Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.0accessRootkit.Zaccess, Trojan.Dropper.BCMiner


  • Please log in to reply
40 replies to this topic

#1 sugardaddy5

sugardaddy5

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 30 July 2012 - 01:41 PM

First, let me apologize in advance for my computer illiteracy. I am not incredibly knowledgeable, but sometimes I get lucky.
Last week I discovered the viruses. Know after a few days of non-use I am unable to access my computer without it shutting down and restarting. Its a vicious cycle and it seems to be a popular virus.

I have a windows vista os on my home computer. I was using Microsoft Security Essentials as my antivirus. I now have at least 3 viruses. They are Trojan.0access, Rootkit.Zaccess and Trojan.Dropper.BCMiner. They got me last week sometime. Everytime i did a MSE scan, it would catch the viruses and when I went to apply the actions, it would only delete a few of them. I would then get a box that popped up with the heading "You are about to be logged off" "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now". Well when my computer rebooted I did a google search for the viruses and possible solutions. One i tried was to download malwarebytes Anti Malware. Didn't really work. The viruses have turned off my firewall and I can not turn it back on. Now after a few days of not using my computer, when I turn it on and I bring up my main screen, it shuts down with the previous message and then starts up again and shuts down within about a minute. It's a nasty virus. Suggestions? Should I hit <esc> when it is starting up? F10 for the boot menu? f11 for system recovery? Does F8 make me go into 'Safe' mode? If so, what do I do after using one of them?

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:07 AM

Posted 01 August 2012 - 02:24 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Yes, see if you can launch Safe Mode by pressing F8 as the system boots. Then, please follow the instructions below.


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2012 - 10:51 AM

Hi D-FRED-BROWN
In safe mode internet explorer will not allow me to get online. Suggestions?
Thank u kindly

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:07 AM

Posted 04 August 2012 - 11:48 AM

In safe mode internet explorer will not allow me to get online. Suggestions?

This is by design- Safe Mode will not allow you to connect to the Internet. Safe Mode with Networking will, however.

Just run the scan, and then boot back into Normal Mode and post the log from there.

Hope that helps. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2012 - 12:19 PM

hello again,
i could not find TDSS on my desktop, nor when i did a search for all programs, but i know it is there since when i went back to the TDSS link on it's homepage and tried to resave it to my desktop, the icon was there and it asked me if i wanted to replace it. I suspect I could not "run as administrator" since I could not locate the icon on my desktop???? i did go ahead and do a scan from the tdss page and it scanned 391 objects with nothing found. Is there another way to look for the icon on my desktop? should I reboot?

#6 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2012 - 12:24 PM

nevermind i think im running as admin now.

#7 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 04 August 2012 - 12:48 PM

TDSS
391 objects. No threats found. Ran as admin.

COMBOFIX
Saved to desktop. have combo icon. Not sure if I completely disabled MalwarebytesAntimalware. Went to settings and did not see a "disable" option. Only have free version.
Microsoft Security Essentials: real time protection is not available in safe mode. Assume it is disabled.

Can not locate C:\ComboFix.txt but see the TDSS logs that were run previously. When i clicked run on ComboFix, it appeared to run (black box with green lettering) then went back to original screen. A box with something about "A readily available replacement....." pops up when I run. However it disappears before I can read it all

Edited by sugardaddy5, 04 August 2012 - 12:53 PM.


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:07 AM

Posted 04 August 2012 - 04:00 PM

Try rebooting, and run ComboFix again.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 August 2012 - 11:37 AM

hi again
ok, i got combofix to run and it created a log. now when i click on the log c:combofix.txt i get a box that states "illegal operation attempted on a registry key that has been marked for deletion" Then when I try to log on to the net the message is "the item you selected is unavailable. It might have been moved, renamed or removed. Do you want to remove it from the list?" I have not responded. Suggestions?

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:07 AM

Posted 05 August 2012 - 12:17 PM

Reboot the computer. After rebooting, do you still get the same errors?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 August 2012 - 12:32 PM

ComboFix 12-08-04.02 - sugar 08/05/2012 11:12:54.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.2359 [GMT -5:00]
Running from: c:\users\sugar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object
c:\program files\Object\bho_project.dll
c:\program files\Object\config.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin315.exe.lnk
c:\users\sugar\videos\iTunesSetup.exe
c:\users\sugar\videos\QuickTimeInstaller.exe
c:\users\sugar\videos\wmv9VCMsetup.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\L\00000004.@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\L\201d3dde
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\U\00000004.@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\U\00000008.@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\U\000000cb.@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\U\80000000.@
c:\windows\Installer\{58a6e240-9199-ffdc-ad10-21869116bd6b}\U\80000032.@
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 16:21 . 2012-08-05 16:22 -------- d-----w- c:\users\sugar\AppData\Local\temp
2012-08-05 16:21 . 2012-08-05 16:21 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-08-05 16:21 . 2012-08-05 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 08:26 . 2012-08-03 08:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DA4812-F8A5-4139-888E-AB2CC7C5F001}\offreg.dll
2012-08-03 08:25 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DA4812-F8A5-4139-888E-AB2CC7C5F001}\mpengine.dll
2012-07-27 12:54 . 2012-07-27 12:54 43480 ----a-w- c:\windows\system32\drivers\iniqjlux.sys
2012-07-27 12:42 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-27 02:17 . 2012-07-27 02:17 -------- d-----w- c:\users\sugar\AppData\Roaming\Malwarebytes
2012-07-27 02:16 . 2012-07-27 02:16 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 02:16 . 2012-07-27 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 02:16 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 00:05 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CE017E-C71A-41B4-9606-60F7A69B277B}\gapaengine.dll
2012-07-25 00:00 . 2012-07-25 00:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-22 22:04 . 2012-07-22 22:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-12 09:02 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 01:17 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 01:17 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 01:17 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 01:17 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 01:17 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 01:17 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 08:26 . 2009-09-17 00:03 279552 ----a-w- c:\windows\system32\services.exe
2012-08-03 05:24 . 2012-04-14 08:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 05:24 . 2012-04-14 08:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-19 01:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 01:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 01:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 01:07 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 01:07 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 01:07 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 06:37 . 2012-06-13 04:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 04:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 04:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 04:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 04:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 04:47 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 04:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 04:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-09 4363504]
"cdloader"="c:\users\sugar\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 88608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 185896]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-28 66864]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 05:24]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 02:00]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 02:00]
.
2012-08-03 c:\windows\Tasks\User_Feed_Synchronization-{DC9E699C-E4AC-479F-9BE9-97BFA2B95061}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 11:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1620)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2012-08-05 11:24:53
ComboFix-quarantined-files.txt 2012-08-05 16:24
.
Pre-Run: 10,855,170,048 bytes free
Post-Run: 11,529,928,704 bytes free
.
- - End Of File - - BF1CA8832BD815FCCB688BFA52A51C61

#12 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 August 2012 - 12:37 PM

TDSS
TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:24:23.0783 2136 ============================================================
12:24:23.0783 2136 Current date / time: 2012/08/04 12:24:23.0783
12:24:23.0783 2136 SystemInfo:
12:24:23.0783 2136
12:24:23.0783 2136 OS Version: 6.0.6002 ServicePack: 2.0
12:24:23.0783 2136 Product type: Workstation
12:24:23.0783 2136 ComputerName: SUGAR-PC
12:24:23.0783 2136 UserName: sugar
12:24:23.0783 2136 Windows directory: C:\Windows
12:24:23.0783 2136 System windows directory: C:\Windows
12:24:23.0783 2136 Processor architecture: Intel x86
12:24:23.0783 2136 Number of processors: 4
12:24:23.0783 2136 Page size: 0x1000
12:24:23.0783 2136 Boot type: Safe boot with network
12:24:23.0783 2136 ============================================================
12:24:24.0860 2136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:24:24.0860 2136 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:24:24.0875 2136 ============================================================
12:24:24.0875 2136 \Device\Harddisk0\DR0:
12:24:24.0875 2136 MBR partitions:
12:24:24.0875 2136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24215625
12:24:24.0875 2136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24215664, BlocksNum 0x121805D
12:24:24.0875 2136 \Device\Harddisk1\DR1:
12:24:24.0875 2136 MBR partitions:
12:24:24.0875 2136 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:24:24.0875 2136 ============================================================
12:24:24.0891 2136 C: <-> \Device\Harddisk0\DR0\Partition0
12:24:24.0938 2136 D: <-> \Device\Harddisk0\DR0\Partition1
12:24:24.0938 2136 E: <-> \Device\Harddisk1\DR1\Partition0
12:24:24.0938 2136 ============================================================
12:24:24.0938 2136 Initialize success
12:24:24.0938 2136 ============================================================
12:24:28.0245 2540 ============================================================
12:24:28.0245 2540 Scan started
12:24:28.0245 2540 Mode: Manual;
12:24:28.0245 2540 ============================================================
12:24:29.0727 2540 Scan interrupted by user!
12:24:29.0727 2540 Scan interrupted by user!
12:24:29.0727 2540 Scan interrupted by user!
12:24:29.0727 2540 ============================================================
12:24:29.0727 2540 Scan finished
12:24:29.0727 2540 ============================================================
12:24:29.0742 0788 Detected object count: 0
12:24:29.0742 0788 Actual detected object count: 0
12:24:33.0440 3836 ============================================================
12:24:33.0440 3836 Scan started
12:24:33.0440 3836 Mode: Manual;
12:24:33.0440 3836 ============================================================
12:24:33.0705 3836 Scan interrupted by user!
12:24:33.0705 3836 Scan interrupted by user!
12:24:33.0705 3836 Scan interrupted by user!
12:24:33.0705 3836 ============================================================
12:24:33.0705 3836 Scan finished
12:24:33.0705 3836 ============================================================
12:24:33.0705 3264 Detected object count: 0
12:24:33.0705 3264 Actual detected object count: 0
12:24:37.0714 0996 ============================================================
12:24:37.0714 0996 Scan started
12:24:37.0714 0996 Mode: Manual;
12:24:37.0714 0996 ============================================================
12:24:38.0088 0996 Scan interrupted by user!
12:24:38.0088 0996 Scan interrupted by user!
12:24:38.0088 0996 Scan interrupted by user!
12:24:38.0088 0996 ============================================================
12:24:38.0088 0996 Scan finished
12:24:38.0088 0996 ============================================================
12:24:38.0104 2884 Detected object count: 0
12:24:38.0104 2884 Actual detected object count: 0
12:24:40.0896 0696 ============================================================
12:24:40.0896 0696 Scan started
12:24:40.0896 0696 Mode: Manual;
12:24:40.0896 0696 ============================================================
12:24:41.0661 0696 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:24:41.0661 0696 ACPI - ok
12:24:41.0723 0696 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:24:41.0723 0696 AdobeFlashPlayerUpdateSvc - ok
12:24:41.0770 0696 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:24:41.0770 0696 adp94xx - ok
12:24:41.0801 0696 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:24:41.0801 0696 adpahci - ok
12:24:41.0832 0696 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:24:41.0832 0696 adpu160m - ok
12:24:41.0864 0696 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:24:41.0864 0696 adpu320 - ok
12:24:41.0910 0696 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:24:41.0910 0696 AeLookupSvc - ok
12:24:41.0942 0696 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:24:41.0942 0696 AFD - ok
12:24:41.0973 0696 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:24:41.0973 0696 agp440 - ok
12:24:42.0004 0696 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:24:42.0004 0696 aic78xx - ok
12:24:42.0113 0696 AlertService (c86d177967d27c80e466d4ed95c26db9) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
12:24:42.0113 0696 AlertService - ok
12:24:42.0160 0696 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:24:42.0160 0696 ALG - ok
12:24:42.0176 0696 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:24:42.0176 0696 aliide - ok
12:24:42.0207 0696 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:24:42.0207 0696 amdagp - ok
12:24:42.0222 0696 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:24:42.0222 0696 amdide - ok
12:24:42.0254 0696 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:24:42.0254 0696 AmdK7 - ok
12:24:42.0269 0696 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:24:42.0269 0696 AmdK8 - ok
12:24:42.0300 0696 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:24:42.0300 0696 Appinfo - ok
12:24:42.0363 0696 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:42.0363 0696 Apple Mobile Device - ok
12:24:42.0394 0696 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:24:42.0394 0696 arc - ok
12:24:42.0441 0696 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:24:42.0441 0696 arcsas - ok
12:24:42.0534 0696 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:24:42.0534 0696 aspnet_state - ok
12:24:42.0581 0696 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:42.0581 0696 AsyncMac - ok
12:24:42.0628 0696 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:24:42.0628 0696 atapi - ok
12:24:42.0706 0696 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:24:42.0706 0696 AudioEndpointBuilder - ok
12:24:42.0706 0696 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:24:42.0706 0696 Audiosrv - ok
12:24:42.0753 0696 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:24:42.0753 0696 Beep - ok
12:24:42.0768 0696 blbdrive - ok
12:24:42.0815 0696 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:24:42.0815 0696 bowser - ok
12:24:42.0846 0696 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:24:42.0846 0696 BrFiltLo - ok
12:24:42.0878 0696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:24:42.0878 0696 BrFiltUp - ok
12:24:42.0893 0696 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:24:42.0893 0696 Browser - ok
12:24:42.0940 0696 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:24:42.0940 0696 Brserid - ok
12:24:42.0956 0696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:24:42.0956 0696 BrSerWdm - ok
12:24:43.0002 0696 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:24:43.0002 0696 BrUsbMdm - ok
12:24:43.0018 0696 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:24:43.0018 0696 BrUsbSer - ok
12:24:43.0065 0696 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:24:43.0065 0696 BTHMODEM - ok
12:24:43.0112 0696 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:24:43.0112 0696 cdfs - ok
12:24:43.0299 0696 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:24:43.0299 0696 cdrom - ok
12:24:43.0377 0696 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:24:43.0377 0696 CertPropSvc - ok
12:24:43.0392 0696 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
12:24:43.0392 0696 circlass - ok
12:24:43.0439 0696 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:24:43.0439 0696 CLFS - ok
12:24:43.0502 0696 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:43.0502 0696 clr_optimization_v2.0.50727_32 - ok
12:24:43.0658 0696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:24:43.0658 0696 clr_optimization_v4.0.30319_32 - ok
12:24:43.0673 0696 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:24:43.0673 0696 cmdide - ok
12:24:43.0689 0696 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:24:43.0689 0696 Compbatt - ok
12:24:43.0704 0696 COMSysApp - ok
12:24:43.0720 0696 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:24:43.0720 0696 crcdisk - ok
12:24:43.0751 0696 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:24:43.0751 0696 Crusoe - ok
12:24:43.0798 0696 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:24:43.0798 0696 CryptSvc - ok
12:24:43.0876 0696 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:24:43.0876 0696 DcomLaunch - ok
12:24:43.0923 0696 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:24:43.0923 0696 DfsC - ok
12:24:44.0063 0696 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:24:44.0079 0696 DFSR - ok
12:24:44.0219 0696 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:24:44.0219 0696 Dhcp - ok
12:24:44.0313 0696 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:24:44.0313 0696 disk - ok
12:24:44.0344 0696 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:24:44.0344 0696 Dnscache - ok
12:24:44.0391 0696 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:24:44.0406 0696 dot3svc - ok
12:24:44.0422 0696 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:24:44.0422 0696 DPS - ok
12:24:44.0484 0696 DQLWinService (a0b584c33f55545d56f9e71fb4e203ac) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
12:24:44.0484 0696 DQLWinService - ok
12:24:44.0500 0696 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:24:44.0500 0696 drmkaud - ok
12:24:44.0562 0696 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:24:44.0562 0696 DXGKrnl - ok
12:24:44.0609 0696 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
12:24:44.0609 0696 e1express - ok
12:24:44.0656 0696 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:24:44.0656 0696 E1G60 - ok
12:24:44.0687 0696 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:24:44.0687 0696 EapHost - ok
12:24:44.0734 0696 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:24:44.0750 0696 Ecache - ok
12:24:44.0796 0696 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:24:44.0796 0696 ehRecvr - ok
12:24:44.0828 0696 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:24:44.0828 0696 ehSched - ok
12:24:44.0843 0696 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:24:44.0843 0696 ehstart - ok
12:24:44.0874 0696 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:24:44.0874 0696 elxstor - ok
12:24:44.0952 0696 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:24:44.0952 0696 EMDMgmt - ok
12:24:45.0015 0696 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:24:45.0015 0696 EventSystem - ok
12:24:45.0077 0696 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:24:45.0077 0696 exfat - ok
12:24:45.0108 0696 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:24:45.0108 0696 fastfat - ok
12:24:45.0140 0696 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:24:45.0140 0696 fdc - ok
12:24:45.0140 0696 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:24:45.0155 0696 fdPHost - ok
12:24:45.0171 0696 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:24:45.0171 0696 FDResPub - ok
12:24:45.0202 0696 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:24:45.0202 0696 FileInfo - ok
12:24:45.0218 0696 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:24:45.0233 0696 Filetrace - ok
12:24:45.0249 0696 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:24:45.0249 0696 flpydisk - ok
12:24:45.0311 0696 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:24:45.0311 0696 FltMgr - ok
12:24:45.0374 0696 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:24:45.0389 0696 FontCache - ok
12:24:45.0452 0696 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:24:45.0452 0696 FontCache3.0.0.0 - ok
12:24:45.0498 0696 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:24:45.0498 0696 Fs_Rec - ok
12:24:45.0530 0696 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:24:45.0530 0696 gagp30kx - ok
12:24:45.0592 0696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:45.0592 0696 GEARAspiWDM - ok
12:24:45.0686 0696 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:24:45.0686 0696 GoogleDesktopManager-051210-111108 - ok
12:24:45.0748 0696 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:24:45.0748 0696 gpsvc - ok
12:24:45.0779 0696 gupdate1ca423b50b1320 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:24:45.0795 0696 gupdate1ca423b50b1320 - ok
12:24:45.0842 0696 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
12:24:45.0842 0696 gupdatem - ok
12:24:45.0888 0696 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:24:45.0888 0696 gusvc - ok
12:24:45.0951 0696 HCW85BDA (e73b3865f5bce5b445d18ef39380844a) C:\Windows\system32\drivers\HCW85BDA.sys
12:24:45.0966 0696 HCW85BDA - ok
12:24:45.0998 0696 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:24:45.0998 0696 HdAudAddService - ok
12:24:46.0076 0696 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:24:46.0076 0696 HDAudBus - ok
12:24:46.0138 0696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:24:46.0138 0696 HidBth - ok
12:24:46.0154 0696 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
12:24:46.0154 0696 HidIr - ok
12:24:46.0200 0696 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:24:46.0200 0696 hidserv - ok
12:24:46.0232 0696 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:24:46.0232 0696 HidUsb - ok
12:24:46.0263 0696 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:24:46.0263 0696 hkmsvc - ok
12:24:46.0341 0696 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:24:46.0341 0696 HP Health Check Service - ok
12:24:46.0434 0696 HPBtnSrv (deb82af183f1cd06813d91ed104c645c) c:\hp\HPEZBTN\HPBtnSrv.exe
12:24:46.0434 0696 HPBtnSrv - ok
12:24:46.0466 0696 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:24:46.0466 0696 HpCISSs - ok
12:24:46.0637 0696 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
12:24:46.0637 0696 HSF_DP - ok
12:24:46.0684 0696 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
12:24:46.0684 0696 HSXHWBS2 - ok
12:24:46.0731 0696 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:24:46.0746 0696 HTTP - ok
12:24:46.0778 0696 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:24:46.0778 0696 i2omp - ok
12:24:46.0871 0696 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:24:46.0871 0696 i8042prt - ok
12:24:46.0887 0696 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:24:46.0887 0696 iaStorV - ok
12:24:46.0980 0696 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:24:46.0996 0696 IDriverT - ok
12:24:47.0105 0696 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:24:47.0105 0696 idsvc - ok
12:24:47.0261 0696 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:24:47.0261 0696 iirsp - ok
12:24:47.0339 0696 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:24:47.0339 0696 IKEEXT - ok
12:24:47.0480 0696 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
12:24:47.0495 0696 IntcAzAudAddService - ok
12:24:47.0558 0696 IntelDHSvcConf (ce5af42679dd85947d2d287594f22ce0) C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
12:24:47.0558 0696 IntelDHSvcConf - ok
12:24:47.0667 0696 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
12:24:47.0667 0696 intelide - ok
12:24:47.0698 0696 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:24:47.0698 0696 intelppm - ok
12:24:47.0729 0696 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:24:47.0729 0696 IPBusEnum - ok
12:24:47.0745 0696 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:47.0745 0696 IpFilterDriver - ok
12:24:47.0745 0696 IpInIp - ok
12:24:47.0792 0696 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:24:47.0792 0696 IPMIDRV - ok
12:24:47.0807 0696 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:24:47.0807 0696 IPNAT - ok
12:24:47.0916 0696 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:24:47.0916 0696 iPod Service - ok
12:24:47.0948 0696 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:24:47.0948 0696 IRENUM - ok
12:24:47.0963 0696 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:24:47.0963 0696 isapnp - ok
12:24:48.0010 0696 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:24:48.0010 0696 iScsiPrt - ok
12:24:48.0072 0696 ISSM (e29ba28f76c5a703e7f30f74cf36df22) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
12:24:48.0072 0696 ISSM - ok
12:24:48.0104 0696 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:24:48.0104 0696 iteatapi - ok
12:24:48.0135 0696 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:24:48.0135 0696 iteraid - ok
12:24:48.0150 0696 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:24:48.0150 0696 kbdclass - ok
12:24:48.0182 0696 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:24:48.0197 0696 kbdhid - ok
12:24:48.0213 0696 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:24:48.0213 0696 KeyIso - ok
12:24:48.0260 0696 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
12:24:48.0260 0696 KSecDD - ok
12:24:49.0040 0696 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:24:49.0055 0696 KtmRm - ok
12:24:49.0071 0696 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:24:49.0071 0696 LanmanServer - ok
12:24:49.0133 0696 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:24:49.0133 0696 LanmanWorkstation - ok
12:24:49.0180 0696 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:24:49.0180 0696 LightScribeService - ok
12:24:49.0196 0696 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:24:49.0196 0696 lltdio - ok
12:24:49.0242 0696 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:24:49.0242 0696 lltdsvc - ok
12:24:49.0274 0696 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:24:49.0274 0696 lmhosts - ok
12:24:49.0305 0696 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:24:49.0305 0696 LSI_FC - ok
12:24:49.0320 0696 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:24:49.0320 0696 LSI_SAS - ok
12:24:49.0336 0696 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:24:49.0336 0696 LSI_SCSI - ok
12:24:49.0352 0696 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:24:49.0352 0696 luafv - ok
12:24:49.0398 0696 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
12:24:49.0414 0696 LVCOMSer - ok
12:24:49.0445 0696 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
12:24:49.0445 0696 LVPr2Mon - ok
12:24:49.0461 0696 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:24:49.0461 0696 LVPrcSrv - ok
12:24:49.0523 0696 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
12:24:49.0539 0696 LVRS - ok
12:24:49.0586 0696 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
12:24:49.0586 0696 LVUSBSta - ok
12:24:49.0788 0696 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\Windows\system32\DRIVERS\lvuvc.sys
12:24:49.0820 0696 LVUVC - ok
12:24:49.0898 0696 M1 Server (7b073fd0133346d0e555353f164057d7) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
12:24:49.0898 0696 M1 Server - ok
12:24:50.0007 0696 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
12:24:50.0007 0696 McciCMService - ok
12:24:50.0054 0696 MCLServiceATL (7bba15ca5a2aa4e50c7cbfb78d11db25) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
12:24:50.0054 0696 MCLServiceATL - ok
12:24:50.0163 0696 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:24:50.0163 0696 Mcx2Svc - ok
12:24:50.0210 0696 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:24:50.0210 0696 mdmxsdk - ok
12:24:50.0256 0696 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:24:50.0256 0696 megasas - ok
12:24:50.0288 0696 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:24:50.0288 0696 MMCSS - ok
12:24:50.0319 0696 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:24:50.0319 0696 Modem - ok
12:24:50.0319 0696 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:24:50.0319 0696 monitor - ok
12:24:50.0334 0696 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:24:50.0334 0696 mouclass - ok
12:24:50.0350 0696 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:24:50.0350 0696 mouhid - ok
12:24:50.0366 0696 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:24:50.0366 0696 MountMgr - ok
12:24:50.0428 0696 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:24:50.0428 0696 MpFilter - ok
12:24:50.0475 0696 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:24:50.0475 0696 mpio - ok
12:24:50.0584 0696 MpKsl22a3207a - ok
12:24:50.0600 0696 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:24:50.0600 0696 mpsdrv - ok
12:24:50.0615 0696 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:24:50.0615 0696 Mraid35x - ok
12:24:50.0693 0696 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:24:50.0693 0696 MREMP50 - ok
12:24:50.0709 0696 MREMP50a64 - ok
12:24:50.0709 0696 MREMPR5 - ok
12:24:50.0709 0696 MRENDIS5 - ok
12:24:50.0756 0696 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:24:50.0756 0696 MRESP50 - ok
12:24:50.0756 0696 MRESP50a64 - ok
12:24:50.0818 0696 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:24:50.0818 0696 MRxDAV - ok
12:24:50.0849 0696 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:50.0849 0696 mrxsmb - ok
12:24:50.0927 0696 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:50.0927 0696 mrxsmb10 - ok
12:24:50.0927 0696 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:50.0927 0696 mrxsmb20 - ok
12:24:50.0958 0696 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:24:50.0958 0696 msahci - ok
12:24:51.0005 0696 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:24:51.0005 0696 msdsm - ok
12:24:51.0036 0696 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:24:51.0036 0696 MSDTC - ok
12:24:51.0083 0696 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:24:51.0083 0696 Msfs - ok
12:24:51.0099 0696 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:24:51.0099 0696 msisadrv - ok
12:24:51.0130 0696 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:24:51.0130 0696 MSiSCSI - ok
12:24:51.0130 0696 msiserver - ok
12:24:51.0161 0696 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:24:51.0161 0696 MSKSSRV - ok
12:24:51.0224 0696 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:24:51.0224 0696 MsMpSvc - ok
12:24:51.0255 0696 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:51.0255 0696 MSPCLOCK - ok
12:24:51.0270 0696 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:24:51.0270 0696 MSPQM - ok
12:24:51.0317 0696 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:24:51.0317 0696 MsRPC - ok
12:24:51.0333 0696 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:24:51.0333 0696 mssmbios - ok
12:24:51.0348 0696 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:24:51.0348 0696 MSTEE - ok
12:24:51.0395 0696 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:24:51.0395 0696 Mup - ok
12:24:51.0473 0696 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:24:51.0473 0696 napagent - ok
12:24:51.0536 0696 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:24:51.0536 0696 NativeWifiP - ok
12:24:51.0598 0696 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:24:51.0598 0696 NDIS - ok
12:24:51.0645 0696 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:51.0645 0696 NdisTapi - ok
12:24:51.0645 0696 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:51.0645 0696 Ndisuio - ok
12:24:51.0692 0696 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:51.0692 0696 NdisWan - ok
12:24:51.0707 0696 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:24:51.0707 0696 NDProxy - ok
12:24:51.0707 0696 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:24:51.0707 0696 NetBIOS - ok
12:24:51.0770 0696 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:24:51.0770 0696 netbt - ok
12:24:51.0801 0696 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:24:51.0801 0696 Netlogon - ok
12:24:51.0832 0696 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:24:51.0832 0696 Netman - ok
12:24:51.0863 0696 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:24:51.0863 0696 netprofm - ok
12:24:51.0910 0696 netr73 (987549e56f122ae7a70a4717c1572b5b) C:\Windows\system32\DRIVERS\netr73.sys
12:24:51.0926 0696 netr73 - ok
12:24:52.0019 0696 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:52.0019 0696 NetTcpPortSharing - ok
12:24:52.0050 0696 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:24:52.0050 0696 nfrd960 - ok
12:24:52.0082 0696 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:24:52.0082 0696 NisDrv - ok
12:24:52.0175 0696 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
12:24:52.0191 0696 NisSrv - ok
12:24:52.0222 0696 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:24:52.0222 0696 NlaSvc - ok
12:24:52.0284 0696 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:24:52.0284 0696 Npfs - ok
12:24:52.0409 0696 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:24:52.0425 0696 nsi - ok
12:24:52.0456 0696 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:24:52.0456 0696 nsiproxy - ok
12:24:52.0550 0696 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:24:52.0565 0696 Ntfs - ok
12:24:52.0596 0696 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:24:52.0596 0696 ntrigdigi - ok
12:24:52.0612 0696 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:24:52.0612 0696 Null - ok
12:24:53.0049 0696 nvlddmkm (351265910a8ef5fc6cc4535a00054049) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:24:53.0080 0696 nvlddmkm - ok
12:24:53.0236 0696 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:24:53.0236 0696 nvraid - ok
12:24:53.0252 0696 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:24:53.0267 0696 nvstor - ok
12:24:53.0704 0696 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:24:53.0704 0696 nv_agp - ok
12:24:53.0704 0696 NwlnkFlt - ok
12:24:53.0720 0696 NwlnkFwd - ok
12:24:53.0860 0696 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:24:53.0860 0696 ohci1394 - ok
12:24:53.0907 0696 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:24:53.0907 0696 p2pimsvc - ok
12:24:53.0922 0696 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:24:53.0922 0696 p2psvc - ok
12:24:53.0954 0696 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:24:53.0954 0696 Parport - ok
12:24:54.0016 0696 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:24:54.0016 0696 partmgr - ok
12:24:54.0032 0696 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:24:54.0032 0696 Parvdm - ok
12:24:54.0858 0696 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:24:54.0858 0696 PcaSvc - ok
12:24:54.0921 0696 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:24:54.0921 0696 pci - ok
12:24:54.0952 0696 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
12:24:54.0952 0696 pciide - ok
12:24:54.0983 0696 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:24:54.0983 0696 pcmcia - ok
12:24:55.0046 0696 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:24:55.0061 0696 PEAUTH - ok
12:24:55.0155 0696 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:24:55.0170 0696 pla - ok
12:24:55.0311 0696 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:24:55.0311 0696 PlugPlay - ok
12:24:55.0373 0696 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:24:55.0389 0696 PNRPAutoReg - ok
12:24:55.0389 0696 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:24:55.0389 0696 PNRPsvc - ok
12:24:55.0451 0696 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:24:55.0451 0696 PolicyAgent - ok
12:24:55.0498 0696 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:24:55.0498 0696 PptpMiniport - ok
12:24:55.0529 0696 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:24:55.0529 0696 Processor - ok
12:24:55.0576 0696 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:24:55.0576 0696 ProfSvc - ok
12:24:55.0607 0696 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:24:55.0607 0696 ProtectedStorage - ok
12:24:55.0654 0696 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:24:55.0654 0696 PSched - ok
12:24:55.0670 0696 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
12:24:55.0670 0696 PxHelp20 - ok
12:24:55.0748 0696 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:24:55.0748 0696 ql2300 - ok
12:24:55.0779 0696 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:24:55.0779 0696 ql40xx - ok
12:24:55.0826 0696 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:24:55.0826 0696 QWAVE - ok
12:24:55.0872 0696 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:24:55.0872 0696 QWAVEdrv - ok
12:24:55.0872 0696 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:24:55.0872 0696 RasAcd - ok
12:24:55.0888 0696 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:24:55.0888 0696 RasAuto - ok
12:24:55.0904 0696 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:55.0904 0696 Rasl2tp - ok
12:24:55.0966 0696 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:24:55.0966 0696 RasMan - ok
12:24:56.0013 0696 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:56.0013 0696 RasPppoe - ok
12:24:56.0060 0696 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:24:56.0060 0696 RasSstp - ok
12:24:56.0106 0696 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:24:56.0106 0696 rdbss - ok
12:24:56.0138 0696 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:56.0138 0696 RDPCDD - ok
12:24:56.0184 0696 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:24:56.0184 0696 rdpdr - ok
12:24:56.0184 0696 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:24:56.0184 0696 RDPENCDD - ok
12:24:56.0247 0696 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:24:56.0247 0696 RDPWD - ok
12:24:56.0356 0696 Remote UI Service (752402f6bd5fa012805813c329f88dd3) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
12:24:56.0356 0696 Remote UI Service - ok
12:24:56.0387 0696 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:24:56.0387 0696 RemoteAccess - ok
12:24:56.0418 0696 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:24:56.0418 0696 RemoteRegistry - ok
12:24:56.0574 0696 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:24:56.0574 0696 RoxMediaDB9 - ok
12:24:56.0621 0696 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:24:56.0621 0696 RpcLocator - ok
12:24:56.0668 0696 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:24:56.0668 0696 RpcSs - ok
12:24:56.0730 0696 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:24:56.0730 0696 rspndr - ok
12:24:56.0746 0696 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:24:56.0746 0696 SamSs - ok
12:24:56.0777 0696 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:24:56.0777 0696 sbp2port - ok
12:24:56.0824 0696 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:24:56.0824 0696 SCardSvr - ok
12:24:56.0886 0696 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:24:56.0886 0696 Schedule - ok
12:24:56.0933 0696 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:24:56.0933 0696 SCPolicySvc - ok
12:24:56.0964 0696 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:24:56.0964 0696 SDRSVC - ok
12:24:56.0980 0696 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:24:56.0980 0696 secdrv - ok
12:24:56.0980 0696 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:24:56.0980 0696 seclogon - ok
12:24:56.0996 0696 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:24:56.0996 0696 SENS - ok
12:24:57.0011 0696 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:24:57.0011 0696 Serenum - ok
12:24:57.0042 0696 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:24:57.0042 0696 Serial - ok
12:24:57.0074 0696 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:24:57.0074 0696 sermouse - ok
12:24:57.0105 0696 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:24:57.0105 0696 SessionEnv - ok
12:24:57.0120 0696 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
12:24:57.0120 0696 sffdisk - ok
12:24:57.0152 0696 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
12:24:57.0152 0696 sffp_mmc - ok
12:24:57.0167 0696 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
12:24:57.0167 0696 sffp_sd - ok
12:24:57.0183 0696 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:24:57.0183 0696 sfloppy - ok
12:24:57.0214 0696 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:24:57.0230 0696 ShellHWDetection - ok
12:24:57.0261 0696 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:24:57.0261 0696 sisagp - ok
12:24:57.0292 0696 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:24:57.0292 0696 SiSRaid2 - ok
12:24:57.0308 0696 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:24:57.0308 0696 SiSRaid4 - ok
12:24:57.0510 0696 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:24:57.0526 0696 slsvc - ok
12:24:57.0666 0696 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:24:57.0666 0696 SLUINotify - ok
12:24:57.0713 0696 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:24:57.0713 0696 Smb - ok
12:24:57.0744 0696 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:24:57.0744 0696 SNMPTRAP - ok
12:24:57.0760 0696 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:24:57.0760 0696 spldr - ok
12:24:57.0791 0696 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:24:57.0791 0696 Spooler - ok
12:24:57.0822 0696 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:24:57.0822 0696 srv - ok
12:24:57.0869 0696 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:24:57.0869 0696 srv2 - ok
12:24:57.0885 0696 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:24:57.0900 0696 srvnet - ok
12:24:57.0947 0696 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:24:57.0947 0696 SSDPSRV - ok
12:24:57.0963 0696 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:24:57.0963 0696 SstpSvc - ok
12:24:58.0041 0696 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:24:58.0041 0696 stisvc - ok
12:24:58.0072 0696 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:24:58.0072 0696 swenum - ok
12:24:58.0150 0696 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:24:58.0150 0696 swprv - ok
12:24:58.0197 0696 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:24:58.0197 0696 Symc8xx - ok
12:24:58.0212 0696 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:24:58.0212 0696 Sym_hi - ok
12:24:58.0228 0696 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:24:58.0228 0696 Sym_u3 - ok
12:24:58.0275 0696 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:24:58.0290 0696 SysMain - ok
12:24:58.0322 0696 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:24:58.0322 0696 TabletInputService - ok
12:24:58.0368 0696 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:24:58.0368 0696 TapiSrv - ok
12:24:58.0415 0696 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:24:58.0415 0696 TBS - ok
12:24:58.0540 0696 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
12:24:58.0540 0696 Tcpip - ok
12:24:58.0556 0696 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
12:24:58.0556 0696 Tcpip6 - ok
12:24:58.0634 0696 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
12:24:58.0634 0696 tcpipreg - ok
12:24:58.0649 0696 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:24:58.0649 0696 TDPIPE - ok
12:24:58.0665 0696 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:24:58.0665 0696 TDTCP - ok
12:24:58.0680 0696 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:24:58.0696 0696 tdx - ok
12:24:58.0727 0696 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:24:58.0727 0696 TermDD - ok
12:24:58.0758 0696 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:24:58.0774 0696 TermService - ok
12:24:58.0805 0696 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:24:58.0821 0696 Themes - ok
12:24:58.0868 0696 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:24:58.0868 0696 THREADORDER - ok
12:24:58.0883 0696 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:24:58.0883 0696 TrkWks - ok
12:24:58.0946 0696 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:24:58.0946 0696 TrustedInstaller - ok
12:24:58.0961 0696 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:58.0961 0696 tssecsrv - ok
12:24:58.0977 0696 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:24:58.0992 0696 tunmp - ok
12:24:59.0055 0696 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:24:59.0055 0696 tunnel - ok
12:24:59.0070 0696 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:24:59.0070 0696 uagp35 - ok
12:24:59.0117 0696 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:24:59.0133 0696 udfs - ok
12:24:59.0164 0696 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:24:59.0164 0696 UI0Detect - ok
12:24:59.0180 0696 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:24:59.0180 0696 uliagpkx - ok
12:24:59.0242 0696 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:24:59.0258 0696 uliahci - ok
12:24:59.0304 0696 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:24:59.0304 0696 UlSata - ok
12:24:59.0320 0696 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:24:59.0320 0696 ulsata2 - ok
12:24:59.0351 0696 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:24:59.0351 0696 umbus - ok
12:24:59.0382 0696 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:24:59.0382 0696 upnphost - ok
12:24:59.0429 0696 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:24:59.0429 0696 USBAAPL - ok
12:24:59.0476 0696 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:24:59.0476 0696 usbaudio - ok
12:24:59.0476 0696 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:59.0476 0696 usbccgp - ok
12:24:59.0492 0696 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
12:24:59.0492 0696 usbcir - ok
12:24:59.0554 0696 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:24:59.0554 0696 usbehci - ok
12:24:59.0601 0696 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:24:59.0601 0696 usbhub - ok
12:24:59.0616 0696 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:24:59.0616 0696 usbohci - ok
12:24:59.0648 0696 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:24:59.0648 0696 usbprint - ok
12:24:59.0663 0696 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:24:59.0663 0696 usbscan - ok
12:24:59.0726 0696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:59.0726 0696 USBSTOR - ok
12:24:59.0741 0696 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:24:59.0741 0696 usbuhci - ok
12:24:59.0788 0696 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:24:59.0788 0696 UxSms - ok
12:24:59.0835 0696 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:24:59.0850 0696 vds - ok
12:25:00.0318 0696 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:25:00.0318 0696 vga - ok
12:25:00.0599 0696 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:25:00.0599 0696 VgaSave - ok
12:25:00.0708 0696 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:25:00.0708 0696 viaagp - ok
12:25:00.0755 0696 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:25:00.0755 0696 ViaC7 - ok
12:25:00.0786 0696 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:25:00.0786 0696 viaide - ok
12:25:00.0896 0696 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:25:00.0896 0696 Viewpoint Manager Service - ok
12:25:00.0911 0696 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:25:00.0911 0696 volmgr - ok
12:25:00.0974 0696 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:25:00.0974 0696 volmgrx - ok
12:25:01.0067 0696 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:25:01.0067 0696 volsnap - ok
12:25:01.0098 0696 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:25:01.0098 0696 vsmraid - ok
12:25:01.0208 0696 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:25:01.0223 0696 VSS - ok
12:25:01.0270 0696 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:25:01.0270 0696 W32Time - ok
12:25:01.0317 0696 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:25:01.0317 0696 WacomPen - ok
12:25:01.0348 0696 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:01.0348 0696 Wanarp - ok
12:25:01.0348 0696 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:01.0348 0696 Wanarpv6 - ok
12:25:01.0442 0696 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:25:01.0442 0696 wcncsvc - ok
12:25:01.0504 0696 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:25:01.0504 0696 WcsPlugInService - ok
12:25:01.0551 0696 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:25:01.0551 0696 Wd - ok
12:25:01.0582 0696 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:25:01.0582 0696 Wdf01000 - ok
12:25:01.0629 0696 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:25:01.0629 0696 WdiServiceHost - ok
12:25:01.0644 0696 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:25:01.0644 0696 WdiSystemHost - ok
12:25:01.0691 0696 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:25:01.0691 0696 WebClient - ok
12:25:01.0722 0696 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:25:01.0722 0696 Wecsvc - ok
12:25:01.0738 0696 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:25:01.0738 0696 wercplsupport - ok
12:25:01.0785 0696 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:25:01.0785 0696 WerSvc - ok
12:25:01.0847 0696 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:25:01.0847 0696 winachsf - ok
12:25:01.0847 0696 WinHttpAutoProxySvc - ok
12:25:01.0910 0696 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:25:01.0910 0696 Winmgmt - ok
12:25:02.0034 0696 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:25:02.0034 0696 WinRM - ok
12:25:02.0128 0696 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:25:02.0128 0696 Wlansvc - ok
12:25:02.0175 0696 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:25:02.0175 0696 WmiAcpi - ok
12:25:02.0206 0696 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:25:02.0222 0696 wmiApSrv - ok
12:25:02.0315 0696 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:25:02.0315 0696 WMPNetworkSvc - ok
12:25:02.0362 0696 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:25:02.0362 0696 WPCSvc - ok
12:25:02.0440 0696 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:25:02.0440 0696 WPDBusEnum - ok
12:25:02.0502 0696 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:25:02.0502 0696 WpdUsb - ok
12:25:02.0721 0696 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:25:02.0736 0696 WPFFontCache_v0400 - ok
12:25:02.0752 0696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:25:02.0752 0696 ws2ifsl - ok
12:25:02.0752 0696 WSearch - ok
12:25:02.0814 0696 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:25:02.0814 0696 WUDFRd - ok
12:25:02.0846 0696 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:25:02.0846 0696 wudfsvc - ok
12:25:02.0877 0696 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
12:25:02.0877 0696 XAudio - ok
12:25:02.0924 0696 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
12:25:02.0924 0696 XAudioService - ok
12:25:02.0970 0696 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
12:25:03.0017 0696 \Device\Harddisk0\DR0 - ok
12:25:03.0017 0696 MBR (0x1B8) (1db61955601576b622c64349b22c390b) \Device\Harddisk1\DR1
12:25:03.0173 0696 \Device\Harddisk1\DR1 - ok
12:25:03.0189 0696 Boot (0x1200) (50f82a17913fac2bf680718749d83187) \Device\Harddisk0\DR0\Partition0
12:25:03.0189 0696 \Device\Harddisk0\DR0\Partition0 - ok
12:25:03.0189 0696 Boot (0x1200) (fb381a7a81b9cc105cfcd5d9cc0463a5) \Device\Harddisk0\DR0\Partition1
12:25:03.0189 0696 \Device\Harddisk0\DR0\Partition1 - ok
12:25:03.0189 0696 Boot (0x1200) (59be471828956ade096bbc2cb1938f69) \Device\Harddisk1\DR1\Partition0
12:25:03.0189 0696 \Device\Harddisk1\DR1\Partition0 - ok
12:25:03.0189 0696 ============================================================
12:25:03.0189 0696 Scan finished
12:25:03.0189 0696 ============================================================
12:25:03.0204 1924 Detected object count: 0
12:25:03.0204 1924 Actual detected object count: 0
12:25:54.0014 3288 Deinitialize success

#13 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 August 2012 - 12:41 PM

Last one?

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:07 AM

Posted 05 August 2012 - 12:59 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    services.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 sugardaddy5

sugardaddy5
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 August 2012 - 12:59 PM

Well i tried to start up normally and i got logged off within a minute. I turned on MSE and it came up with 2 threats Virus WIN32.Sirefef and Trojan WIN32 and i got shut down before I could apply actions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users