:38.432 7 ACPI.sys[8b6be3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86866028]
16:55:39.882 AVAST engine scan C:\windows
16:55:48.852 AVAST engine scan C:\windows\system32
17:05:52.450 AVAST engine scan C:\windows\system32\drivers
17:06:39.517 AVAST engine scan C:\Users\PAPD
17:13:32.805 Disk 0 MBR has been saved successfully to "C:\Users\PAPD\Desktop\MBR.dat"
17:13:32.821 The log file has been saved successfully to "C:\Users\PAPD\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 08:35:49
-----------------------------
08:35:49.456 OS Version: Windows 6.1.7601 Service Pack 1
08:35:49.456 Number of processors: 4 586 0x2505
08:35:49.472 ComputerName: PAPD01-HP UserName: papd
08:37:13.584 Initialize success
08:38:31.472 AVAST engine defs: 12070301
08:40:19.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:40:19.349 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
08:40:19.399 Disk 0 MBR read successfully
08:40:19.399 Disk 0 MBR scan
08:40:19.710 Disk 0 Windows VISTA default MBR code
08:40:20.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
08:40:20.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287534 MB offset 616448
08:40:20.420 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589486080
08:40:20.550 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620943360
08:40:20.638 Disk 0 scanning sectors +625127424
08:40:20.951 Disk 0 scanning C:\windows\system32\drivers
08:41:36.576 Service scanning
08:42:34.711 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
08:42:50.637 Service WRkrn C:\windows\System32\drivers\WRkrn.sys **LOCKED** 32
08:42:52.839 Modules scanning
08:43:28.752 Disk 0 trace - called modules:
08:43:28.783 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
08:43:28.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8739fac8]
08:43:28.783 3 CLASSPNP.SYS[8bb4759e] -> nt!IofCallDriver -> [0x8739f020]
08:43:28.783 5 hpdskflt.sys[8bff2f92] -> nt!IofCallDriver -> [0x868cb718]
08:43:28.783 7 ACPI.sys[8b6c03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85abe028]
08:43:32.000 AVAST engine scan C:\windows
08:43:44.821 AVAST engine scan C:\windows\system32
08:55:24.852 AVAST engine scan C:\windows\system32\drivers
08:56:17.434 AVAST engine scan C:\Users\PAPD
09:28:01.346 AVAST engine scan C:\ProgramData
09:32:14.102 Scan finished successfully
09:33:52.343 Disk 0 MBR has been saved successfully to "C:\Users\PAPD\Desktop\MBR.dat"
09:33:52.421 The log file has been saved successfully to "C:\Users\PAPD\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 03 July 2012 - 09:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\PAPD\AppData\Roaming\Uqep
c:\users\PAPD\AppData\Roaming\Irywq
c:\users\PAPD\AppData\Roaming\Irik

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 04 July 2012 - 05:21 PM

I can't seem to get combofix to run through completely. i ran it once and after about 5 hours it seemed to stop at Check 48.

I then re-ran the script and left the pc overnight and it now says completed stage 50, but no output report has been generated. It has been running for approximately 12 hours so far.

should i reboot and try it again?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 04 July 2012 - 07:35 PM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 onshow

onshow
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 04 July 2012 - 08:20 PM

Apologies, it ended up finishing. the report is rather massive. how did you want me to upload? it may be over about 10 or 15 posts to get it all on the forum.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 AM

Posted 04 July 2012 - 08:38 PM

upload it here and send me the link please - http://www.2shared.com/


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users