Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe Virus -- "Trojan house Dropper.Generic_c.MMI"


  • This topic is locked This topic is locked
10 replies to this topic

#1 spn789

spn789

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 05 August 2012 - 08:18 PM

I am running AVG virus protection, and I got an virus hit for my services.exe file-"Trojan house Dropper.Generic_c.MMI" was detected.

In my most recent scan of AVG, there is also an error message for Firefox. "Luhe.sirefef.A" was detected.

Below I have pasted my System Info, HijackThis log, DDS log, TTSSKiller log, and ASWMBR log. DDS "attach.txt" is also attached.

Any help is greatly, greatly appreciated. Thanks in advance!!

*****

***********************
*********SYSINFO*******
***********************

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4078 Mb
Graphics Card: ATI Radeon HD 3600 Series, 256 Mb
Hard Drives: D: Total - 1907625 MB, Free - 135729 MB; S: Total - 114470 MB, Free - 57826 MB;
Motherboard: ASRock, P67 Extreme4
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled





**************************
******HIJACKTHIS**********
**************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:03 PM, on 8/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
S:\Program Files (x86)\AVG\AVG2012\avgtray.exe
S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
S:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
S:\Program Files (x86)\CyberLink\Shared files\brs.exe
S:\Program Files (x86)\iTunes\iTunesHelper.exe
S:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
S:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
S:\Program Files (x86)\Mozilla Firefox\firefox.exe
S:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
S:\Users\NS\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = S:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - S:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - S:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - S:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - S:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdReg] S:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [F21PowerConfig] S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
O4 - HKLM\..\Run: [AVG_TRAY] "S:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [CLMLServer] "S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl9] "S:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [BDRegion] S:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [APSDaemon] "S:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "S:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "S:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "S:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "S:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] S:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] S:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AML Device Install.lnk = S:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: Media Browser Service.lnk = S:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - S:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: s:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: s:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...02/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0926/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - S:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - S:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - S:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - S:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - S:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - S:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - S:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2012/01/22 12:54:35 (CLKMSVC10_D9D37C34) - CyberLink - S:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: DTBService - Unknown owner - D:\DVRMSToolbox\DTBFWService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - S:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - S:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - S:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ceton InfiniTV Service (InfiniTVSvc) - Ceton Corporation - S:\Program Files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe
O23 - Service: Ceton Tuning Adapter Host Service (InfiniTVTAHSP) - Ceton Corporation - S:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe
O23 - Service: iPod Service - Apple Inc. - S:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - S:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - S:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - S:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - S:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - S:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - S:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - S:\Windows\system32\lsass.exe (file missing)
O23 - Service: ShowAnalyzerMaster - Dragon Global - S:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - S:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - S:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - S:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - S:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - S:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - S:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - S:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - S:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - S:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - S:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - S:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - S:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9840 bytes



*****************
****TDSSKILLER***
*****************

20:58:49.0367 4972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:58:49.0724 4972 ============================================================
20:58:49.0724 4972 Current date / time: 2012/08/05 20:58:49.0724
20:58:49.0724 4972 SystemInfo:
20:58:49.0724 4972
20:58:49.0724 4972 OS Version: 6.1.7601 ServicePack: 1.0
20:58:49.0724 4972 Product type: Workstation
20:58:49.0724 4972 ComputerName: NS-PC
20:58:49.0724 4972 UserName: NS
20:58:49.0724 4972 Windows directory: S:\Windows
20:58:49.0724 4972 System windows directory: S:\Windows
20:58:49.0724 4972 Running under WOW64
20:58:49.0724 4972 Processor architecture: Intel x64
20:58:49.0724 4972 Number of processors: 4
20:58:49.0724 4972 Page size: 0x1000
20:58:49.0724 4972 Boot type: Normal boot
20:58:49.0724 4972 ============================================================
20:58:50.0064 4972 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:58:50.0072 4972 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:58:50.0078 4972 ============================================================
20:58:50.0078 4972 \Device\Harddisk1\DR1:
20:58:50.0078 4972 MBR partitions:
20:58:50.0078 4972 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
20:58:50.0078 4972 \Device\Harddisk0\DR0:
20:58:50.0078 4972 MBR partitions:
20:58:50.0078 4972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:58:50.0088 4972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32840, BlocksNum 0xE8DD4C81
20:58:50.0088 4972 ============================================================
20:58:50.0090 4972 S: <-> \Device\Harddisk1\DR1\Partition0
20:58:50.0100 4972 D: <-> \Device\Harddisk0\DR0\Partition1
20:58:50.0100 4972 ============================================================
20:58:50.0100 4972 Initialize success
20:58:50.0100 4972 ============================================================
20:58:56.0469 2688 ============================================================
20:58:56.0469 2688 Scan started
20:58:56.0469 2688 Mode: Manual;
20:58:56.0469 2688 ============================================================
20:58:56.0731 2688 1394ohci (a87d604aea360176311474c87a63bb88) S:\Windows\system32\DRIVERS\1394ohci.sys
20:58:56.0734 2688 1394ohci - ok
20:58:56.0751 2688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) S:\Windows\system32\drivers\ACPI.sys
20:58:56.0755 2688 ACPI - ok
20:58:56.0758 2688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) S:\Windows\system32\drivers\acpipmi.sys
20:58:56.0765 2688 AcpiPmi - ok
20:58:56.0785 2688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) S:\Windows\system32\drivers\adp94xx.sys
20:58:56.0792 2688 adp94xx - ok
20:58:56.0807 2688 adpahci (597f78224ee9224ea1a13d6350ced962) S:\Windows\system32\drivers\adpahci.sys
20:58:56.0814 2688 adpahci - ok
20:58:56.0825 2688 adpu320 (e109549c90f62fb570b9540c4b148e54) S:\Windows\system32\drivers\adpu320.sys
20:58:56.0828 2688 adpu320 - ok
20:58:56.0836 2688 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) S:\Windows\System32\aelupsvc.dll
20:58:56.0838 2688 AeLookupSvc - ok
20:58:56.0858 2688 AFD (d5b031c308a409a0a576bff4cf083d30) S:\Windows\system32\drivers\afd.sys
20:58:56.0864 2688 AFD - ok
20:58:56.0869 2688 agp440 (608c14dba7299d8cb6ed035a68a15799) S:\Windows\system32\drivers\agp440.sys
20:58:56.0875 2688 agp440 - ok
20:58:56.0881 2688 ALG (3290d6946b5e30e70414990574883ddb) S:\Windows\System32\alg.exe
20:58:56.0883 2688 ALG - ok
20:58:56.0886 2688 aliide (5812713a477a3ad7363c7438ca2ee038) S:\Windows\system32\drivers\aliide.sys
20:58:56.0892 2688 aliide - ok
20:58:56.0902 2688 AMD External Events Utility (962227630779043b5c1d4cd157abb912) S:\Windows\system32\atiesrxx.exe
20:58:56.0907 2688 AMD External Events Utility - ok
20:58:56.0910 2688 amdide (1ff8b4431c353ce385c875f194924c0c) S:\Windows\system32\drivers\amdide.sys
20:58:56.0913 2688 amdide - ok
20:58:56.0918 2688 AmdK8 (7024f087cff1833a806193ef9d22cda9) S:\Windows\system32\drivers\amdk8.sys
20:58:56.0922 2688 AmdK8 - ok
20:58:57.0257 2688 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) S:\Windows\system32\DRIVERS\atikmdag.sys
20:58:57.0385 2688 amdkmdag - ok
20:58:57.0435 2688 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) S:\Windows\system32\DRIVERS\atikmpag.sys
20:58:57.0447 2688 amdkmdap - ok
20:58:57.0455 2688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) S:\Windows\system32\drivers\amdppm.sys
20:58:57.0457 2688 AmdPPM - ok
20:58:57.0464 2688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) S:\Windows\system32\drivers\amdsata.sys
20:58:57.0466 2688 amdsata - ok
20:58:57.0477 2688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) S:\Windows\system32\drivers\amdsbs.sys
20:58:57.0481 2688 amdsbs - ok
20:58:57.0486 2688 amdxata (540daf1cea6094886d72126fd7c33048) S:\Windows\system32\drivers\amdxata.sys
20:58:57.0488 2688 amdxata - ok
20:58:57.0494 2688 AppID (89a69c3f2f319b43379399547526d952) S:\Windows\system32\drivers\appid.sys
20:58:57.0496 2688 AppID - ok
20:58:57.0502 2688 AppIDSvc (0bc381a15355a3982216f7172f545de1) S:\Windows\System32\appidsvc.dll
20:58:57.0504 2688 AppIDSvc - ok
20:58:57.0513 2688 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) S:\Windows\System32\appinfo.dll
20:58:57.0515 2688 Appinfo - ok
20:58:57.0524 2688 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) S:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:58:57.0526 2688 Apple Mobile Device - ok
20:58:57.0537 2688 AppMgmt (4aba3e75a76195a3e38ed2766c962899) S:\Windows\System32\appmgmts.dll
20:58:57.0541 2688 AppMgmt - ok
20:58:57.0549 2688 arc (c484f8ceb1717c540242531db7845c4e) S:\Windows\system32\drivers\arc.sys
20:58:57.0551 2688 arc - ok
20:58:57.0557 2688 arcsas (019af6924aefe7839f61c830227fe79c) S:\Windows\system32\drivers\arcsas.sys
20:58:57.0559 2688 arcsas - ok
20:58:57.0564 2688 AsyncMac (769765ce2cc62867468cea93969b2242) S:\Windows\system32\DRIVERS\asyncmac.sys
20:58:57.0565 2688 AsyncMac - ok
20:58:57.0572 2688 atapi (02062c0b390b7729edc9e69c680a6f3c) S:\Windows\system32\drivers\atapi.sys
20:58:57.0573 2688 atapi - ok
20:58:57.0584 2688 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) S:\Windows\system32\drivers\AtihdW76.sys
20:58:57.0585 2688 AtiHDAudioService - ok
20:58:57.0910 2688 atikmdag (56d6631761ec37745f0df16bcdc4caf4) S:\Windows\system32\DRIVERS\atikmdag.sys
20:58:57.0989 2688 atikmdag - ok
20:58:58.0043 2688 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) S:\Windows\System32\Audiosrv.dll
20:58:58.0051 2688 AudioEndpointBuilder - ok
20:58:58.0059 2688 AudioSrv (f23fef6d569fce88671949894a8becf1) S:\Windows\System32\Audiosrv.dll
20:58:58.0065 2688 AudioSrv - ok
20:58:58.0076 2688 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) S:\Windows\system32\DRIVERS\avgidsha.sys
20:58:58.0077 2688 AVGIDSHA - ok
20:58:58.0090 2688 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) S:\Windows\system32\DRIVERS\avgldx64.sys
20:58:58.0093 2688 Avgldx64 - ok
20:58:58.0099 2688 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) S:\Windows\system32\DRIVERS\avgmfx64.sys
20:58:58.0100 2688 Avgmfx64 - ok
20:58:58.0107 2688 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) S:\Windows\system32\DRIVERS\avgrkx64.sys
20:58:58.0108 2688 Avgrkx64 - ok
20:58:58.0121 2688 avgwd (ea1145debcd508fd25bd1e95c4346929) S:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:58:58.0124 2688 avgwd - ok
20:58:58.0132 2688 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) S:\Windows\System32\AxInstSV.dll
20:58:58.0136 2688 AxInstSV - ok
20:58:58.0157 2688 b06bdrv (3e5b191307609f7514148c6832bb0842) S:\Windows\system32\drivers\bxvbda.sys
20:58:58.0166 2688 b06bdrv - ok
20:58:58.0181 2688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) S:\Windows\system32\DRIVERS\b57nd60a.sys
20:58:58.0184 2688 b57nd60a - ok
20:58:58.0195 2688 BDESVC (fde360167101b4e45a96f939f388aeb0) S:\Windows\System32\bdesvc.dll
20:58:58.0198 2688 BDESVC - ok
20:58:58.0202 2688 Beep (16a47ce2decc9b099349a5f840654746) S:\Windows\system32\drivers\Beep.sys
20:58:58.0203 2688 Beep - ok
20:58:58.0209 2688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) S:\Windows\system32\DRIVERS\blbdrive.sys
20:58:58.0210 2688 blbdrive - ok
20:58:58.0228 2688 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) S:\Program Files\Bonjour\mDNSResponder.exe
20:58:58.0233 2688 Bonjour Service - ok
20:58:58.0240 2688 bowser (6c02a83164f5cc0a262f4199f0871cf5) S:\Windows\system32\DRIVERS\bowser.sys
20:58:58.0242 2688 bowser - ok
20:58:58.0246 2688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) S:\Windows\system32\drivers\BrFiltLo.sys
20:58:58.0249 2688 BrFiltLo - ok
20:58:58.0255 2688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) S:\Windows\system32\drivers\BrFiltUp.sys
20:58:58.0257 2688 BrFiltUp - ok
20:58:58.0265 2688 Browser (8ef0d5c41ec907751b8429162b1239ed) S:\Windows\System32\browser.dll
20:58:58.0267 2688 Browser - ok
20:58:58.0279 2688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) S:\Windows\System32\Drivers\Brserid.sys
20:58:58.0283 2688 Brserid - ok
20:58:58.0289 2688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) S:\Windows\System32\Drivers\BrSerWdm.sys
20:58:58.0291 2688 BrSerWdm - ok
20:58:58.0295 2688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) S:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:58.0296 2688 BrUsbMdm - ok
20:58:58.0324 2688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) S:\Windows\System32\Drivers\BrUsbSer.sys
20:58:58.0325 2688 BrUsbSer - ok
20:58:58.0331 2688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) S:\Windows\system32\drivers\bthmodem.sys
20:58:58.0333 2688 BTHMODEM - ok
20:58:58.0341 2688 bthserv (95f9c2976059462cbbf227f7aab10de9) S:\Windows\system32\bthserv.dll
20:58:58.0343 2688 bthserv - ok
20:58:58.0349 2688 cdfs (b8bd2bb284668c84865658c77574381a) S:\Windows\system32\DRIVERS\cdfs.sys
20:58:58.0351 2688 cdfs - ok
20:58:58.0360 2688 cdrom (f036ce71586e93d94dab220d7bdf4416) S:\Windows\system32\DRIVERS\cdrom.sys
20:58:58.0362 2688 cdrom - ok
20:58:58.0368 2688 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) S:\Windows\System32\certprop.dll
20:58:58.0369 2688 CertPropSvc - ok
20:58:58.0375 2688 ceton_mocur (ea141f9ca6878da168b5408c8291f4a7) S:\Windows\system32\DRIVERS\ceton_mocur.sys
20:58:58.0385 2688 ceton_mocur - ok
20:58:58.0390 2688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) S:\Windows\system32\DRIVERS\circlass.sys
20:58:58.0392 2688 circlass - ok
20:58:58.0407 2688 CLFS (fe1ec06f2253f691fe36217c592a0206) S:\Windows\system32\CLFS.sys
20:58:58.0411 2688 CLFS - ok
20:58:58.0424 2688 CLKMSVC10_D9D37C34 (4642b5a3e0d2e61d08163de95fc5b949) S:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
20:58:58.0426 2688 CLKMSVC10_D9D37C34 - ok
20:58:58.0434 2688 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) S:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:58.0436 2688 clr_optimization_v2.0.50727_32 - ok
20:58:58.0444 2688 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) S:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:58:58.0446 2688 clr_optimization_v2.0.50727_64 - ok
20:58:58.0458 2688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) S:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:58.0464 2688 clr_optimization_v4.0.30319_32 - ok
20:58:58.0475 2688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) S:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:58:58.0478 2688 clr_optimization_v4.0.30319_64 - ok
20:58:58.0508 2688 CmBatt (0840155d0bddf1190f84a663c284bd33) S:\Windows\system32\drivers\CmBatt.sys
20:58:58.0510 2688 CmBatt - ok
20:58:58.0514 2688 cmdide (e19d3f095812725d88f9001985b94edd) S:\Windows\system32\drivers\cmdide.sys
20:58:58.0515 2688 cmdide - ok
20:58:58.0534 2688 CNG (c4943b6c962e4b82197542447ad599f4) S:\Windows\system32\Drivers\cng.sys
20:58:58.0540 2688 CNG - ok
20:58:58.0544 2688 Compbatt (102de219c3f61415f964c88e9085ad14) S:\Windows\system32\drivers\compbatt.sys
20:58:58.0545 2688 Compbatt - ok
20:58:58.0550 2688 CompositeBus (03edb043586cceba243d689bdda370a8) S:\Windows\system32\DRIVERS\CompositeBus.sys
20:58:58.0551 2688 CompositeBus - ok
20:58:58.0555 2688 COMSysApp - ok
20:58:58.0561 2688 crcdisk (1c827878a998c18847245fe1f34ee597) S:\Windows\system32\drivers\crcdisk.sys
20:58:58.0563 2688 crcdisk - ok
20:58:58.0574 2688 CryptSvc (15597883fbe9b056f276ada3ad87d9af) S:\Windows\system32\cryptsvc.dll
20:58:58.0577 2688 CryptSvc - ok
20:58:58.0596 2688 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) S:\Windows\system32\drivers\csc.sys
20:58:58.0603 2688 CSC - ok
20:58:58.0626 2688 CscService (3ab183ab4d2c79dcf459cd2c1266b043) S:\Windows\System32\cscsvc.dll
20:58:58.0633 2688 CscService - ok
20:58:58.0654 2688 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) S:\Windows\system32\rpcss.dll
20:58:58.0661 2688 DcomLaunch - ok
20:58:58.0674 2688 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) S:\Windows\System32\defragsvc.dll
20:58:58.0678 2688 defragsvc - ok
20:58:58.0689 2688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) S:\Windows\system32\Drivers\dfsc.sys
20:58:58.0691 2688 DfsC - ok
20:58:58.0704 2688 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) S:\Windows\system32\dhcpcore.dll
20:58:58.0708 2688 Dhcp - ok
20:58:58.0713 2688 discache (13096b05847ec78f0977f2c0f79e9ab3) S:\Windows\system32\drivers\discache.sys
20:58:58.0715 2688 discache - ok
20:58:58.0722 2688 Disk (9819eee8b5ea3784ec4af3b137a5244c) S:\Windows\system32\drivers\disk.sys
20:58:58.0723 2688 Disk - ok
20:58:58.0730 2688 dmvsc (5db085a8a6600be6401f2b24eecb5415) S:\Windows\system32\drivers\dmvsc.sys
20:58:58.0732 2688 dmvsc - ok
20:58:58.0743 2688 Dnscache (16835866aaa693c7d7fceba8fff706e4) S:\Windows\System32\dnsrslvr.dll
20:58:58.0746 2688 Dnscache - ok
20:58:58.0758 2688 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) S:\Windows\System32\dot3svc.dll
20:58:58.0762 2688 dot3svc - ok
20:58:58.0771 2688 DPS (b26f4f737e8f9df4f31af6cf31d05820) S:\Windows\system32\dps.dll
20:58:58.0776 2688 DPS - ok
20:58:58.0780 2688 drmkaud (9b19f34400d24df84c858a421c205754) S:\Windows\system32\drivers\drmkaud.sys
20:58:58.0782 2688 drmkaud - ok
20:58:58.0807 2688 DTBService (814e12086dfd51dad901277ee1007b80) D:\DVRMSToolbox\DTBFWService.exe
20:58:58.0807 2688 DTBService - ok
20:58:58.0841 2688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) S:\Windows\System32\drivers\dxgkrnl.sys
20:58:58.0848 2688 DXGKrnl - ok
20:58:58.0855 2688 EapHost (e2dda8726da9cb5b2c4000c9018a9633) S:\Windows\System32\eapsvc.dll
20:58:58.0858 2688 EapHost - ok
20:58:58.0950 2688 ebdrv (dc5d737f51be844d8c82c695eb17372f) S:\Windows\system32\drivers\evbda.sys
20:58:58.0982 2688 ebdrv - ok
20:58:59.0011 2688 EFS (c118a82cd78818c29ab228366ebf81c3) S:\Windows\System32\lsass.exe
20:58:59.0013 2688 EFS - ok
20:58:59.0039 2688 ehRecvr (c4002b6b41975f057d98c439030cea07) S:\Windows\ehome\ehRecvr.exe
20:58:59.0046 2688 ehRecvr - ok
20:58:59.0054 2688 ehSched (4705e8ef9934482c5bb488ce28afc681) S:\Windows\ehome\ehsched.exe
20:58:59.0055 2688 ehSched - ok
20:58:59.0078 2688 elxstor (0e5da5369a0fcaea12456dd852545184) S:\Windows\system32\drivers\elxstor.sys
20:58:59.0084 2688 elxstor - ok
20:58:59.0090 2688 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) S:\Windows\system32\epmntdrv.sys
20:58:59.0092 2688 epmntdrv - ok
20:58:59.0097 2688 ErrDev (34a3c54752046e79a126e15c51db409b) S:\Windows\system32\drivers\errdev.sys
20:58:59.0098 2688 ErrDev - ok
20:58:59.0106 2688 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) S:\Windows\system32\Drivers\EtronHub3.sys
20:58:59.0108 2688 EtronHub3 - ok
20:58:59.0114 2688 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) S:\Windows\system32\Drivers\EtronXHCI.sys
20:58:59.0115 2688 EtronXHCI - ok
20:58:59.0119 2688 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) S:\Windows\system32\EuGdiDrv.sys
20:58:59.0122 2688 EuGdiDrv - ok
20:58:59.0139 2688 EventSystem (4166f82be4d24938977dd1746be9b8a0) S:\Windows\system32\es.dll
20:58:59.0144 2688 EventSystem - ok
20:58:59.0153 2688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) S:\Windows\system32\drivers\exfat.sys
20:58:59.0156 2688 exfat - ok
20:58:59.0166 2688 fastfat (0adc83218b66a6db380c330836f3e36d) S:\Windows\system32\drivers\fastfat.sys
20:58:59.0169 2688 fastfat - ok
20:58:59.0192 2688 Fax (dbefd454f8318a0ef691fdd2eaab44eb) S:\Windows\system32\fxssvc.exe
20:58:59.0199 2688 Fax - ok
20:58:59.0205 2688 fdc (d765d19cd8ef61f650c384f62fac00ab) S:\Windows\system32\DRIVERS\fdc.sys
20:58:59.0206 2688 fdc - ok
20:58:59.0210 2688 fdPHost (0438cab2e03f4fb61455a7956026fe86) S:\Windows\system32\fdPHost.dll
20:58:59.0211 2688 fdPHost - ok
20:58:59.0216 2688 FDResPub (802496cb59a30349f9a6dd22d6947644) S:\Windows\system32\fdrespub.dll
20:58:59.0218 2688 FDResPub - ok
20:58:59.0224 2688 FileInfo (655661be46b5f5f3fd454e2c3095b930) S:\Windows\system32\drivers\fileinfo.sys
20:58:59.0225 2688 FileInfo - ok
20:58:59.0229 2688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) S:\Windows\system32\drivers\filetrace.sys
20:58:59.0230 2688 Filetrace - ok
20:58:59.0266 2688 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) S:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:58:59.0276 2688 FLEXnet Licensing Service - ok
20:58:59.0281 2688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) S:\Windows\system32\drivers\flpydisk.sys
20:58:59.0283 2688 flpydisk - ok
20:58:59.0295 2688 FltMgr (da6b67270fd9db3697b20fce94950741) S:\Windows\system32\drivers\fltmgr.sys
20:58:59.0298 2688 FltMgr - ok
20:58:59.0336 2688 FontCache (5c4cb4086fb83115b153e47add961a0c) S:\Windows\system32\FntCache.dll
20:58:59.0348 2688 FontCache - ok
20:58:59.0354 2688 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) S:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:58:59.0355 2688 FontCache3.0.0.0 - ok
20:58:59.0364 2688 FsDepends (d43703496149971890703b4b1b723eac) S:\Windows\system32\drivers\FsDepends.sys
20:58:59.0365 2688 FsDepends - ok
20:58:59.0369 2688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) S:\Windows\system32\drivers\Fs_Rec.sys
20:58:59.0371 2688 Fs_Rec - ok
20:58:59.0381 2688 fvevol (1f7b25b858fa27015169fe95e54108ed) S:\Windows\system32\DRIVERS\fvevol.sys
20:58:59.0383 2688 fvevol - ok
20:58:59.0390 2688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) S:\Windows\system32\drivers\gagp30kx.sys
20:58:59.0391 2688 gagp30kx - ok
20:58:59.0396 2688 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) S:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:58:59.0397 2688 GEARAspiWDM - ok
20:58:59.0422 2688 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) S:\Windows\System32\gpsvc.dll
20:58:59.0431 2688 gpsvc - ok
20:58:59.0437 2688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) S:\Windows\system32\drivers\hcw85cir.sys
20:58:59.0439 2688 hcw85cir - ok
20:58:59.0455 2688 HdAudAddService (975761c778e33cd22498059b91e7373a) S:\Windows\system32\drivers\HdAudio.sys
20:58:59.0459 2688 HdAudAddService - ok
20:58:59.0467 2688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) S:\Windows\system32\DRIVERS\HDAudBus.sys
20:58:59.0468 2688 HDAudBus - ok
20:58:59.0473 2688 HidBatt (78e86380454a7b10a5eb255dc44a355f) S:\Windows\system32\drivers\HidBatt.sys
20:58:59.0474 2688 HidBatt - ok
20:58:59.0481 2688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) S:\Windows\system32\drivers\hidbth.sys
20:58:59.0482 2688 HidBth - ok
20:58:59.0488 2688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) S:\Windows\system32\DRIVERS\hidir.sys
20:58:59.0489 2688 HidIr - ok
20:58:59.0494 2688 hidserv (bd9eb3958f213f96b97b1d897dee006d) S:\Windows\system32\hidserv.dll
20:58:59.0495 2688 hidserv - ok
20:58:59.0501 2688 HidUsb (9592090a7e2b61cd582b612b6df70536) S:\Windows\system32\DRIVERS\hidusb.sys
20:58:59.0502 2688 HidUsb - ok
20:58:59.0508 2688 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) S:\Windows\system32\kmsvc.dll
20:58:59.0510 2688 hkmsvc - ok
20:58:59.0522 2688 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) S:\Windows\system32\ListSvc.dll
20:58:59.0526 2688 HomeGroupListener - ok
20:58:59.0535 2688 HomeGroupProvider (908acb1f594274965a53926b10c81e89) S:\Windows\system32\provsvc.dll
20:58:59.0539 2688 HomeGroupProvider - ok
20:58:59.0545 2688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) S:\Windows\system32\drivers\HpSAMD.sys
20:58:59.0547 2688 HpSAMD - ok
20:58:59.0573 2688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) S:\Windows\system32\drivers\HTTP.sys
20:58:59.0581 2688 HTTP - ok
20:58:59.0585 2688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) S:\Windows\system32\drivers\hwpolicy.sys
20:58:59.0585 2688 hwpolicy - ok
20:58:59.0593 2688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) S:\Windows\system32\DRIVERS\i8042prt.sys
20:58:59.0595 2688 i8042prt - ok
20:58:59.0612 2688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) S:\Windows\system32\drivers\iaStorV.sys
20:58:59.0617 2688 iaStorV - ok
20:58:59.0650 2688 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) S:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:58:59.0659 2688 idsvc - ok
20:58:59.0664 2688 iirsp (5c18831c61933628f5bb0ea2675b9d21) S:\Windows\system32\drivers\iirsp.sys
20:58:59.0666 2688 iirsp - ok
20:58:59.0693 2688 IKEEXT (fcd84c381e0140af901e58d48882d26b) S:\Windows\System32\ikeext.dll
20:58:59.0705 2688 IKEEXT - ok
20:58:59.0713 2688 InfiniTVSvc (79f8f5159f6fdce8777d6ed8d67c8514) S:\Program Files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe
20:58:59.0714 2688 InfiniTVSvc - ok
20:58:59.0721 2688 InfiniTVTAHSP (dba9095c16987632f257a6d77d4b41e6) S:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe
20:58:59.0723 2688 InfiniTVTAHSP - ok
20:58:59.0798 2688 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) S:\Windows\system32\drivers\RTKVHD64.sys
20:58:59.0815 2688 IntcAzAudAddService - ok
20:58:59.0849 2688 intelide (f00f20e70c6ec3aa366910083a0518aa) S:\Windows\system32\drivers\intelide.sys
20:58:59.0850 2688 intelide - ok
20:58:59.0856 2688 intelppm (ada036632c664caa754079041cf1f8c1) S:\Windows\system32\DRIVERS\intelppm.sys
20:58:59.0857 2688 intelppm - ok
20:58:59.0863 2688 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) S:\Windows\system32\ipbusenum.dll
20:58:59.0865 2688 IPBusEnum - ok
20:58:59.0872 2688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) S:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:59.0874 2688 IpFilterDriver - ok
20:58:59.0879 2688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) S:\Windows\system32\drivers\IPMIDrv.sys
20:58:59.0881 2688 IPMIDRV - ok
20:58:59.0888 2688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) S:\Windows\system32\drivers\ipnat.sys
20:58:59.0890 2688 IPNAT - ok
20:58:59.0918 2688 iPod Service (ee4c2a137c7088911a8919effc9812e7) S:\Program Files\iPod\bin\iPodService.exe
20:58:59.0927 2688 iPod Service - ok
20:58:59.0932 2688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) S:\Windows\system32\drivers\irenum.sys
20:58:59.0933 2688 IRENUM - ok
20:58:59.0938 2688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) S:\Windows\system32\drivers\isapnp.sys
20:58:59.0939 2688 isapnp - ok
20:58:59.0951 2688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) S:\Windows\system32\drivers\msiscsi.sys
20:58:59.0956 2688 iScsiPrt - ok
20:58:59.0961 2688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) S:\Windows\system32\DRIVERS\kbdclass.sys
20:58:59.0962 2688 kbdclass - ok
20:58:59.0967 2688 kbdhid (0705eff5b42a9db58548eec3b26bb484) S:\Windows\system32\DRIVERS\kbdhid.sys
20:58:59.0968 2688 kbdhid - ok
20:58:59.0975 2688 KeyIso (c118a82cd78818c29ab228366ebf81c3) S:\Windows\system32\lsass.exe
20:58:59.0977 2688 KeyIso - ok
20:58:59.0984 2688 KSecDD (da1e991a61cfdd755a589e206b97644b) S:\Windows\system32\Drivers\ksecdd.sys
20:58:59.0985 2688 KSecDD - ok
20:58:59.0993 2688 KSecPkg (7e33198d956943a4f11a5474c1e9106f) S:\Windows\system32\Drivers\ksecpkg.sys
20:58:59.0995 2688 KSecPkg - ok
20:59:00.0000 2688 ksthunk (6869281e78cb31a43e969f06b57347c4) S:\Windows\system32\drivers\ksthunk.sys
20:59:00.0001 2688 ksthunk - ok
20:59:00.0016 2688 KtmRm (6ab66e16aa859232f64deb66887a8c9c) S:\Windows\system32\msdtckrm.dll
20:59:00.0022 2688 KtmRm - ok
20:59:00.0032 2688 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) S:\Windows\system32\srvsvc.dll
20:59:00.0036 2688 LanmanServer - ok
20:59:00.0044 2688 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) S:\Windows\System32\wkssvc.dll
20:59:00.0048 2688 LanmanWorkstation - ok
20:59:00.0055 2688 lltdio (1538831cf8ad2979a04c423779465827) S:\Windows\system32\DRIVERS\lltdio.sys
20:59:00.0056 2688 lltdio - ok
20:59:00.0070 2688 lltdsvc (c1185803384ab3feed115f79f109427f) S:\Windows\System32\lltdsvc.dll
20:59:00.0074 2688 lltdsvc - ok
20:59:00.0078 2688 lmhosts (f993a32249b66c9d622ea5592a8b76b8) S:\Windows\System32\lmhsvc.dll
20:59:00.0080 2688 lmhosts - ok
20:59:00.0088 2688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) S:\Windows\system32\drivers\lsi_fc.sys
20:59:00.0090 2688 LSI_FC - ok
20:59:00.0096 2688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) S:\Windows\system32\drivers\lsi_sas.sys
20:59:00.0098 2688 LSI_SAS - ok
20:59:00.0102 2688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) S:\Windows\system32\drivers\lsi_sas2.sys
20:59:00.0104 2688 LSI_SAS2 - ok
20:59:00.0111 2688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) S:\Windows\system32\drivers\lsi_scsi.sys
20:59:00.0113 2688 LSI_SCSI - ok
20:59:00.0119 2688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) S:\Windows\system32\drivers\luafv.sys
20:59:00.0121 2688 luafv - ok
20:59:00.0126 2688 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) S:\Windows\system32\Mcx2Svc.dll
20:59:00.0129 2688 Mcx2Svc - ok
20:59:00.0133 2688 megasas (a55805f747c6edb6a9080d7c633bd0f4) S:\Windows\system32\drivers\megasas.sys
20:59:00.0134 2688 megasas - ok
20:59:00.0145 2688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) S:\Windows\system32\drivers\MegaSR.sys
20:59:00.0149 2688 MegaSR - ok
20:59:00.0154 2688 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) S:\Windows\system32\DRIVERS\HECIx64.sys
20:59:00.0155 2688 MEIx64 - ok
20:59:00.0160 2688 MMCSS (e40e80d0304a73e8d269f7141d77250b) S:\Windows\system32\mmcss.dll
20:59:00.0162 2688 MMCSS - ok
20:59:00.0166 2688 Modem (800ba92f7010378b09f9ed9270f07137) S:\Windows\system32\drivers\modem.sys
20:59:00.0168 2688 Modem - ok
20:59:00.0172 2688 monitor (b03d591dc7da45ece20b3b467e6aadaa) S:\Windows\system32\DRIVERS\monitor.sys
20:59:00.0172 2688 monitor - ok
20:59:00.0177 2688 mouclass (7d27ea49f3c1f687d357e77a470aea99) S:\Windows\system32\DRIVERS\mouclass.sys
20:59:00.0178 2688 mouclass - ok
20:59:00.0182 2688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) S:\Windows\system32\DRIVERS\mouhid.sys
20:59:00.0183 2688 mouhid - ok
20:59:00.0188 2688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) S:\Windows\system32\drivers\mountmgr.sys
20:59:00.0189 2688 mountmgr - ok
20:59:00.0198 2688 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) S:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:59:00.0199 2688 MozillaMaintenance - ok
20:59:00.0207 2688 mpio (a44b420d30bd56e145d6a2bc8768ec58) S:\Windows\system32\drivers\mpio.sys
20:59:00.0209 2688 mpio - ok
20:59:00.0214 2688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) S:\Windows\system32\drivers\mpsdrv.sys
20:59:00.0216 2688 mpsdrv - ok
20:59:00.0224 2688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) S:\Windows\system32\drivers\mrxdav.sys
20:59:00.0226 2688 MRxDAV - ok
20:59:00.0234 2688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) S:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:00.0236 2688 mrxsmb - ok
20:59:00.0248 2688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) S:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:00.0251 2688 mrxsmb10 - ok
20:59:00.0258 2688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) S:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:00.0260 2688 mrxsmb20 - ok
20:59:00.0264 2688 msahci (c25f0bafa182cbca2dd3c851c2e75796) S:\Windows\system32\drivers\msahci.sys
20:59:00.0266 2688 msahci - ok
20:59:00.0273 2688 msdsm (db801a638d011b9633829eb6f663c900) S:\Windows\system32\drivers\msdsm.sys
20:59:00.0275 2688 msdsm - ok
20:59:00.0283 2688 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) S:\Windows\System32\msdtc.exe
20:59:00.0287 2688 MSDTC - ok
20:59:00.0296 2688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) S:\Windows\system32\drivers\Msfs.sys
20:59:00.0298 2688 Msfs - ok
20:59:00.0301 2688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) S:\Windows\System32\drivers\mshidkmdf.sys
20:59:00.0302 2688 mshidkmdf - ok
20:59:00.0306 2688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) S:\Windows\system32\drivers\msisadrv.sys
20:59:00.0307 2688 msisadrv - ok
20:59:00.0317 2688 MSiSCSI (808e98ff49b155c522e6400953177b08) S:\Windows\system32\iscsiexe.dll
20:59:00.0320 2688 MSiSCSI - ok
20:59:00.0324 2688 msiserver - ok
20:59:00.0329 2688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) S:\Windows\system32\drivers\MSKSSRV.sys
20:59:00.0331 2688 MSKSSRV - ok
20:59:00.0335 2688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) S:\Windows\system32\drivers\MSPCLOCK.sys
20:59:00.0337 2688 MSPCLOCK - ok
20:59:00.0342 2688 MSPQM (4ed981241db27c3383d72092b618a1d0) S:\Windows\system32\drivers\MSPQM.sys
20:59:00.0343 2688 MSPQM - ok
20:59:00.0358 2688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) S:\Windows\system32\drivers\MsRPC.sys
20:59:00.0362 2688 MsRPC - ok
20:59:00.0369 2688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) S:\Windows\system32\DRIVERS\mssmbios.sys
20:59:00.0370 2688 mssmbios - ok
20:59:00.0374 2688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) S:\Windows\system32\drivers\MSTEE.sys
20:59:00.0376 2688 MSTEE - ok
20:59:00.0380 2688 MTConfig (7ea404308934e675bffde8edf0757bcd) S:\Windows\system32\drivers\MTConfig.sys
20:59:00.0382 2688 MTConfig - ok
20:59:00.0389 2688 Mup (f9a18612fd3526fe473c1bda678d61c8) S:\Windows\system32\Drivers\mup.sys
20:59:00.0390 2688 Mup - ok
20:59:00.0403 2688 mv91xx (4fad606c7aeb336e5aa4a005de09ca80) S:\Windows\system32\DRIVERS\mv91xx.sys
20:59:00.0407 2688 mv91xx - ok
20:59:00.0423 2688 napagent (582ac6d9873e31dfa28a4547270862dd) S:\Windows\system32\qagentRT.dll
20:59:00.0429 2688 napagent - ok
20:59:00.0444 2688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) S:\Windows\system32\DRIVERS\nwifi.sys
20:59:00.0448 2688 NativeWifiP - ok
20:59:00.0482 2688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) S:\Windows\system32\drivers\ndis.sys
20:59:00.0491 2688 NDIS - ok
20:59:00.0496 2688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) S:\Windows\system32\DRIVERS\ndiscap.sys
20:59:00.0498 2688 NdisCap - ok
20:59:00.0503 2688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) S:\Windows\system32\DRIVERS\ndistapi.sys
20:59:00.0505 2688 NdisTapi - ok
20:59:00.0510 2688 Ndisuio (136185f9fb2cc61e573e676aa5402356) S:\Windows\system32\DRIVERS\ndisuio.sys
20:59:00.0512 2688 Ndisuio - ok
20:59:00.0520 2688 NdisWan (53f7305169863f0a2bddc49e116c2e11) S:\Windows\system32\DRIVERS\ndiswan.sys
20:59:00.0522 2688 NdisWan - ok
20:59:00.0527 2688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) S:\Windows\system32\drivers\NDProxy.sys
20:59:00.0529 2688 NDProxy - ok
20:59:00.0534 2688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) S:\Windows\system32\DRIVERS\netbios.sys
20:59:00.0536 2688 NetBIOS - ok
20:59:00.0547 2688 NetBT (09594d1089c523423b32a4229263f068) S:\Windows\system32\DRIVERS\netbt.sys
20:59:00.0551 2688 NetBT - ok
20:59:00.0555 2688 Netlogon (c118a82cd78818c29ab228366ebf81c3) S:\Windows\system32\lsass.exe
20:59:00.0558 2688 Netlogon - ok
20:59:00.0573 2688 Netman (847d3ae376c0817161a14a82c8922a9e) S:\Windows\System32\netman.dll
20:59:00.0578 2688 Netman - ok
20:59:00.0595 2688 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) S:\Windows\System32\netprofm.dll
20:59:00.0602 2688 netprofm - ok
20:59:00.0610 2688 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) S:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:59:00.0612 2688 NetTcpPortSharing - ok
20:59:00.0618 2688 nfrd960 (77889813be4d166cdab78ddba990da92) S:\Windows\system32\drivers\nfrd960.sys
20:59:00.0619 2688 nfrd960 - ok
20:59:00.0633 2688 NlaSvc (1ee99a89cc788ada662441d1e9830529) S:\Windows\System32\nlasvc.dll
20:59:00.0638 2688 NlaSvc - ok
20:59:00.0643 2688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) S:\Windows\system32\drivers\Npfs.sys
20:59:00.0644 2688 Npfs - ok
20:59:00.0649 2688 nsi (d54bfdf3e0c953f823b3d0bfe4732528) S:\Windows\system32\nsisvc.dll
20:59:00.0651 2688 nsi - ok
20:59:00.0656 2688 nsiproxy (e7f5ae18af4168178a642a9247c63001) S:\Windows\system32\drivers\nsiproxy.sys
20:59:00.0657 2688 nsiproxy - ok
20:59:00.0712 2688 Ntfs (a2f74975097f52a00745f9637451fdd8) S:\Windows\system32\drivers\Ntfs.sys
20:59:00.0729 2688 Ntfs - ok
20:59:00.0760 2688 Null (9899284589f75fa8724ff3d16aed75c1) S:\Windows\system32\drivers\Null.sys
20:59:00.0762 2688 Null - ok
20:59:00.0771 2688 nvraid (0a92cb65770442ed0dc44834632f66ad) S:\Windows\system32\drivers\nvraid.sys
20:59:00.0774 2688 nvraid - ok
20:59:00.0783 2688 nvstor (dab0e87525c10052bf65f06152f37e4a) S:\Windows\system32\drivers\nvstor.sys
20:59:00.0786 2688 nvstor - ok
20:59:00.0794 2688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) S:\Windows\system32\drivers\nv_agp.sys
20:59:00.0797 2688 nv_agp - ok
20:59:00.0802 2688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) S:\Windows\system32\drivers\ohci1394.sys
20:59:00.0804 2688 ohci1394 - ok
20:59:00.0819 2688 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) S:\Windows\system32\pnrpsvc.dll
20:59:00.0825 2688 p2pimsvc - ok
20:59:00.0844 2688 p2psvc (927463ecb02179f88e4b9a17568c63c3) S:\Windows\system32\p2psvc.dll
20:59:00.0851 2688 p2psvc - ok
20:59:00.0858 2688 Parport (0086431c29c35be1dbc43f52cc273887) S:\Windows\system32\drivers\parport.sys
20:59:00.0860 2688 Parport - ok
20:59:00.0866 2688 partmgr (871eadac56b0a4c6512bbe32753ccf79) S:\Windows\system32\drivers\partmgr.sys
20:59:00.0868 2688 partmgr - ok
20:59:00.0878 2688 PcaSvc (3aeaa8b561e63452c655dc0584922257) S:\Windows\System32\pcasvc.dll
20:59:00.0882 2688 PcaSvc - ok
20:59:00.0892 2688 pci (94575c0571d1462a0f70bde6bd6ee6b3) S:\Windows\system32\drivers\pci.sys
20:59:00.0895 2688 pci - ok
20:59:00.0900 2688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) S:\Windows\system32\drivers\pciide.sys
20:59:00.0901 2688 pciide - ok
20:59:00.0912 2688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) S:\Windows\system32\drivers\pcmcia.sys
20:59:00.0915 2688 pcmcia - ok
20:59:00.0922 2688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) S:\Windows\system32\drivers\pcw.sys
20:59:00.0923 2688 pcw - ok
20:59:00.0947 2688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) S:\Windows\system32\drivers\peauth.sys
20:59:00.0954 2688 PEAUTH - ok
20:59:00.0997 2688 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) S:\Windows\system32\peerdistsvc.dll
20:59:01.0013 2688 PeerDistSvc - ok
20:59:01.0042 2688 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) S:\Windows\SysWow64\perfhost.exe
20:59:01.0044 2688 PerfHost - ok
20:59:01.0117 2688 pla (c7cf6a6e137463219e1259e3f0f0dd6c) S:\Windows\system32\pla.dll
20:59:01.0134 2688 pla - ok
20:59:01.0151 2688 PlugPlay (25fbdef06c4d92815b353f6e792c8129) S:\Windows\system32\umpnpmgr.dll
20:59:01.0156 2688 PlugPlay - ok
20:59:01.0161 2688 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) S:\Windows\system32\pnrpauto.dll
20:59:01.0165 2688 PNRPAutoReg - ok
20:59:01.0178 2688 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) S:\Windows\system32\pnrpsvc.dll
20:59:01.0183 2688 PNRPsvc - ok
20:59:01.0202 2688 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) S:\Windows\System32\ipsecsvc.dll
20:59:01.0209 2688 PolicyAgent - ok
20:59:01.0220 2688 Power (6ba9d927dded70bd1a9caded45f8b184) S:\Windows\system32\umpo.dll
20:59:01.0224 2688 Power - ok
20:59:01.0235 2688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) S:\Windows\system32\DRIVERS\raspptp.sys
20:59:01.0236 2688 PptpMiniport - ok
20:59:01.0242 2688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) S:\Windows\system32\drivers\processr.sys
20:59:01.0244 2688 Processor - ok
20:59:01.0254 2688 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) S:\Windows\system32\profsvc.dll
20:59:01.0258 2688 ProfSvc - ok
20:59:01.0263 2688 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) S:\Windows\system32\lsass.exe
20:59:01.0264 2688 ProtectedStorage - ok
20:59:01.0274 2688 Psched (0557cf5a2556bd58e26384169d72438d) S:\Windows\system32\DRIVERS\pacer.sys
20:59:01.0276 2688 Psched - ok
20:59:01.0324 2688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) S:\Windows\system32\drivers\ql2300.sys
20:59:01.0339 2688 ql2300 - ok
20:59:01.0374 2688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) S:\Windows\system32\drivers\ql40xx.sys
20:59:01.0376 2688 ql40xx - ok
20:59:01.0387 2688 QWAVE (906191634e99aea92c4816150bda3732) S:\Windows\system32\qwave.dll
20:59:01.0391 2688 QWAVE - ok
20:59:01.0397 2688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) S:\Windows\system32\drivers\qwavedrv.sys
20:59:01.0398 2688 QWAVEdrv - ok
20:59:01.0402 2688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) S:\Windows\system32\DRIVERS\rasacd.sys
20:59:01.0403 2688 RasAcd - ok
20:59:01.0410 2688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) S:\Windows\system32\DRIVERS\AgileVpn.sys
20:59:01.0412 2688 RasAgileVpn - ok
20:59:01.0418 2688 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) S:\Windows\System32\rasauto.dll
20:59:01.0422 2688 RasAuto - ok
20:59:01.0429 2688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) S:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:01.0431 2688 Rasl2tp - ok
20:59:01.0444 2688 RasMan (ee867a0870fc9e4972ba9eaad35651e2) S:\Windows\System32\rasmans.dll
20:59:01.0449 2688 RasMan - ok
20:59:01.0455 2688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) S:\Windows\system32\DRIVERS\raspppoe.sys
20:59:01.0457 2688 RasPppoe - ok
20:59:01.0462 2688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) S:\Windows\system32\DRIVERS\rassstp.sys
20:59:01.0463 2688 RasSstp - ok
20:59:01.0475 2688 rdbss (77f665941019a1594d887a74f301fa2f) S:\Windows\system32\DRIVERS\rdbss.sys
20:59:01.0479 2688 rdbss - ok
20:59:01.0482 2688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) S:\Windows\system32\DRIVERS\rdpbus.sys
20:59:01.0484 2688 rdpbus - ok
20:59:01.0487 2688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) S:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:01.0488 2688 RDPCDD - ok
20:59:01.0498 2688 RDPDR (1b6163c503398b23ff8b939c67747683) S:\Windows\system32\drivers\rdpdr.sys
20:59:01.0501 2688 RDPDR - ok
20:59:01.0505 2688 RDPENCDD (bb5971a4f00659529a5c44831af22365) S:\Windows\system32\drivers\rdpencdd.sys
20:59:01.0506 2688 RDPENCDD - ok
20:59:01.0511 2688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) S:\Windows\system32\drivers\rdprefmp.sys
20:59:01.0513 2688 RDPREFMP - ok
20:59:01.0518 2688 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) S:\Windows\system32\drivers\rdpvideominiport.sys
20:59:01.0520 2688 RdpVideoMiniport - ok
20:59:01.0531 2688 RDPWD (15b66c206b5cb095bab980553f38ed23) S:\Windows\system32\drivers\RDPWD.sys
20:59:01.0534 2688 RDPWD - ok
20:59:01.0546 2688 rdyboost (34ed295fa0121c241bfef24764fc4520) S:\Windows\system32\drivers\rdyboost.sys
20:59:01.0548 2688 rdyboost - ok
20:59:01.0555 2688 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) S:\Windows\System32\mprdim.dll
20:59:01.0558 2688 RemoteAccess - ok
20:59:01.0565 2688 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) S:\Windows\system32\regsvc.dll
20:59:01.0569 2688 RemoteRegistry - ok
20:59:01.0575 2688 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) S:\Windows\System32\RpcEpMap.dll
20:59:01.0578 2688 RpcEptMapper - ok
20:59:01.0581 2688 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) S:\Windows\system32\locator.exe
20:59:01.0583 2688 RpcLocator - ok
20:59:01.0601 2688 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) S:\Windows\system32\rpcss.dll
20:59:01.0606 2688 RpcSs - ok
20:59:01.0612 2688 rspndr (ddc86e4f8e7456261e637e3552e804ff) S:\Windows\system32\DRIVERS\rspndr.sys
20:59:01.0613 2688 rspndr - ok
20:59:01.0627 2688 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) S:\Windows\system32\DRIVERS\Rt64win7.sys
20:59:01.0643 2688 RTL8167 - ok
20:59:01.0647 2688 s3cap (e60c0a09f997826c7627b244195ab581) S:\Windows\system32\drivers\vms3cap.sys
20:59:01.0650 2688 s3cap - ok
20:59:01.0656 2688 SamSs (c118a82cd78818c29ab228366ebf81c3) S:\Windows\system32\lsass.exe
20:59:01.0659 2688 SamSs - ok
20:59:01.0668 2688 sbp2port (ac03af3329579fffb455aa2daabbe22b) S:\Windows\system32\drivers\sbp2port.sys
20:59:01.0670 2688 sbp2port - ok
20:59:01.0679 2688 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) S:\Windows\System32\SCardSvr.dll
20:59:01.0684 2688 SCardSvr - ok
20:59:01.0689 2688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) S:\Windows\system32\DRIVERS\scfilter.sys
20:59:01.0691 2688 scfilter - ok
20:59:01.0728 2688 Schedule (262f6592c3299c005fd6bec90fc4463a) S:\Windows\system32\schedsvc.dll
20:59:01.0742 2688 Schedule - ok
20:59:01.0751 2688 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) S:\Windows\System32\certprop.dll
20:59:01.0752 2688 SCPolicySvc - ok
20:59:01.0764 2688 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) S:\Windows\System32\SDRSVC.dll
20:59:01.0768 2688 SDRSVC - ok
20:59:01.0776 2688 secdrv (3ea8a16169c26afbeb544e0e48421186) S:\Windows\system32\drivers\secdrv.sys
20:59:01.0776 2688 secdrv - ok
20:59:01.0782 2688 seclogon (bc617a4e1b4fa8df523a061739a0bd87) S:\Windows\system32\seclogon.dll
20:59:01.0784 2688 seclogon - ok
20:59:01.0791 2688 SENS (c32ab8fa018ef34c0f113bd501436d21) S:\Windows\System32\sens.dll
20:59:01.0793 2688 SENS - ok
20:59:01.0807 2688 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) S:\Windows\system32\sensrsvc.dll
20:59:01.0810 2688 SensrSvc - ok
20:59:01.0814 2688 Serenum (cb624c0035412af0debec78c41f5ca1b) S:\Windows\system32\DRIVERS\serenum.sys
20:59:01.0815 2688 Serenum - ok
20:59:01.0822 2688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) S:\Windows\system32\DRIVERS\serial.sys
20:59:01.0824 2688 Serial - ok
20:59:01.0828 2688 sermouse (1c545a7d0691cc4a027396535691c3e3) S:\Windows\system32\drivers\sermouse.sys
20:59:01.0830 2688 sermouse - ok
20:59:01.0846 2688 SessionEnv (0b6231bf38174a1628c4ac812cc75804) S:\Windows\system32\sessenv.dll
20:59:01.0849 2688 SessionEnv - ok
20:59:01.0853 2688 sffdisk (a554811bcd09279536440c964ae35bbf) S:\Windows\system32\drivers\sffdisk.sys
20:59:01.0855 2688 sffdisk - ok
20:59:01.0859 2688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) S:\Windows\system32\drivers\sffp_mmc.sys
20:59:01.0861 2688 sffp_mmc - ok
20:59:01.0865 2688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) S:\Windows\system32\drivers\sffp_sd.sys
20:59:01.0866 2688 sffp_sd - ok
20:59:01.0870 2688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) S:\Windows\system32\drivers\sfloppy.sys
20:59:01.0872 2688 sfloppy - ok
20:59:01.0895 2688 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) S:\Windows\System32\shsvcs.dll
20:59:01.0901 2688 ShellHWDetection - ok
20:59:01.0970 2688 ShowAnalyzerMaster (4466855e197294959fd2cd4bbb7ce405) S:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
20:59:01.0991 2688 ShowAnalyzerMaster - ok
20:59:02.0022 2688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) S:\Windows\system32\drivers\SiSRaid2.sys
20:59:02.0023 2688 SiSRaid2 - ok
20:59:02.0028 2688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) S:\Windows\system32\drivers\sisraid4.sys
20:59:02.0030 2688 SiSRaid4 - ok
20:59:02.0040 2688 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) S:\Program Files (x86)\Skype\Updater\Updater.exe
20:59:02.0042 2688 SkypeUpdate - ok
20:59:02.0048 2688 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) S:\Windows\system32\Drivers\SmartDefragDriver.sys
20:59:02.0049 2688 SmartDefragDriver - ok
20:59:02.0056 2688 Smb (548260a7b8654e024dc30bf8a7c5baa4) S:\Windows\system32\DRIVERS\smb.sys
20:59:02.0058 2688 Smb - ok
20:59:02.0067 2688 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) S:\Windows\System32\snmptrap.exe
20:59:02.0070 2688 SNMPTRAP - ok
20:59:02.0073 2688 spldr (b9e31e5cacdfe584f34f730a677803f9) S:\Windows\system32\drivers\spldr.sys
20:59:02.0074 2688 spldr - ok
20:59:02.0092 2688 Spooler (b96c17b5dc1424d56eea3a99e97428cd) S:\Windows\System32\spoolsv.exe
20:59:02.0100 2688 Spooler - ok
20:59:02.0204 2688 sppsvc (e17e0188bb90fae42d83e98707efa59c) S:\Windows\system32\sppsvc.exe
20:59:02.0240 2688 sppsvc - ok
20:59:02.0276 2688 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) S:\Windows\system32\sppuinotify.dll
20:59:02.0279 2688 sppuinotify - ok
20:59:02.0303 2688 srv (441fba48bff01fdb9d5969ebc1838f0b) S:\Windows\system32\DRIVERS\srv.sys
20:59:02.0308 2688 srv - ok
20:59:02.0329 2688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) S:\Windows\system32\DRIVERS\srv2.sys
20:59:02.0333 2688 srv2 - ok
20:59:02.0348 2688 srvnet (27e461f0be5bff5fc737328f749538c3) S:\Windows\system32\DRIVERS\srvnet.sys
20:59:02.0350 2688 srvnet - ok
20:59:02.0365 2688 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) S:\Windows\System32\ssdpsrv.dll
20:59:02.0369 2688 SSDPSRV - ok
20:59:02.0380 2688 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) S:\Windows\system32\sstpsvc.dll
20:59:02.0383 2688 SstpSvc - ok
20:59:02.0392 2688 stexstor (f3817967ed533d08327dc73bc4d5542a) S:\Windows\system32\drivers\stexstor.sys
20:59:02.0395 2688 stexstor - ok
20:59:02.0422 2688 stisvc (8dd52e8e6128f4b2da92ce27402871c1) S:\Windows\System32\wiaservc.dll
20:59:02.0429 2688 stisvc - ok
20:59:02.0434 2688 storflt (7785dc213270d2fc066538daf94087e7) S:\Windows\system32\drivers\vmstorfl.sys
20:59:02.0435 2688 storflt - ok
20:59:02.0440 2688 storvsc (d34e4943d5ac096c8edeebfd80d76e23) S:\Windows\system32\drivers\storvsc.sys
20:59:02.0442 2688 storvsc - ok
20:59:02.0445 2688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) S:\Windows\system32\DRIVERS\swenum.sys
20:59:02.0446 2688 swenum - ok
20:59:02.0465 2688 swprv (e08e46fdd841b7184194011ca1955a0b) S:\Windows\System32\swprv.dll
20:59:02.0472 2688 swprv - ok
20:59:02.0477 2688 Synth3dVsc (c3a39c4079305480972d29c44b868c78) S:\Windows\system32\drivers\synth3dvsc.sys
20:59:02.0480 2688 Synth3dVsc - ok
20:59:02.0532 2688 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) S:\Windows\system32\sysmain.dll
20:59:02.0549 2688 SysMain - ok
20:59:02.0579 2688 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) S:\Windows\System32\TabSvc.dll
20:59:02.0582 2688 TabletInputService - ok
20:59:02.0594 2688 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) S:\Windows\System32\tapisrv.dll
20:59:02.0599 2688 TapiSrv - ok
20:59:02.0604 2688 TBS (1be03ac720f4d302ea01d40f588162f6) S:\Windows\System32\tbssvc.dll
20:59:02.0607 2688 TBS - ok
20:59:02.0667 2688 Tcpip (fc62769e7bff2896035aeed399108162) S:\Windows\system32\drivers\tcpip.sys
20:59:02.0684 2688 Tcpip - ok
20:59:02.0766 2688 TCPIP6 (fc62769e7bff2896035aeed399108162) S:\Windows\system32\DRIVERS\tcpip.sys
20:59:02.0778 2688 TCPIP6 - ok
20:59:02.0809 2688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) S:\Windows\system32\drivers\tcpipreg.sys
20:59:02.0810 2688 tcpipreg - ok
20:59:02.0814 2688 TDPIPE (3371d21011695b16333a3934340c4e7c) S:\Windows\system32\drivers\tdpipe.sys
20:59:02.0816 2688 TDPIPE - ok
20:59:02.0819 2688 TDTCP (e4245bda3190a582d55ed09e137401a9) S:\Windows\system32\drivers\tdtcp.sys
20:59:02.0821 2688 TDTCP - ok
20:59:02.0827 2688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) S:\Windows\system32\DRIVERS\tdx.sys
20:59:02.0829 2688 tdx - ok
20:59:02.0833 2688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) S:\Windows\system32\DRIVERS\termdd.sys
20:59:02.0834 2688 TermDD - ok
20:59:02.0839 2688 terminpt (2b5bdff688ec9871d7ec5837833374e9) S:\Windows\system32\drivers\terminpt.sys
20:59:02.0840 2688 terminpt - ok
20:59:02.0862 2688 TermService (2e648163254233755035b46dd7b89123) S:\Windows\System32\termsrv.dll
20:59:02.0871 2688 TermService - ok
20:59:02.0875 2688 Themes (f0344071948d1a1fa732231785a0664c) S:\Windows\system32\themeservice.dll
20:59:02.0878 2688 Themes - ok
20:59:02.0882 2688 THREADORDER (e40e80d0304a73e8d269f7141d77250b) S:\Windows\system32\mmcss.dll
20:59:02.0884 2688 THREADORDER - ok
20:59:02.0891 2688 TrkWks (7e7afd841694f6ac397e99d75cead49d) S:\Windows\System32\trkwks.dll
20:59:02.0893 2688 TrkWks - ok
20:59:02.0902 2688 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) S:\Windows\servicing\TrustedInstaller.exe
20:59:02.0904 2688 TrustedInstaller - ok
20:59:02.0910 2688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) S:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:02.0911 2688 tssecsrv - ok
20:59:02.0915 2688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) S:\Windows\system32\drivers\tsusbflt.sys
20:59:02.0917 2688 TsUsbFlt - ok
20:59:02.0921 2688 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) S:\Windows\system32\drivers\TsUsbGD.sys
20:59:02.0923 2688 TsUsbGD - ok
20:59:02.0929 2688 tsusbhub (e1748d04ae40118b62bc18ac86032192) S:\Windows\system32\drivers\tsusbhub.sys
20:59:02.0931 2688 tsusbhub - ok
20:59:02.0938 2688 tunnel (3566a8daafa27af944f5d705eaa64894) S:\Windows\system32\DRIVERS\tunnel.sys
20:59:02.0940 2688 tunnel - ok
20:59:02.0945 2688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) S:\Windows\system32\drivers\uagp35.sys
20:59:02.0947 2688 uagp35 - ok
20:59:02.0961 2688 udfs (ff4232a1a64012baa1fd97c7b67df593) S:\Windows\system32\DRIVERS\udfs.sys
20:59:02.0964 2688 udfs - ok
20:59:02.0974 2688 UI0Detect (3cbdec8d06b9968aba702eba076364a1) S:\Windows\system32\UI0Detect.exe
20:59:02.0977 2688 UI0Detect - ok
20:59:02.0982 2688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) S:\Windows\system32\drivers\uliagpkx.sys
20:59:02.0983 2688 uliagpkx - ok
20:59:02.0990 2688 umbus (dc54a574663a895c8763af0fa1ff7561) S:\Windows\system32\DRIVERS\umbus.sys
20:59:02.0991 2688 umbus - ok
20:59:02.0994 2688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) S:\Windows\system32\drivers\umpass.sys
20:59:02.0995 2688 UmPass - ok
20:59:03.0005 2688 UmRdpService (a293dcd756d04d8492a750d03b9a297c) S:\Windows\System32\umrdp.dll
20:59:03.0009 2688 UmRdpService - ok
20:59:03.0023 2688 upnphost (d47ec6a8e81633dd18d2436b19baf6de) S:\Windows\System32\upnphost.dll
20:59:03.0028 2688 upnphost - ok
20:59:03.0035 2688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) S:\Windows\system32\DRIVERS\usbccgp.sys
20:59:03.0037 2688 usbccgp - ok
20:59:03.0043 2688 usbcir (af0892a803fdda7492f595368e3b68e7) S:\Windows\system32\DRIVERS\usbcir.sys
20:59:03.0044 2688 usbcir - ok
20:59:03.0048 2688 usbehci (c025055fe7b87701eb042095df1a2d7b) S:\Windows\system32\drivers\usbehci.sys
20:59:03.0056 2688 usbehci - ok
20:59:03.0070 2688 usbhub (287c6c9410b111b68b52ca298f7b8c24) S:\Windows\system32\DRIVERS\usbhub.sys
20:59:03.0082 2688 usbhub - ok
20:59:03.0087 2688 usbohci (9840fc418b4cbd632d3d0a667a725c31) S:\Windows\system32\drivers\usbohci.sys
20:59:03.0095 2688 usbohci - ok
20:59:03.0098 2688 usbprint (73188f58fb384e75c4063d29413cee3d) S:\Windows\system32\drivers\usbprint.sys
20:59:03.0100 2688 usbprint - ok
20:59:03.0106 2688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) S:\Windows\system32\drivers\USBSTOR.SYS
20:59:03.0115 2688 USBSTOR - ok
20:59:03.0120 2688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) S:\Windows\system32\drivers\usbuhci.sys
20:59:03.0127 2688 usbuhci - ok
20:59:03.0137 2688 usbvideo (454800c2bc7f3927ce030141ee4f4c50) S:\Windows\system32\Drivers\usbvideo.sys
20:59:03.0139 2688 usbvideo - ok
20:59:03.0144 2688 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) S:\Windows\System32\uxsms.dll
20:59:03.0146 2688 UxSms - ok
20:59:03.0150 2688 VaultSvc (c118a82cd78818c29ab228366ebf81c3) S:\Windows\system32\lsass.exe
20:59:03.0152 2688 VaultSvc - ok
20:59:03.0157 2688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) S:\Windows\system32\drivers\vdrvroot.sys
20:59:03.0158 2688 vdrvroot - ok
20:59:03.0175 2688 vds (8d6b481601d01a456e75c3210f1830be) S:\Windows\System32\vds.exe
20:59:03.0182 2688 vds - ok
20:59:03.0188 2688 vga (da4da3f5e02943c2dc8c6ed875de68dd) S:\Windows\system32\DRIVERS\vgapnp.sys
20:59:03.0189 2688 vga - ok
20:59:03.0194 2688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) S:\Windows\System32\drivers\vga.sys
20:59:03.0195 2688 VgaSave - ok
20:59:03.0198 2688 VGPU - ok
20:59:03.0208 2688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) S:\Windows\system32\drivers\vhdmp.sys
20:59:03.0211 2688 vhdmp - ok
20:59:03.0215 2688 viaide (e5689d93ffe4e5d66c0178761240dd54) S:\Windows\system32\drivers\viaide.sys
20:59:03.0216 2688 viaide - ok
20:59:03.0225 2688 vmbus (86ea3e79ae350fea5331a1303054005f) S:\Windows\system32\drivers\vmbus.sys
20:59:03.0227 2688 vmbus - ok
20:59:03.0231 2688 VMBusHID (7de90b48f210d29649380545db45a187) S:\Windows\system32\drivers\VMBusHID.sys
20:59:03.0233 2688 VMBusHID - ok
20:59:03.0238 2688 volmgr (d2aafd421940f640b407aefaaebd91b0) S:\Windows\system32\drivers\volmgr.sys
20:59:03.0240 2688 volmgr - ok
20:59:03.0252 2688 volmgrx (a255814907c89be58b79ef2f189b843b) S:\Windows\system32\drivers\volmgrx.sys
20:59:03.0256 2688 volmgrx - ok
20:59:03.0268 2688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) S:\Windows\system32\drivers\volsnap.sys
20:59:03.0271 2688 volsnap - ok
20:59:03.0279 2688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) S:\Windows\system32\drivers\vsmraid.sys
20:59:03.0282 2688 vsmraid - ok
20:59:03.0330 2688 VSS (b60ba0bc31b0cb414593e169f6f21cc2) S:\Windows\system32\vssvc.exe
20:59:03.0346 2688 VSS - ok
20:59:03.0376 2688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) S:\Windows\System32\drivers\vwifibus.sys
20:59:03.0378 2688 vwifibus - ok
20:59:03.0392 2688 W32Time (1c9d80cc3849b3788048078c26486e1a) S:\Windows\system32\w32time.dll
20:59:03.0397 2688 W32Time - ok
20:59:03.0415 2688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) S:\Windows\system32\drivers\wacompen.sys
20:59:03.0416 2688 WacomPen - ok
20:59:03.0423 2688 WANARP (356afd78a6ed4457169241ac3965230c) S:\Windows\system32\DRIVERS\wanarp.sys
20:59:03.0425 2688 WANARP - ok
20:59:03.0429 2688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) S:\Windows\system32\DRIVERS\wanarp.sys
20:59:03.0430 2688 Wanarpv6 - ok
20:59:03.0470 2688 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) S:\Windows\system32\Wat\WatAdminSvc.exe
20:59:03.0484 2688 WatAdminSvc - ok
20:59:03.0527 2688 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) S:\Windows\system32\wbengine.exe
20:59:03.0543 2688 wbengine - ok
20:59:03.0574 2688 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) S:\Windows\System32\wbiosrvc.dll
20:59:03.0578 2688 WbioSrvc - ok
20:59:03.0592 2688 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) S:\Windows\System32\wcncsvc.dll
20:59:03.0597 2688 wcncsvc - ok
20:59:03.0604 2688 WcsPlugInService (20f7441334b18cee52027661df4a6129) S:\Windows\System32\WcsPlugInService.dll
20:59:03.0607 2688 WcsPlugInService - ok
20:59:03.0614 2688 Wd (72889e16ff12ba0f235467d6091b17dc) S:\Windows\system32\drivers\wd.sys
20:59:03.0619 2688 Wd - ok
20:59:03.0643 2688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) S:\Windows\system32\drivers\Wdf01000.sys
20:59:03.0650 2688 Wdf01000 - ok
20:59:03.0657 2688 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) S:\Windows\system32\wdi.dll
20:59:03.0659 2688 WdiServiceHost - ok
20:59:03.0663 2688 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) S:\Windows\system32\wdi.dll
20:59:03.0666 2688 WdiSystemHost - ok
20:59:03.0678 2688 WebClient (3db6d04e1c64272f8b14eb8bc4616280) S:\Windows\System32\webclnt.dll
20:59:03.0682 2688 WebClient - ok
20:59:03.0693 2688 Wecsvc (c749025a679c5103e575e3b48e092c43) S:\Windows\system32\wecsvc.dll
20:59:03.0697 2688 Wecsvc - ok
20:59:03.0704 2688 wercplsupport (7e591867422dc788b9e5bd337a669a08) S:\Windows\System32\wercplsupport.dll
20:59:03.0708 2688 wercplsupport - ok
20:59:03.0714 2688 WerSvc (6d137963730144698cbd10f202e9f251) S:\Windows\System32\WerSvc.dll
20:59:03.0716 2688 WerSvc - ok
20:59:03.0724 2688 WfpLwf (611b23304bf067451a9fdee01fbdd725) S:\Windows\system32\DRIVERS\wfplwf.sys
20:59:03.0725 2688 WfpLwf - ok
20:59:03.0730 2688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) S:\Windows\system32\drivers\wimmount.sys
20:59:03.0731 2688 WIMMount - ok
20:59:03.0737 2688 WinHttpAutoProxySvc - ok
20:59:03.0752 2688 Winmgmt (19b07e7e8915d701225da41cb3877306) S:\Windows\system32\wbem\WMIsvc.dll
20:59:03.0755 2688 Winmgmt - ok
20:59:03.0921 2688 WinRM (bcb1310604aa415c4508708975b3931e) S:\Windows\system32\WsmSvc.dll
20:59:03.0943 2688 WinRM - ok
20:59:04.0062 2688 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) S:\Windows\System32\wlansvc.dll
20:59:04.0072 2688 Wlansvc - ok
20:59:04.0137 2688 wlidsvc (98f138897ef4246381d197cb81846d62) S:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:59:04.0157 2688 wlidsvc - ok
20:59:04.0188 2688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) S:\Windows\system32\DRIVERS\wmiacpi.sys
20:59:04.0189 2688 WmiAcpi - ok
20:59:04.0202 2688 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) S:\Windows\system32\wbem\WmiApSrv.exe
20:59:04.0205 2688 wmiApSrv - ok
20:59:04.0208 2688 WMPNetworkSvc - ok
20:59:04.0213 2688 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) S:\Windows\System32\wpcsvc.dll
20:59:04.0215 2688 WPCSvc - ok
20:59:04.0222 2688 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) S:\Windows\system32\wpdbusenum.dll
20:59:04.0225 2688 WPDBusEnum - ok
20:59:04.0228 2688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) S:\Windows\system32\drivers\ws2ifsl.sys
20:59:04.0229 2688 ws2ifsl - ok
20:59:04.0232 2688 WSearch - ok
20:59:04.0240 2688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) S:\Windows\system32\drivers\WudfPf.sys
20:59:04.0241 2688 WudfPf - ok
20:59:04.0246 2688 wudfsvc (7a95c95b6c4cf292d689106bcae49543) S:\Windows\System32\WUDFSvc.dll
20:59:04.0249 2688 wudfsvc - ok
20:59:04.0259 2688 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) S:\Windows\System32\wwansvc.dll
20:59:04.0263 2688 WwanSvc - ok
20:59:04.0273 2688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:59:04.0277 2688 \Device\Harddisk1\DR1 - ok
20:59:04.0280 2688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:59:04.0627 2688 \Device\Harddisk0\DR0 - ok
20:59:04.0630 2688 Boot (0x1200) (0fc88dbfa4e6da268cddeb727d1aa6b4) \Device\Harddisk1\DR1\Partition0
20:59:04.0631 2688 \Device\Harddisk1\DR1\Partition0 - ok
20:59:04.0634 2688 Boot (0x1200) (5a2b598330a40065bf440a1851053c83) \Device\Harddisk0\DR0\Partition0
20:59:04.0635 2688 \Device\Harddisk0\DR0\Partition0 - ok
20:59:04.0638 2688 Boot (0x1200) (e3f78695d82d458253a7665dc06736b8) \Device\Harddisk0\DR0\Partition1
20:59:04.0639 2688 \Device\Harddisk0\DR0\Partition1 - ok
20:59:04.0640 2688 ============================================================
20:59:04.0640 2688 Scan finished
20:59:04.0640 2688 ============================================================
20:59:04.0663 4312 Detected object count: 0
20:59:04.0663 4312 Actual detected object count: 0



*****************
********DDS******
*****************

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by NS at 21:04:46 on 2012-08-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4079.1962 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
S:\PROGRA~2\AVG\AVG2012\avgrsa.exe
S:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
S:\Windows\system32\wininit.exe
S:\Windows\system32\lsm.exe
S:\Windows\system32\svchost.exe -k DcomLaunch
S:\Windows\system32\svchost.exe -k RPCSS
S:\Windows\system32\atiesrxx.exe
S:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
S:\Windows\system32\svchost.exe -k netsvcs
S:\Windows\system32\svchost.exe -k LocalService
S:\Windows\system32\svchost.exe -k NetworkService
S:\Windows\system32\atieclxx.exe
S:\Windows\System32\spoolsv.exe
S:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
S:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
S:\Program Files\Bonjour\mDNSResponder.exe
S:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\DVRMSToolbox\DTBFWService.exe
S:\Windows\system32\taskhost.exe
S:\Windows\system32\taskeng.exe
S:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
S:\Windows\system32\Dwm.exe
S:\Windows\Explorer.EXE
S:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
S:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
S:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S:\Program Files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe
S:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
S:\Windows\System32\rundll32.exe
S:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe
S:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
S:\Program Files (x86)\AVG\AVG2012\avgtray.exe
S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
S:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
S:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
S:\Program Files (x86)\CyberLink\Shared files\brs.exe
S:\Program Files (x86)\iTunes\iTunesHelper.exe
S:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
S:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
S:\Program Files\iPod\bin\iPodService.exe
S:\Windows\ehome\ehRecvr.exe
S:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S:\Windows\system32\SearchIndexer.exe
S:\Program Files\Windows Media Player\wmpnetwk.exe
S:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
S:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
S:\Program Files (x86)\Mozilla Firefox\firefox.exe
S:\Users\NS\Downloads\HijackThis.exe
S:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"S:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
S:\Users\NS\Downloads\aswMBR.exe
S:\Users\NS\Downloads\tdsskiller.exe
S:\Windows\system32\NOTEPAD.EXE
S:\Users\NS\Downloads\aswMBR.exe
S:\Windows\system32\taskhost.exe
S:\Windows\system32\SearchProtocolHost.exe
S:\Windows\system32\SearchFilterHost.exe
S:\Windows\SysWOW64\cmd.exe
S:\Windows\system32\conhost.exe
S:\Windows\SysWOW64\cscript.exe
S:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - S:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - S:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - S:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - S:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [UpdReg] S:\Windows\UpdReg.EXE
mRun: [F21PowerConfig] S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
mRun: [AVG_TRAY] "S:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [CLMLServer] "S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl9] "S:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] S:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePSTShortCut] "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [APSDaemon] "S:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "S:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [THX Audio Control Panel] "S:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [SunJavaUpdateSched] "S:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "S:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: S:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - S:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: S:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - S:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - S:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 192.168.123.254
TCP: Interfaces\{BFF19BBC-38D2-4F60-AF35-35B1C00EE270} : DhcpNameServer = 209.18.47.61 192.168.123.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - S:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - S:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - S:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - S:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - S:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - S:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [UpdReg] S:\Windows\UpdReg.EXE
mRun-x64: [F21PowerConfig] S:\Program Files (x86)\Formosa21\PowerConfig\PowerConfig.exe
mRun-x64: [AVG_TRAY] "S:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [CLMLServer] "S:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl9] "S:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] S:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePSTShortCut] "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "S:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [APSDaemon] "S:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "S:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [THX Audio Control Panel] "S:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [SunJavaUpdateSched] "S:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "S:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - S:\Users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\0554h2at.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: S:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: S:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: S:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: S:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: S:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;S:\Windows\system32\DRIVERS\avgidsha.sys --> S:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;S:\Windows\system32\DRIVERS\avgrkx64.sys --> S:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mv91xx;mv91xx;S:\Windows\system32\DRIVERS\mv91xx.sys --> S:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;S:\Windows\system32\Drivers\SmartDefrag Driver.sys --> S:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;S:\Windows\system32\DRIVERS\avgldx64.sys --> S:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;S:\Windows\system32\DRIVERS\avgmfx64.sys --> S:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;S:\Windows\system32\atiesrxx.exe --> S:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;S:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 DTBService;DTBService;D:\DVRMSToolbox\DTBFWService.exe [2009-10-20 20480]
R2 InfiniTVSvc;Ceton InfiniTV Service;S:\Program Files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe [2011-10-14 69392]
R2 InfiniTVTAHSP;Ceton Tuning Adapter Host Service;S:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe [2011-10-14 89088]
R2 ShowAnalyzerMaster;ShowAnalyzerMaster;S:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2010-2-8 2074112]
R3 amdkmdag;amdkmdag;S:\Windows\system32\DRIVERS\atikmdag.sys --> S:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;S:\Windows\system32\DRIVERS\atikmpag.sys --> S:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;S:\Windows\system32\drivers\AtihdW76.sys --> S:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ceton_mocur;Ceton InfiniTV Network Device;S:\Windows\system32\DRIVERS\ceton_mocur.sys --> S:\Windows\system32\DRIVERS\ceton_mocur.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;S:\Windows\system32\Drivers\EtronHub3.sys --> S:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;S:\Windows\system32\Drivers\EtronXHCI.sys --> S:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 MEIx64;Intel® Management Engine Interface;S:\Windows\system32\DRIVERS\HECIx64.sys --> S:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;S:\Windows\system32\DRIVERS\Rt64win7.sys --> S:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_D9D37C34;CyberLink Product - 2012/01/22 12:54:35;S:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;S:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;S:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;S:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 dmvsc;dmvsc;S:\Windows\system32\drivers\dmvsc.sys --> S:\Windows\system32\drivers\dmvsc.sys [?]
S3 epmntdrv;epmntdrv;S:\Windows\System32\epmntdrv.sys [2012-1-28 14216]
S3 EuGdiDrv;EuGdiDrv;S:\Windows\System32\EuGdiDrv.sys [2012-1-28 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;S:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;S:\Windows\system32\drivers\rdpvideominiport.sys --> S:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;S:\Windows\system32\drivers\synth3dvsc.sys --> S:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;S:\Windows\system32\drivers\terminpt.sys --> S:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;S:\Windows\system32\drivers\tsusbflt.sys --> S:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;S:\Windows\system32\drivers\TsUsbGD.sys --> S:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;S:\Windows\system32\drivers\tsusbhub.sys --> S:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;S:\Windows\system32\Wat\WatAdminSvc.exe --> S:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-24 04:41:28 -------- d-sh--w- S:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-05-27 01:56:28 70304 ----a-w- S:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 01:56:28 419488 ----a-w- S:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-23 02:07:04 1473608 ----a-w- S:\Users\NS\gotomypc_597.exe
.
============= FINISH: 21:05:05.25 ===============







*****************
*****ASWMBR******
*****************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 20:58:40
-----------------------------
20:58:40.073 OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:40.073 Number of processors: 4 586 0x2A07
20:58:40.075 ComputerName: NS-PC UserName: NS
20:58:40.395 Initialize success
20:59:36.562 AVAST engine defs: 12080501
21:00:38.286 Service scanning
21:00:46.002 Modules scanning
21:00:46.006 Disk 0 trace - called modules:
21:00:46.011 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:00:46.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049be060]
21:00:46.016 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80042dd520]
21:00:46.021 5 ACPI.sys[fffff88000f657a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80042d9680]
21:00:46.347 AVAST engine scan S:\Windows
21:00:46.842 AVAST engine scan S:\Windows\system32
21:01:36.529 File: S:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:01:37.224 File: S:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:02:01.780 AVAST engine scan S:\Windows\system32\drivers
21:02:09.227 AVAST engine scan S:\Users\NS
21:02:26.321 The log file has been saved successfully to "S:\Users\NS\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 21:03:43
-----------------------------
21:03:43.274 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:43.274 Number of processors: 4 586 0x2A07
21:03:43.275 ComputerName: NS-PC UserName: NS
21:03:43.604 Initialze error C000010E - driver not loaded
21:03:43.641 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
21:03:43.734 AVAST engine defs: 12080501
21:03:51.802 Service scanning
21:03:59.277 Modules scanning
21:03:59.282 Disk 0 trace - called modules:
21:03:59.284
21:03:59.593 AVAST engine scan S:\Windows
21:04:00.249 AVAST engine scan S:\Windows\system32
21:04:40.009 File: S:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:04:40.506 File: S:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:05:03.464 AVAST engine scan S:\Windows\system32\drivers
21:05:06.928 AVAST engine scan S:\Users\NS
21:05:25.817 AVAST engine scan S:\ProgramData
21:05:33.282 Scan finished successfully
21:06:03.868 The log file has been saved successfully to "S:\Users\NS\Desktop\aswMBR.txt"

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:00 AM

Posted 06 August 2012 - 05:33 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 spn789

spn789
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 August 2012 - 08:28 PM

For some reason, when I restart Windows 7 and enter the advanced boot menu, there is no option for Repair Computer. Same thing with the disc. Any ideas? Is there a work around?

Thanks so much for the quick reply and your help!

Edited by spn789, 06 August 2012 - 08:28 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:00 AM

Posted 06 August 2012 - 09:05 PM

please run the following instead:


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 spn789

spn789
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 August 2012 - 09:22 PM

Thanks. Ran ComboFix. Results below. Thanks again for your help.

******

ComboFix 12-08-05.02 - NS 08/06/2012 22:16:38.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4079.2899 [GMT -4:00]
Running from: s:\users\NS\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
s:\windows\assembly\GAC_32\Desktop.ini
s:\windows\assembly\GAC_64\Desktop.ini
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\L\00000004.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\L\201d3dde
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\00000004.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\00000008.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\000000cb.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\80000000.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\80000032.@
s:\windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\80000064.@
s:\windows\SysWow64\CBUTTON.OCX
.
Infected copy of s:\windows\system32\services.exe was found and disinfected
Restored copy from - s:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 02:20 . 2012-08-07 02:20 -------- d-----w- s:\users\Default\AppData\Local\temp
2012-07-24 04:41 . 2012-07-24 04:41 -------- d-sh--w- s:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 01:56 . 2012-03-30 22:32 419488 ----a-w- s:\windows\SysWow64\FlashPlayerApp.exe
2012-05-27 01:56 . 2012-01-16 23:54 70304 ----a-w- s:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 02:07 . 2012-05-23 02:07 1473608 ----a-w- s:\users\NS\gotomypc_597.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="s:\windows\UpdReg.EXE" [2000-05-11 90112]
"F21PowerConfig"="s:\program files (x86)\Formosa21\PowerConfig\PowerConfig.exe" [2011-05-09 307200]
"AVG_TRAY"="s:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"CLMLServer"="s:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RemoteControl9"="s:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="s:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-18 75048]
"UpdatePSTShortCut"="s:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2011-03-01 222504]
"APSDaemon"="s:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="s:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"THX Audio Control Panel"="s:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-06-11 1349632]
"SunJavaUpdateSched"="s:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="s:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
.
s:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - s:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Media Browser Service.lnk - s:\program files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2012-3-7 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0s:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_D9D37C34;CyberLink Product - 2012/01/22 12:54;s:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;s:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;s:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;s:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;s:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MozillaMaintenance;Mozilla Maintenance Service;s:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-03 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;s:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;s:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;s:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;s:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;s:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;s:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;s:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;s:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1255736]
S0 AVGIDSHA;AVGIDSHA;s:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;s:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mv91xx;mv91xx;s:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S0 SmartDefragDriver;SmartDefragDriver;s:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 Avgldx64;AVG AVI Loader Driver;s:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;s:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S2 AMD External Events Utility;AMD External Events Utility;s:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 avgwd;AVG WatchDog;s:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DTBService;DTBService;d:\dvrmstoolbox\DTBFWService.exe [2009-10-21 20480]
S2 InfiniTVSvc;Ceton InfiniTV Service;s:\program files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe [2011-10-15 69392]
S2 InfiniTVTAHSP;Ceton Tuning Adapter Host Service;s:\program files\Ceton Corp\Ceton InfiniTV\TAHSP.exe [2011-10-15 89088]
S2 ShowAnalyzerMaster;ShowAnalyzerMaster;s:\program files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2010-02-08 2074112]
S2 SkypeUpdate;Skype Updater;s:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 amdkmdag;amdkmdag;s:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;s:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;s:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 ceton_mocur;Ceton InfiniTV Network Device;s:\windows\system32\DRIVERS\ceton_mocur.sys [2011-10-06 40720]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;s:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;s:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 MEIx64;Intel® Management Engine Interface;s:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;s:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_D9D37C34
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="s:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"THXCfg64"="s:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = s:\windows\system32\blank.htm
mLocal Page = s:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - s:\users\NS\AppData\Roaming\Mozilla\Firefox\Profiles\0554h2at.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@s:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="s:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="s:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="s:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="s:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="s:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
s:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
s:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-08-06 22:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 02:22
.
Pre-Run: 60,611,260,416 bytes free
Post-Run: 61,016,313,856 bytes free
.
- - End Of File - - 4352C14DF642B3FAEE014FBF83F6367D

#6 spn789

spn789
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 August 2012 - 09:24 PM

Also, just a heads up. My Ceton CableCard Tuner just stopped working. I'm guessing this is because ComboFix replaced my (infected) services.exe file.

Edited by spn789, 06 August 2012 - 09:27 PM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:00 AM

Posted 06 August 2012 - 09:32 PM

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 spn789

spn789
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 August 2012 - 09:38 PM

MBAM Report -- Looks good

*****

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NS :: NS-PC [administrator]

8/6/2012 10:38:37 PM
mbam-log-2012-08-06 (22-38-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194960
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 spn789

spn789
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 06 August 2012 - 10:18 PM

ESET Report -- Found an Multiple Infected Files

****
D:\Documents\75eccd.pdf JS/Exploit.Pdfka.ODF trojan

S:\Qoobox\Quarantine\S\Windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\00000008.@.vir Win64/Agent.BA trojan

S:\Qoobox\Quarantine\S\Windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\000000cb.@.vir Win64/Conedex.B trojan

S:\Qoobox\Quarantine\S\Windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\80000000.@.vir Win64/Sirefef.AP trojan

S:\Qoobox\Quarantine\S\Windows\Installer\{1af861a3-4dda-b89d-4e5d-a54c026574b9}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan

S:\Qoobox\Quarantine\S\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan

S:\Users\NS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\63e5f27c-3b63bfcb multiple threats

S:\Users\NS\Downloads\cnet_ido-setup-10_exe.exe a variant of Win32/InstallCore.D application

S:\Users\NS\Downloads\cnet_installspeedfan444_exe.exe a variant of Win32/InstallCore.D application

S:\Users\NS\Downloads\cnet_tabularasace_setup_msi.exe a variant of Win32/InstallCore.D application

Edited by spn789, 06 August 2012 - 10:19 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:00 AM

Posted 07 August 2012 - 07:33 AM

most of those detections are in quarantine and cant hurt your computer

were you able to re-install the Ceton CableCard Tuner?


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
D:\Documents\75eccd.pdf 
S:\Users\NS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\63e5f27c-3b63bfcb 
S:\Users\NS\Downloads\cnet_ido-setup-10_exe.exe 
S:\Users\NS\Downloads\cnet_installspeedfan444_exe.exe 
S:\Users\NS\Downloads\cnet_tabularasace_setup_msi.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


please do the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:00 AM

Posted 16 August 2012 - 07:12 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users