Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted pop ups and other "stuff"


  • This topic is locked This topic is locked
37 replies to this topic

#1 norms

norms

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 02 August 2012 - 11:03 PM

My son's computer got another "virus" and he handed it over to me. He gets multiple unwanted pop ups (spam). Also, when you shut down the computer it says there are PDF's open when there are not. You can tell there is something going on. The machine is not only slow but also "jumpy" when moving around on it. I downloaded and ran Malwarebytes and ran the Eset online scanner and have posted the logs below. I tried to run the DDS scanner and it appears like it scans but when it gets to the end, it freezes up the computer and I get no pop ups with log files. I can't find any script blocking software on the machine. He had Spybot installed on the machine and I uninstalled that. He uses AVG Free and I couldn't seem to disable it. I kept getting error messages from AVG when I tried, so I uninstalled that also, but the DDS scanner still does the same thing. I keep trying to tell him to get real virus software :wink: So right now there is no virus software on his machine and I am writing this on my machine. His machine is to unstable to use anyway with whatever he has going on on it. If I can get someone to help me with this, that would be great. Then he owes me big time. :thumbsup:

Oh, there is also a Highjackthis log at the bottom. For some reason I was able to get that to run.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Genie Engineer :: JUSTIN [administrator]

7/31/2012 8:41:22 PM
mbam-log-2012-07-31 (20-41-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181031
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Genie Engineer\AppData\Local\{3517a39c-31ba-5573-1f54-0f2b2310e824}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Genie Engineer\Documents\Downloads\setup_MightyMagoo_v1.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


ESET log file after cleaning

C:\Users\Genie Engineer\AppData\Local\{3517a39c-31ba-5573-1f54-0f2b2310e824}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\services.exe Win32/Sirefef.FB.Gen trojan unable to clean
Operating memory multiple threats




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:48 PM, on 8/1/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\Taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Genie Engineer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 4244 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 05 August 2012 - 05:05 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 06 August 2012 - 11:33 PM

Hi Gringo, Thanks for the response. As I mentioned in my original post, I am doing all this "stuff" remotely by getting online on my computer and downloading any necessary files to a memory stick and then moving those files on to the infected computer and then running any scans and producing the log files and bringing them back to my computer. I downloaded DeFogger and ran it on the infected computer and it appeared to have finished its process and I rebooted the computer. I ran DDS again and I still get the same thing. The progress bar seems like it runs its course and then it hangs and; no logs. I waited for about 10 minutes. When it hangs, my entire computer locks up. I can't do anything but hit the off button. Then when I go to start it again, it asks me if I want to start in safe mode. I say no and start the machine normally. I looked and can't find anything that looks like a script blocker. There is no protection on the machine at all right now that I can tell.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 06 August 2012 - 11:41 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 06 August 2012 - 11:58 PM

After tapping the F8 key I get the following choices:

safe mode
safe mode with networking
safe mode with command prompt
enable boot logging
enable low resolution video
last known good configuration
directory services restore mode
debugging mode
disable automatic restart on system failure
disable driver signature enforcement
start windows normally

#6 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 07 August 2012 - 12:46 AM

Also, there is no installation disc. This computer was given to my son by his last employer. The closest thing I can see that might be what you are looking for is "Safe Mode with Command Prompt". :question:

#7 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 09 August 2012 - 10:19 PM

Gringo are you still there? I haven't heard from you since August 6th.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 10 August 2012 - 12:18 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 12 August 2012 - 01:08 PM

Ran ComboFix 2 times.

1. It extracted files, paused for a few minutes and minimized to the task bar. Waited 30 minutes then clicked on it in the task bar and it opened but only the header of the window showed and the machine locked up.

2. Got a little farther. Extracted files, got to the place where it says "times may double for badly infected machines" and I waited an hour and nothing happened. I don't believe I saw any hard drive activity. At this point, when I try to close the scan window the machine freezes again. When I started it again it goes to windows recovery screen and I started it normally.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 12 August 2012 - 01:40 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 14 August 2012 - 12:05 AM

Finally, a log file to post. :thumbsup: I think the machine may be shutting down and starting up a bit faster.

ComboFix 12-08-09.01 - Genie Engineer 08/13/2012 21:30:09.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1405.908 [GMT -7:00]
Running from: c:\users\Genie Engineer\Desktop\ComboFix.exe
Command switches used :: /nombr
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\L\00000004.@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\L\201d3dde
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\00000004.@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\00000008.@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\000000cb.@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\80000000.@
c:\windows\Installer\{3517a39c-31ba-5573-1f54-0f2b2310e824}\U\80000032.@
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 04:36 . 2012-08-14 04:40 -------- d-----w- c:\users\Genie Engineer\AppData\Local\temp
2012-08-14 04:36 . 2012-08-14 04:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 05:39 . 2012-08-02 05:39 388096 ----a-r- c:\users\Genie Engineer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-02 05:39 . 2012-08-02 05:39 -------- d-----w- c:\program files\Trend Micro
2012-08-01 04:22 . 2012-08-01 04:22 -------- d-----w- c:\program files\ESET
2012-08-01 03:26 . 2012-08-01 03:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-01 03:26 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 17:13 . 2012-07-29 17:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 23:35 . 2012-05-06 23:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 23:35 . 2011-05-21 17:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-172640406-2716045931-763526224-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172640406-2716045931-763526224-1000Core.job
- c:\users\Genie Engineer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:00]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172640406-2716045931-763526224-1000UA.job
- c:\users\Genie Engineer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: mswsock.dll
TCP: DhcpNameServer = 66.199.187.21 66.199.187.22 4.2.2.2 4.2.2.3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 21:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-08-13 21:46:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 04:46
.
Pre-Run: 11,670,724,608 bytes free
Post-Run: 12,399,218,688 bytes free
.
- - End Of File - - F00C1C869AC24BAAE7FE63EE0150E2EE

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 14 August 2012 - 01:47 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
Services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 14 August 2012 - 11:19 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:10 on 14/08/2012 by Genie Engineer
Administrator - Elevation successful

========== filefind ==========

Searching for "Services.exe"
C:\Windows\System32\services.exe --a---- 279552 bytes [16:47 16/06/2011] [06:27 11/04/2009] 8737764F4FD36D6808EE80578409C843
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [06:12 15/06/2011] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [16:47 16/06/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 15 August 2012 - 08:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:37 AM

Posted 16 August 2012 - 12:25 AM

Hi,

Here are the log files. For some reason TDSKiller produced two logs so I posted both of them. I would like to start using the infected machine online. I quickly turned on the internet connection to update aswMBR to do the scan and then turned it right back off again. Is it alright for me to go online and download the 30 day trial version of eset NOD32 before we complete this process? I'm not comfortable working online without any protection. It would make it easier instead transferring "stuff" back and forth, plus I would be able to see how it is running online. I think I've talked my son in to purchasing the software after we are done. SWEET!


21:31:28.0038 2248 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:31:28.0069 2248 ============================================================
21:31:28.0069 2248 Current date / time: 2012/08/15 21:31:28.0069
21:31:28.0069 2248 SystemInfo:
21:31:28.0069 2248
21:31:28.0069 2248 OS Version: 6.0.6002 ServicePack: 2.0
21:31:28.0069 2248 Product type: Workstation
21:31:28.0069 2248 ComputerName: JUSTIN
21:31:28.0069 2248 UserName: Genie Engineer
21:31:28.0069 2248 Windows directory: C:\Windows
21:31:28.0069 2248 System windows directory: C:\Windows
21:31:28.0069 2248 Processor architecture: Intel x86
21:31:28.0069 2248 Number of processors: 2
21:31:28.0069 2248 Page size: 0x1000
21:31:28.0069 2248 Boot type: Normal boot
21:31:28.0069 2248 ============================================================
21:31:34.0601 2248 BG loaded
21:31:35.0179 2248 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:31:35.0194 2248 Drive \Device\Harddisk1\DR1 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:31:35.0194 2248 ============================================================
21:31:35.0194 2248 \Device\Harddisk0\DR0:
21:31:35.0194 2248 MBR partitions:
21:31:35.0194 2248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9221000
21:31:35.0194 2248 \Device\Harddisk1\DR1:
21:31:35.0194 2248 MBR partitions:
21:31:35.0194 2248 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
21:31:35.0194 2248 ============================================================
21:31:35.0241 2248 C: <-> \Device\Harddisk0\DR0\Partition1
21:31:35.0241 2248 ============================================================
21:31:35.0241 2248 Initialize success
21:31:35.0241 2248 ============================================================



21:28:09.0244 2884 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:28:09.0260 2884 ============================================================
21:28:09.0260 2884 Current date / time: 2012/08/15 21:28:09.0260
21:28:09.0260 2884 SystemInfo:
21:28:09.0276 2884
21:28:09.0276 2884 OS Version: 6.0.6002 ServicePack: 2.0
21:28:09.0276 2884 Product type: Workstation
21:28:09.0276 2884 ComputerName: JUSTIN
21:28:09.0276 2884 UserName: Genie Engineer
21:28:09.0276 2884 Windows directory: C:\Windows
21:28:09.0276 2884 System windows directory: C:\Windows
21:28:09.0276 2884 Processor architecture: Intel x86
21:28:09.0276 2884 Number of processors: 2
21:28:09.0276 2884 Page size: 0x1000
21:28:09.0276 2884 Boot type: Normal boot
21:28:09.0276 2884 ============================================================
21:28:10.0541 2884 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:28:10.0541 2884 Drive \Device\Harddisk1\DR1 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:28:10.0541 2884 ============================================================
21:28:10.0541 2884 \Device\Harddisk0\DR0:
21:28:10.0541 2884 MBR partitions:
21:28:10.0541 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9221000
21:28:10.0541 2884 \Device\Harddisk1\DR1:
21:28:10.0541 2884 MBR partitions:
21:28:10.0541 2884 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
21:28:10.0541 2884 ============================================================
21:28:10.0588 2884 C: <-> \Device\Harddisk0\DR0\Partition1
21:28:10.0588 2884 ============================================================
21:28:10.0588 2884 Initialize success
21:28:10.0588 2884 ============================================================
21:28:14.0182 2996 ============================================================
21:28:14.0182 2996 Scan started
21:28:14.0182 2996 Mode: Manual;
21:28:14.0182 2996 ============================================================
21:28:14.0494 2996 ================ Scan services =============================
21:28:14.0713 2996 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:28:14.0713 2996 ACPI - ok
21:28:14.0776 2996 [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:28:14.0791 2996 adp94xx - ok
21:28:14.0822 2996 [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:28:14.0822 2996 adpahci - ok
21:28:14.0854 2996 [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:28:14.0854 2996 adpu160m - ok
21:28:14.0885 2996 [ 9ae713f8e30efc2abccd84904333df4d ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:28:14.0885 2996 adpu320 - ok
21:28:14.0932 2996 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:28:14.0932 2996 AeLookupSvc - ok
21:28:14.0994 2996 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
21:28:14.0994 2996 AFD - ok
21:28:15.0072 2996 [ 5d97943c128ed756d1b0a08302c1b1f8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
21:28:15.0088 2996 AgereSoftModem - ok
21:28:15.0119 2996 [ ef23439cdd587f64c2c1b8825cead7d8 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:28:15.0119 2996 agp440 - ok
21:28:15.0166 2996 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:28:15.0166 2996 aic78xx - ok
21:28:15.0213 2996 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
21:28:15.0229 2996 ALG - ok
21:28:15.0244 2996 [ 90395b64600ebb4552e26e178c94b2e4 ] aliide C:\Windows\system32\drivers\aliide.sys
21:28:15.0244 2996 aliide - ok
21:28:15.0260 2996 [ 2b13e304c9dfdfa5eb582f6a149fa2c7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:28:15.0260 2996 amdagp - ok
21:28:15.0291 2996 [ 0577df1d323fe75a739c787893d300ea ] amdide C:\Windows\system32\drivers\amdide.sys
21:28:15.0291 2996 amdide - ok
21:28:15.0322 2996 [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:28:15.0322 2996 AmdK7 - ok
21:28:15.0338 2996 [ 0ca0071da4315b00fc1328ca86b425da ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:28:15.0338 2996 AmdK8 - ok
21:28:15.0401 2996 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
21:28:15.0401 2996 Appinfo - ok
21:28:15.0447 2996 [ 5f673180268bb1fdb69c99b6619fe379 ] arc C:\Windows\system32\drivers\arc.sys
21:28:15.0447 2996 arc - ok
21:28:15.0494 2996 [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:28:15.0494 2996 arcsas - ok
21:28:15.0541 2996 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:15.0541 2996 AsyncMac - ok
21:28:15.0604 2996 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:28:15.0604 2996 atapi - ok
21:28:15.0682 2996 [ 6046a55f79de9c581b8d5e9c1366cc81 ] athr C:\Windows\system32\DRIVERS\athr.sys
21:28:15.0682 2996 athr - ok
21:28:15.0760 2996 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:15.0776 2996 AudioEndpointBuilder - ok
21:28:15.0807 2996 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:28:15.0807 2996 Audiosrv - ok
21:28:15.0869 2996 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:28:15.0869 2996 Beep - ok
21:28:15.0963 2996 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
21:28:15.0963 2996 BFE - ok
21:28:16.0010 2996 blbdrive - ok
21:28:16.0072 2996 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:28:16.0072 2996 bowser - ok
21:28:16.0104 2996 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:28:16.0104 2996 BrFiltLo - ok
21:28:16.0135 2996 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:28:16.0135 2996 BrFiltUp - ok
21:28:16.0197 2996 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
21:28:16.0197 2996 Browser - ok
21:28:16.0229 2996 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:28:16.0229 2996 Brserid - ok
21:28:16.0244 2996 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:28:16.0260 2996 BrSerWdm - ok
21:28:16.0276 2996 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:28:16.0291 2996 BrUsbMdm - ok
21:28:16.0307 2996 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:28:16.0307 2996 BrUsbSer - ok
21:28:16.0338 2996 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:28:16.0338 2996 BTHMODEM - ok
21:28:16.0369 2996 catchme - ok
21:28:16.0416 2996 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:28:16.0416 2996 cdfs - ok
21:28:16.0479 2996 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:28:16.0494 2996 cdrom - ok
21:28:16.0541 2996 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:28:16.0541 2996 CertPropSvc - ok
21:28:16.0588 2996 [ da8e0afc7baa226c538ef53ac2f90897 ] circlass C:\Windows\system32\drivers\circlass.sys
21:28:16.0588 2996 circlass - ok
21:28:16.0666 2996 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
21:28:16.0666 2996 CLFS - ok
21:28:16.0729 2996 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:16.0744 2996 clr_optimization_v2.0.50727_32 - ok
21:28:16.0807 2996 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:16.0807 2996 clr_optimization_v4.0.30319_32 - ok
21:28:16.0869 2996 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:16.0869 2996 CmBatt - ok
21:28:16.0916 2996 [ 45201046c776ffdaf3fc8a0029c581c8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:28:16.0916 2996 cmdide - ok
21:28:16.0963 2996 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:28:16.0963 2996 Compbatt - ok
21:28:16.0979 2996 COMSysApp - ok
21:28:17.0010 2996 [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:28:17.0010 2996 crcdisk - ok
21:28:17.0041 2996 [ 22a7f883508176489f559ee745b5bf5d ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:28:17.0041 2996 Crusoe - ok
21:28:17.0104 2996 [ fb27772beaf8e1d28ccd825c09da939b ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:28:17.0119 2996 CryptSvc - ok
21:28:17.0197 2996 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:28:17.0213 2996 DcomLaunch - ok
21:28:17.0276 2996 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:28:17.0276 2996 DfsC - ok
21:28:17.0432 2996 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
21:28:17.0463 2996 DFSR - ok
21:28:17.0526 2996 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:28:17.0526 2996 Dhcp - ok
21:28:17.0588 2996 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
21:28:17.0588 2996 disk - ok
21:28:17.0651 2996 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:28:17.0666 2996 Dnscache - ok
21:28:17.0713 2996 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:28:17.0729 2996 dot3svc - ok
21:28:17.0791 2996 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
21:28:17.0791 2996 DPS - ok
21:28:17.0838 2996 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:28:17.0838 2996 drmkaud - ok
21:28:17.0932 2996 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:28:17.0947 2996 DXGKrnl - ok
21:28:17.0979 2996 [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:28:17.0979 2996 E1G60 - ok
21:28:18.0041 2996 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
21:28:18.0041 2996 EapHost - ok
21:28:18.0104 2996 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:28:18.0119 2996 Ecache - ok
21:28:18.0151 2996 [ e8f3f21a71720c84bcf423b80028359f ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:28:18.0166 2996 elxstor - ok
21:28:18.0260 2996 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:28:18.0276 2996 EMDMgmt - ok
21:28:18.0369 2996 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
21:28:18.0369 2996 EventSystem - ok
21:28:18.0432 2996 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
21:28:18.0447 2996 exfat - ok
21:28:18.0510 2996 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:28:18.0510 2996 fastfat - ok
21:28:18.0541 2996 [ 63bdada84951b9c03e641800e176898a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:28:18.0557 2996 fdc - ok
21:28:18.0604 2996 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:28:18.0604 2996 fdPHost - ok
21:28:18.0635 2996 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:28:18.0635 2996 FDResPub - ok
21:28:18.0697 2996 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:28:18.0697 2996 FileInfo - ok
21:28:18.0760 2996 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:28:18.0760 2996 Filetrace - ok
21:28:18.0791 2996 [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:18.0791 2996 flpydisk - ok
21:28:18.0854 2996 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:28:18.0869 2996 FltMgr - ok
21:28:18.0963 2996 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
21:28:18.0979 2996 FontCache - ok
21:28:19.0057 2996 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:19.0057 2996 FontCache3.0.0.0 - ok
21:28:19.0072 2996 [ 65ea8b77b5851854f0c55c43fa51a198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:28:19.0072 2996 Fs_Rec - ok
21:28:19.0135 2996 [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:28:19.0151 2996 gagp30kx - ok
21:28:19.0260 2996 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:28:19.0338 2996 gpsvc - ok
21:28:19.0416 2996 [ 3f90e001369a07243763bd5a523d8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:19.0432 2996 HdAudAddService - ok
21:28:19.0510 2996 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:19.0510 2996 HDAudBus - ok
21:28:19.0541 2996 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:28:19.0541 2996 HidBth - ok
21:28:19.0572 2996 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
21:28:19.0572 2996 HidIr - ok
21:28:19.0635 2996 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\System32\hidserv.dll
21:28:19.0651 2996 hidserv - ok
21:28:19.0697 2996 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:28:19.0697 2996 HidUsb - ok
21:28:19.0760 2996 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:28:19.0760 2996 hkmsvc - ok
21:28:19.0791 2996 [ df353b401001246853763c4b7aaa6f50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:28:19.0807 2996 HpCISSs - ok
21:28:19.0869 2996 [ 0eeeca26c8d4bde2a4664db058a81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:28:19.0885 2996 HTTP - ok
21:28:19.0901 2996 [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:28:19.0901 2996 i2omp - ok
21:28:19.0963 2996 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:19.0963 2996 i8042prt - ok
21:28:20.0010 2996 [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:28:20.0010 2996 iaStorV - ok
21:28:20.0088 2996 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:28:20.0088 2996 IDriverT - ok
21:28:20.0197 2996 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:20.0213 2996 idsvc - ok
21:28:20.0244 2996 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:28:20.0260 2996 iirsp - ok
21:28:20.0322 2996 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:28:20.0338 2996 IKEEXT - ok
21:28:20.0369 2996 [ 97469037714070e45194ed318d636401 ] intelide C:\Windows\system32\drivers\intelide.sys
21:28:20.0369 2996 intelide - ok
21:28:20.0416 2996 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:28:20.0416 2996 intelppm - ok
21:28:20.0463 2996 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:28:20.0479 2996 IPBusEnum - ok
21:28:20.0541 2996 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:20.0541 2996 IpFilterDriver - ok
21:28:20.0588 2996 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:28:20.0604 2996 iphlpsvc - ok
21:28:20.0604 2996 IpInIp - ok
21:28:20.0651 2996 [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:28:20.0651 2996 IPMIDRV - ok
21:28:20.0697 2996 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:28:20.0697 2996 IPNAT - ok
21:28:20.0760 2996 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:28:20.0760 2996 IRENUM - ok
21:28:20.0807 2996 [ 350fca7e73cf65bcef43fae1e4e91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:28:20.0807 2996 isapnp - ok
21:28:20.0885 2996 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:28:20.0885 2996 iScsiPrt - ok
21:28:20.0916 2996 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:28:20.0916 2996 iteatapi - ok
21:28:20.0947 2996 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:28:20.0947 2996 iteraid - ok
21:28:20.0994 2996 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:20.0994 2996 kbdclass - ok
21:28:21.0057 2996 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:21.0057 2996 kbdhid - ok
21:28:21.0104 2996 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
21:28:21.0104 2996 KeyIso - ok
21:28:21.0182 2996 [ 2b2f1638466e8cb091400c9019cc730e ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:28:21.0182 2996 KSecDD - ok
21:28:21.0260 2996 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:28:21.0276 2996 KtmRm - ok
21:28:21.0338 2996 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\System32\srvsvc.dll
21:28:21.0338 2996 LanmanServer - ok
21:28:21.0385 2996 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:21.0401 2996 LanmanWorkstation - ok
21:28:21.0463 2996 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:28:21.0463 2996 lltdio - ok
21:28:21.0526 2996 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:28:21.0541 2996 lltdsvc - ok
21:28:21.0572 2996 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:28:21.0572 2996 lmhosts - ok
21:28:21.0619 2996 [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:28:21.0619 2996 LSI_FC - ok
21:28:21.0651 2996 [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:28:21.0651 2996 LSI_SAS - ok
21:28:21.0682 2996 [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:28:21.0682 2996 LSI_SCSI - ok
21:28:21.0744 2996 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
21:28:21.0744 2996 luafv - ok
21:28:21.0776 2996 [ d153b14fc6598eae8422a2037553adce ] megasas C:\Windows\system32\drivers\megasas.sys
21:28:21.0776 2996 megasas - ok
21:28:21.0838 2996 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:28:21.0838 2996 MMCSS - ok
21:28:21.0885 2996 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
21:28:21.0885 2996 Modem - ok
21:28:21.0947 2996 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:28:21.0947 2996 monitor - ok
21:28:21.0994 2996 [ 201bfc4ef8b33d02d133fbf6535e515b ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
21:28:21.0994 2996 motccgp - ok
21:28:22.0026 2996 [ d0242a3832eb7c97801bb25889561e23 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
21:28:22.0026 2996 motccgpfl - ok
21:28:22.0072 2996 [ fe80c18ba448ddd76b7bead9eb203d37 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
21:28:22.0072 2996 motmodem - ok
21:28:22.0088 2996 [ fe80c18ba448ddd76b7bead9eb203d37 ] motport C:\Windows\system32\DRIVERS\motport.sys
21:28:22.0104 2996 motport - ok
21:28:22.0151 2996 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:28:22.0151 2996 mouclass - ok
21:28:22.0213 2996 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:28:22.0213 2996 mouhid - ok
21:28:22.0276 2996 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:28:22.0276 2996 MountMgr - ok
21:28:22.0322 2996 [ 583a41f26278d9e0ea548163d6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
21:28:22.0322 2996 mpio - ok
21:28:22.0385 2996 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:28:22.0385 2996 mpsdrv - ok
21:28:22.0510 2996 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
21:28:22.0526 2996 MpsSvc - ok
21:28:22.0557 2996 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:28:22.0557 2996 Mraid35x - ok
21:28:22.0619 2996 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:28:22.0619 2996 MRxDAV - ok
21:28:22.0682 2996 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:22.0682 2996 mrxsmb - ok
21:28:22.0744 2996 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:22.0760 2996 mrxsmb10 - ok
21:28:22.0791 2996 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:22.0791 2996 mrxsmb20 - ok
21:28:22.0838 2996 [ 742aed7939e734c36b7e8d6228ce26b7 ] msahci C:\Windows\system32\drivers\msahci.sys
21:28:22.0838 2996 msahci - ok
21:28:22.0869 2996 [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:28:22.0869 2996 msdsm - ok
21:28:22.0932 2996 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
21:28:22.0932 2996 MSDTC - ok
21:28:23.0010 2996 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:28:23.0010 2996 Msfs - ok
21:28:23.0072 2996 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:28:23.0072 2996 msisadrv - ok
21:28:23.0119 2996 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:28:23.0135 2996 MSiSCSI - ok
21:28:23.0151 2996 msiserver - ok
21:28:23.0197 2996 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:28:23.0213 2996 MSKSSRV - ok
21:28:23.0260 2996 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:23.0260 2996 MSPCLOCK - ok
21:28:23.0276 2996 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:28:23.0276 2996 MSPQM - ok
21:28:23.0338 2996 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:28:23.0354 2996 MsRPC - ok
21:28:23.0385 2996 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:23.0385 2996 mssmbios - ok
21:28:23.0416 2996 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:28:23.0416 2996 MSTEE - ok
21:28:23.0666 2996 [ 73fa09b84b23a1897809a84f976d5d99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:28:23.0744 2996 msvsmon80 - ok
21:28:23.0822 2996 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
21:28:23.0838 2996 Mup - ok
21:28:23.0916 2996 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
21:28:23.0932 2996 napagent - ok
21:28:23.0994 2996 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:28:24.0010 2996 NativeWifiP - ok
21:28:24.0088 2996 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:28:24.0104 2996 NDIS - ok
21:28:24.0151 2996 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:24.0151 2996 NdisTapi - ok
21:28:24.0197 2996 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:24.0197 2996 Ndisuio - ok
21:28:24.0229 2996 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:24.0244 2996 NdisWan - ok
21:28:24.0307 2996 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:28:24.0307 2996 NDProxy - ok
21:28:24.0369 2996 [ 80b7a96f908da13617e7e6832c5c6a64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:28:24.0369 2996 Net Driver HPZ12 - ok
21:28:24.0432 2996 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:28:24.0447 2996 NetBIOS - ok
21:28:24.0557 2996 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:28:24.0572 2996 netbt - ok
21:28:24.0588 2996 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
21:28:24.0588 2996 Netlogon - ok
21:28:24.0666 2996 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
21:28:24.0682 2996 Netman - ok
21:28:24.0744 2996 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
21:28:24.0760 2996 netprofm - ok
21:28:24.0807 2996 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:24.0822 2996 NetTcpPortSharing - ok
21:28:24.0854 2996 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:28:24.0854 2996 nfrd960 - ok
21:28:24.0916 2996 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:28:24.0932 2996 NlaSvc - ok
21:28:24.0994 2996 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:28:24.0994 2996 Npfs - ok
21:28:25.0057 2996 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
21:28:25.0057 2996 nsi - ok
21:28:25.0104 2996 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:28:25.0104 2996 nsiproxy - ok
21:28:25.0229 2996 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:28:25.0244 2996 Ntfs - ok
21:28:25.0276 2996 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:28:25.0291 2996 ntrigdigi - ok
21:28:25.0322 2996 [ cf7e041663119e09d2e118521ada9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
21:28:25.0322 2996 NuidFltr - ok
21:28:25.0369 2996 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
21:28:25.0369 2996 Null - ok
21:28:25.0401 2996 [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:28:25.0401 2996 nvraid - ok
21:28:25.0432 2996 [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:28:25.0432 2996 nvstor - ok
21:28:25.0463 2996 [ 07c186427eb8fcc3d8d7927187f260f7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:28:25.0463 2996 nv_agp - ok
21:28:25.0479 2996 NwlnkFlt - ok
21:28:25.0494 2996 NwlnkFwd - ok
21:28:25.0588 2996 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:28:25.0604 2996 odserv - ok
21:28:25.0635 2996 [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:28:25.0651 2996 ohci1394 - ok
21:28:25.0697 2996 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:25.0713 2996 ose - ok
21:28:25.0791 2996 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:28:25.0822 2996 p2pimsvc - ok
21:28:25.0854 2996 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:28:25.0869 2996 p2psvc - ok
21:28:25.0916 2996 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
21:28:25.0916 2996 Parport - ok
21:28:25.0979 2996 [ 57389fa59a36d96b3eb09d0cb91e9cdc ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:28:25.0979 2996 partmgr - ok
21:28:25.0994 2996 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:28:25.0994 2996 Parvdm - ok
21:28:26.0057 2996 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
21:28:26.0072 2996 PcaSvc - ok
21:28:26.0119 2996 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
21:28:26.0119 2996 pci - ok
21:28:26.0182 2996 [ 1636d43f10416aeb483bc6001097b26c ] pciide C:\Windows\system32\drivers\pciide.sys
21:28:26.0182 2996 pciide - ok
21:28:26.0244 2996 [ 3bb2244f343b610c29c98035504c9b75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:26.0260 2996 pcmcia - ok
21:28:26.0322 2996 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:28:26.0354 2996 PEAUTH - ok
21:28:26.0526 2996 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
21:28:26.0572 2996 pla - ok
21:28:26.0651 2996 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:28:26.0666 2996 PlugPlay - ok
21:28:26.0682 2996 [ 0c155c5d8942b3cbcf9506a9d376b9ad ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:28:26.0697 2996 Pml Driver HPZ12 - ok
21:28:26.0760 2996 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:28:26.0776 2996 PNRPAutoReg - ok
21:28:26.0807 2996 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:28:26.0822 2996 PNRPsvc - ok
21:28:26.0869 2996 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:28:26.0869 2996 PolicyAgent - ok
21:28:26.0932 2996 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:28:26.0947 2996 PptpMiniport - ok
21:28:26.0963 2996 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
21:28:26.0963 2996 Processor - ok
21:28:27.0026 2996 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:28:27.0041 2996 ProfSvc - ok
21:28:27.0072 2996 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:27.0072 2996 ProtectedStorage - ok
21:28:27.0151 2996 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:28:27.0151 2996 PSched - ok
21:28:27.0244 2996 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:28:27.0260 2996 ql2300 - ok
21:28:27.0291 2996 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:28:27.0291 2996 ql40xx - ok
21:28:27.0354 2996 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
21:28:27.0369 2996 QWAVE - ok
21:28:27.0432 2996 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:28:27.0432 2996 QWAVEdrv - ok
21:28:27.0572 2996 [ e642b131fb74caf4bb8a014f31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:27.0604 2996 R300 - ok
21:28:27.0651 2996 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:28:27.0651 2996 RasAcd - ok
21:28:27.0713 2996 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
21:28:27.0713 2996 RasAuto - ok
21:28:27.0776 2996 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:27.0776 2996 Rasl2tp - ok
21:28:27.0854 2996 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
21:28:27.0869 2996 RasMan - ok
21:28:27.0932 2996 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:27.0932 2996 RasPppoe - ok
21:28:27.0994 2996 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:28:27.0994 2996 RasSstp - ok
21:28:28.0057 2996 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:28:28.0072 2996 rdbss - ok
21:28:28.0135 2996 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:28.0135 2996 RDPCDD - ok
21:28:28.0182 2996 [ e8bd98d46f2ed77132ba927fccb47d8b ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:28:28.0197 2996 rdpdr - ok
21:28:28.0213 2996 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:28:28.0213 2996 RDPENCDD - ok
21:28:28.0276 2996 [ 30bfbdfb7f95559ede971f9ddb9a00ba ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:28:28.0291 2996 RDPWD - ok
21:28:28.0354 2996 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:28:28.0354 2996 RemoteAccess - ok
21:28:28.0416 2996 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:28:28.0432 2996 RemoteRegistry - ok
21:28:28.0479 2996 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
21:28:28.0479 2996 RpcLocator - ok
21:28:28.0526 2996 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
21:28:28.0541 2996 RpcSs - ok
21:28:28.0588 2996 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:28:28.0604 2996 rspndr - ok
21:28:28.0635 2996 [ 959ef612d2ccfdb6d9e443f8e3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:28:28.0635 2996 RTL8023xp - ok
21:28:28.0651 2996 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
21:28:28.0651 2996 SamSs - ok
21:28:28.0697 2996 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:28:28.0697 2996 sbp2port - ok
21:28:28.0760 2996 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:28:28.0776 2996 SCardSvr - ok
21:28:28.0854 2996 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
21:28:28.0869 2996 Schedule - ok
21:28:28.0885 2996 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:28:28.0885 2996 SCPolicySvc - ok
21:28:28.0947 2996 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:28:28.0963 2996 SDRSVC - ok
21:28:28.0979 2996 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:28:28.0979 2996 secdrv - ok
21:28:29.0041 2996 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
21:28:29.0041 2996 seclogon - ok
21:28:29.0072 2996 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\system32\sens.dll
21:28:29.0072 2996 SENS - ok
21:28:29.0104 2996 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:28:29.0104 2996 Serenum - ok
21:28:29.0135 2996 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
21:28:29.0151 2996 Serial - ok
21:28:29.0197 2996 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:28:29.0197 2996 sermouse - ok
21:28:29.0291 2996 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:28:29.0307 2996 SessionEnv - ok
21:28:29.0322 2996 [ 103b79418da647736ee95645f305f68a ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:28:29.0338 2996 sffdisk - ok
21:28:29.0354 2996 [ 8fd08a310645fe872eeec6e08c6bf3ee ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:28:29.0354 2996 sffp_mmc - ok
21:28:29.0385 2996 [ 9cfa05fcfcb7124e69cfc812b72f9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:28:29.0385 2996 sffp_sd - ok
21:28:29.0416 2996 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:28:29.0416 2996 sfloppy - ok
21:28:29.0479 2996 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:28:29.0494 2996 SharedAccess - ok
21:28:29.0572 2996 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:29.0588 2996 ShellHWDetection - ok
21:28:29.0604 2996 [ d2a595d6eebeeaf4334f8e50efbc9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:28:29.0604 2996 sisagp - ok
21:28:29.0651 2996 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:28:29.0651 2996 SiSRaid2 - ok
21:28:29.0682 2996 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:28:29.0682 2996 SiSRaid4 - ok
21:28:29.0916 2996 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
21:28:30.0026 2996 slsvc - ok
21:28:30.0104 2996 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:28:30.0104 2996 SLUINotify - ok
21:28:30.0182 2996 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:28:30.0182 2996 Smb - ok
21:28:30.0244 2996 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:28:30.0244 2996 SNMPTRAP - ok
21:28:30.0338 2996 [ 4945020bc094c322571184a6e8056b3a ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
21:28:30.0338 2996 SolidWorks Licensing Service - ok
21:28:30.0385 2996 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
21:28:30.0385 2996 spldr - ok
21:28:30.0447 2996 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
21:28:30.0463 2996 Spooler - ok
21:28:30.0510 2996 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:28:30.0526 2996 srv - ok
21:28:30.0588 2996 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:28:30.0588 2996 srv2 - ok
21:28:30.0635 2996 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:28:30.0651 2996 srvnet - ok
21:28:30.0697 2996 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:28:30.0713 2996 SSDPSRV - ok
21:28:30.0776 2996 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:28:30.0791 2996 SstpSvc - ok
21:28:30.0854 2996 [ ef70b3d22b4bffda6ea851ecb063efaa ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:28:30.0854 2996 StillCam - ok
21:28:30.0932 2996 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
21:28:30.0947 2996 stisvc - ok
21:28:30.0979 2996 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:28:30.0979 2996 swenum - ok
21:28:31.0057 2996 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
21:28:31.0072 2996 swprv - ok
21:28:31.0104 2996 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:28:31.0104 2996 Symc8xx - ok
21:28:31.0135 2996 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:28:31.0135 2996 Sym_hi - ok
21:28:31.0197 2996 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:28:31.0197 2996 Sym_u3 - ok
21:28:31.0276 2996 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
21:28:31.0307 2996 SysMain - ok
21:28:31.0338 2996 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:31.0354 2996 TabletInputService - ok
21:28:31.0432 2996 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:28:31.0432 2996 TapiSrv - ok
21:28:31.0494 2996 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
21:28:31.0510 2996 TBS - ok
21:28:31.0604 2996 [ 814a1c66fbd4e1b310a517221f1456bf ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:28:31.0619 2996 Tcpip - ok
21:28:31.0666 2996 [ 814a1c66fbd4e1b310a517221f1456bf ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:28:31.0682 2996 Tcpip6 - ok
21:28:31.0713 2996 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:28:31.0713 2996 tcpipreg - ok
21:28:31.0776 2996 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:28:31.0776 2996 TDPIPE - ok
21:28:31.0807 2996 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:28:31.0807 2996 TDTCP - ok
21:28:31.0869 2996 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:28:31.0869 2996 tdx - ok
21:28:31.0916 2996 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:28:31.0916 2996 TermDD - ok
21:28:31.0994 2996 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
21:28:32.0010 2996 TermService - ok
21:28:32.0057 2996 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
21:28:32.0057 2996 Themes - ok
21:28:32.0088 2996 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:28:32.0088 2996 THREADORDER - ok
21:28:32.0151 2996 [ a1124ebc672aa3ae1b327096c1dcc346 ] TIEHDUSB C:\Windows\system32\drivers\tiehdusb.sys
21:28:32.0151 2996 TIEHDUSB - ok
21:28:32.0213 2996 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
21:28:32.0229 2996 TrkWks - ok
21:28:32.0338 2996 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:32.0338 2996 TrustedInstaller - ok
21:28:32.0401 2996 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:32.0401 2996 tssecsrv - ok
21:28:32.0447 2996 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:28:32.0447 2996 tunmp - ok
21:28:32.0463 2996 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:28:32.0463 2996 tunnel - ok
21:28:32.0526 2996 [ 792a8b80f8188aba4b2be271583f3e46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:28:32.0526 2996 TVALZ - ok
21:28:32.0557 2996 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:28:32.0557 2996 uagp35 - ok
21:28:32.0635 2996 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:28:32.0651 2996 udfs - ok
21:28:32.0713 2996 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:28:32.0729 2996 UI0Detect - ok
21:28:32.0760 2996 [ 75e6890ebfce0841d3291b02e7a8bdb0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:28:32.0760 2996 uliagpkx - ok
21:28:32.0791 2996 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:28:32.0807 2996 uliahci - ok
21:28:32.0822 2996 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:28:32.0838 2996 UlSata - ok
21:28:32.0869 2996 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:28:32.0869 2996 ulsata2 - ok
21:28:32.0916 2996 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:28:32.0916 2996 umbus - ok
21:28:32.0979 2996 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
21:28:32.0994 2996 upnphost - ok
21:28:33.0057 2996 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:33.0072 2996 usbccgp - ok
21:28:33.0104 2996 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:28:33.0104 2996 usbcir - ok
21:28:33.0166 2996 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:28:33.0166 2996 usbehci - ok
21:28:33.0213 2996 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:28:33.0229 2996 usbhub - ok
21:28:33.0276 2996 [ ce697fee0d479290d89bec80dfe793b7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:28:33.0291 2996 usbohci - ok
21:28:33.0307 2996 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:28:33.0307 2996 usbprint - ok
21:28:33.0354 2996 [ a508c9bd8724980512136b039bba65e9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:28:33.0354 2996 usbscan - ok
21:28:33.0385 2996 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:33.0385 2996 USBSTOR - ok
21:28:33.0416 2996 [ 325dbbacb8a36af9988ccf40eac228cc ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:33.0416 2996 usbuhci - ok
21:28:33.0479 2996 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
21:28:33.0494 2996 UxSms - ok
21:28:33.0557 2996 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
21:28:33.0572 2996 vds - ok
21:28:33.0619 2996 [ 7d92be0028ecdedec74617009084b5ef ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:33.0619 2996 vga - ok
21:28:33.0666 2996 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
21:28:33.0666 2996 VgaSave - ok
21:28:33.0697 2996 [ 045d9961e591cf0674a920b6ba3ba5cb ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:28:33.0697 2996 viaagp - ok
21:28:33.0729 2996 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:28:33.0729 2996 ViaC7 - ok
21:28:33.0760 2996 [ fd2e3175fcada350c7ab4521dca187ec ] viaide C:\Windows\system32\drivers\viaide.sys
21:28:33.0760 2996 viaide - ok
21:28:33.0791 2996 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:28:33.0791 2996 volmgr - ok
21:28:33.0854 2996 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:28:33.0869 2996 volmgrx - ok
21:28:33.0947 2996 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:28:33.0963 2996 volsnap - ok
21:28:34.0010 2996 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:28:34.0010 2996 vsmraid - ok
21:28:34.0119 2996 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
21:28:34.0135 2996 VSS - ok
21:28:34.0197 2996 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
21:28:34.0213 2996 W32Time - ok
21:28:34.0244 2996 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:28:34.0244 2996 WacomPen - ok
21:28:34.0307 2996 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:28:34.0307 2996 Wanarp - ok
21:28:34.0307 2996 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:28:34.0322 2996 Wanarpv6 - ok
21:28:34.0401 2996 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:28:34.0416 2996 wcncsvc - ok
21:28:34.0479 2996 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:34.0479 2996 WcsPlugInService - ok
21:28:34.0526 2996 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
21:28:34.0526 2996 Wd - ok
21:28:34.0588 2996 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:28:34.0604 2996 Wdf01000 - ok
21:28:34.0666 2996 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:28:34.0666 2996 WdiServiceHost - ok
21:28:34.0682 2996 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:28:34.0697 2996 WdiSystemHost - ok
21:28:34.0760 2996 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
21:28:34.0776 2996 WebClient - ok
21:28:34.0822 2996 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:28:34.0822 2996 Wecsvc - ok
21:28:34.0885 2996 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:28:34.0885 2996 wercplsupport - ok
21:28:34.0947 2996 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:28:34.0947 2996 WerSvc - ok
21:28:35.0041 2996 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:28:35.0057 2996 WinDefend - ok
21:28:35.0088 2996 WinHttpAutoProxySvc - ok
21:28:35.0197 2996 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:28:35.0197 2996 Winmgmt - ok
21:28:35.0307 2996 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:28:35.0354 2996 WinRM - ok
21:28:35.0447 2996 [ 676f4b665bdd8053eaa53ac1695b8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
21:28:35.0447 2996 WinUSB - ok
21:28:35.0510 2996 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:28:35.0541 2996 Wlansvc - ok
21:28:35.0588 2996 [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:28:35.0604 2996 WmiAcpi - ok
21:28:35.0666 2996 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:28:35.0682 2996 wmiApSrv - ok
21:28:35.0791 2996 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:28:35.0807 2996 WMPNetworkSvc - ok
21:28:35.0901 2996 [ 017695393afffed8de58abd1b085be6d ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
21:28:35.0916 2996 WMZuneComm - ok
21:28:35.0947 2996 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:28:35.0963 2996 WPCSvc - ok
21:28:36.0026 2996 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:28:36.0041 2996 WPDBusEnum - ok
21:28:36.0119 2996 [ de9d36f91a4df3d911626643debf11ea ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:28:36.0119 2996 WpdUsb - ok
21:28:36.0229 2996 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:28:36.0244 2996 WPFFontCache_v0400 - ok
21:28:36.0291 2996 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:28:36.0291 2996 ws2ifsl - ok
21:28:36.0354 2996 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\system32\wscsvc.dll
21:28:36.0354 2996 wscsvc - ok
21:28:36.0369 2996 WSearch - ok
21:28:36.0526 2996 [ 6298277b73c77fa99106b271a7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
21:28:36.0588 2996 wuauserv - ok
21:28:36.0619 2996 [ 6f9b6c0c93232cff47d0f72d6db1d21e ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:28:36.0635 2996 WudfPf - ok
21:28:36.0682 2996 [ f91ff1e51fca30b3c3981db7d5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:36.0682 2996 WUDFRd - ok
21:28:36.0713 2996 [ 2c0206ff8d2c75ac027d1096fa2fafda ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:28:36.0713 2996 wudfsvc - ok
21:28:37.0119 2996 [ 1076df9ade4e13ea3bf39d2165aeb903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
21:28:37.0416 2996 ZuneNetworkSvc - ok
21:28:37.0510 2996 [ de1cdb333a402b279f04d627122fa08e ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
21:28:37.0526 2996 ZuneWlanCfgSvc - ok
21:28:37.0557 2996 ================ Scan global ===============================
21:28:37.0635 2996 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
21:28:37.0713 2996 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
21:28:37.0760 2996 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
21:28:37.0822 2996 (8737764f4fd36d6808ee80578409c843) C:\Windows\system32\services.exe
21:28:37.0838 2996 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
21:28:37.0838 2996 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
21:28:37.0838 2996 ================ Scan MBR ==================================
21:28:37.0869 2996 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:28:38.0135 2996 \Device\Harddisk0\DR0 - ok
21:28:38.0151 2996 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
21:28:38.0166 2996 \Device\Harddisk1\DR1 - ok
21:28:38.0166 2996 ================ Scan VBR ==================================
21:28:38.0182 2996 Boot (0x1200) (7c72bbac4bbeebf1181721b53fda3afa) \Device\Harddisk0\DR0\Partition1
21:28:38.0182 2996 \Device\Harddisk0\DR0\Partition1 - ok
21:28:38.0197 2996 Boot (0x1200) (849736eb0237ee21961bd91b91aaa1be) \Device\Harddisk1\DR1\Partition1
21:28:38.0213 2996 \Device\Harddisk1\DR1\Partition1 - ok
21:28:38.0213 2996 ============================================================
21:28:38.0213 2996 Scan finished
21:28:38.0213 2996 ============================================================
21:28:38.0244 2412 Detected object count: 1
21:28:38.0244 2412 Actual detected object count: 1
21:29:51.0822 2412 C:\Windows\system32\services.exe - copied to quarantine
21:29:54.0119 2412 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
21:29:54.0135 2412 C:\Users\Genie Engineer\AppData\Local\{3517a39c-31ba-5573-1f54-0f2b2310e824}\@ - copied to quarantine
21:29:54.0807 2412 Backup copy found, using it..
21:29:54.0885 2412 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
21:29:54.0916 2412 C:\Users\Genie Engineer\AppData\Local\{3517a39c-31ba-5573-1f54-0f2b2310e824}\@ - will be deleted on reboot
21:29:54.0916 2412 C:\Windows\system32\services.exe - will be cured on reboot
21:29:54.0916 2412 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
21:30:16.0932 1240 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 21:43:15
-----------------------------
21:43:15.573 OS Version: Windows 6.0.6002 Service Pack 2
21:43:15.573 Number of processors: 2 586 0xE0C
21:43:15.573 ComputerName: JUSTIN UserName:
21:43:16.167 Initialize success
21:47:38.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:38.542 Disk 0 Vendor: TOSHIBA_MK8032GSX AS112M Size: 76319MB BusType: 3
21:47:38.573 Disk 0 MBR read successfully
21:47:38.573 Disk 0 MBR scan
21:47:38.589 Disk 0 Windows VISTA default MBR code
21:47:38.589 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:47:38.620 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 74818 MB offset 3074048
21:47:38.620 Disk 0 scanning sectors +156301312
21:47:38.714 Disk 0 scanning C:\Windows\system32\drivers
21:47:47.777 Service scanning
21:48:09.652 Modules scanning
21:48:32.917 Disk 0 trace - called modules:
21:48:32.964 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:48:32.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f7c2f0]
21:48:32.980 3 CLASSPNP.SYS[86daa8b3] -> nt!IofCallDriver -> [0x84a81a70]
21:48:32.995 5 acpi.sys[82e706bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a2b528]
21:48:33.011 Scan finished successfully
21:48:52.495 Disk 0 MBR has been saved successfully to "C:\Users\Genie Engineer\Desktop\MBR.dat"
21:48:52.495 The log file has been saved successfully to "C:\Users\Genie Engineer\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users