Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.EXE Infected with Trojan Horse Patched_C.LYU


  • This topic is locked This topic is locked
34 replies to this topic

#1 Tranceknight

Tranceknight

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 10 August 2012 - 03:55 PM

Hey there.

AVG is informing me repeatedly that my Services.EXE file is infected with the Patched_C.LYU Trojan Horse. After consulting with my computer expert friend, he sent me to you guys. I am running Windows 7. I was unable to get either of the GMER links to work properly, but I have downloaded and run both DeFogger and DDS already. The DDS .txt file is posted below.

The only things I've noticed that it's done to my computer so far is mildly slow down my internet speed and disable Microsoft Security Essentials from monitoring.

Please help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 15:38:22 on 2012-08-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2113 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "c:\users\administrator\appdata\local\akamai\netsession_win.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{D94D4D71-1DC9-47F9-8A4A-C5BDE164A427} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{D94D4D71-1DC9-47F9-8A4A-C5BDE164A427}\35862796E65627D275966496 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D94D4D71-1DC9-47F9-8A4A-C5BDE164A427}\84F6D656332303 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\ea7xubtl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-8-16 592120]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-9 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-27 250056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-9 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-29 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-15 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-14 1343400]
.
=============== Created Last 30 ================
.
2012-08-10 19:59:43 -------- d-----w- c:\users\administrator\appdata\roaming\GetRightToGo
2012-08-10 15:13:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 14:36:45 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ccf837f0-9766-417c-9e9c-984801b64114}\mpengine.dll
2012-08-08 14:56:16 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-29 21:01:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-12 17:41:17 2345984 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 23:13:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 23:13:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 19:11:00 435 ----a-w- c:\program files\0614201214110087.bat
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-02-24 22:37:26 887600 ----a-w- c:\program files\common files\AutoCompletePro.exe
.
============= FINISH: 15:38:59.24 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 11 August 2012 - 01:44 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 14 August 2012 - 12:19 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 09:57 AM

Have been busy with work. I am about to start following your instructions now. I should have an update within the hour.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 15 August 2012 - 10:01 AM

I will be around


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 10:04 AM

Okay. I did everything above. I ran Security Check, disabled AVG, then ran ComboFix. (FWIW, I downloaded the version from Link 1) It finished running, but didn't produce me a log (Or didn't inform me if it did.)

What's next?

Here's the checkup.txt paste.

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Edited by Tranceknight, 15 August 2012 - 10:06 AM.


#7 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 10:16 AM

On further inspection, I realized I didn't have AVG disabled after all. Am re-running it and it's actually doing something now. Will post the log upon completion.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 15 August 2012 - 10:17 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 10:44 AM

Logs from both ComboFix and RogueKiller.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 08/15/2012 10:42:38

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\L --> FOUND

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS721080G9SA00 ATA Device +++++
--- User ---
[MBR] fbd9052752deabdc258c06076ac35948
[BSP] 30b29a52438311981d61eb6325ea0b7f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317440 | Size: 76163 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt










ComboFix 12-08-14.05 - Administrator 08/15/2012 10:16:12.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2259 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\windows\Installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\@
c:\windows\Installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\n
c:\windows\Installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U\00000001.@
c:\windows\Installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U\80000000.@
c:\windows\Installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U\800000cb.@
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 15:21 . 2012-08-15 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 15:21 . 2012-08-15 15:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 19:59 . 2012-08-10 20:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2012-08-10 15:13 . 2012-08-10 15:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 14:36 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF837F0-9766-417C-9E9C-984801B64114}\mpengine.dll
2012-08-08 14:56 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-29 21:01 . 2012-07-29 21:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:48 . 2012-06-27 06:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:48 . 2012-01-15 02:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 19:11 . 2012-06-14 19:11 435 ----a-w- c:\program files\0614201214110087.bat
2012-06-12 02:40 . 2012-07-12 17:41 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 17:24 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 17:24 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 17:24 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-25 15:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 15:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 15:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 15:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 15:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 15:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 15:50 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-25 15:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-25 15:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 17:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 17:45 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 17:45 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 17:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 17:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 17:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 17:24 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 17:24 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 17:24 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 17:24 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-02-24 22:37 . 2012-06-28 18:03 887600 ----a-w- c:\program files\Common Files\AutoCompletePro.exe
2012-07-29 21:01 . 2012-06-24 21:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 14:48]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-10 03:43]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-10 03:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ea7xubtl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,ca,
07,9a,be,e4,0f,ba,9e,ba,17,8d,69,f9,db
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,90,
6d,f2,66,45,00,a8,f1,4b,fc,1c,7f,e7,66
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e6,
ab,16,58,3e,04,a5,2a,02,f3,01,c9,46,e7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dd,
c4,72,f2,3c,0e,a3,7c,dc,65,c0,82,cc,b1
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
35,c1,0d,02,0b,b7,ab,8f,e9,66,69,06,89
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:0c,5e,05,9c,42,d3,cc,01
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,56,cb,bd,06,7f,79,4c,91,ed,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,56,cb,bd,06,7f,79,4c,91,ed,7a,\
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-15 10:29:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 15:29
.
Pre-Run: 44,279,873,536 bytes free
Post-Run: 44,291,371,008 bytes free
.
- - End Of File - - 04769FC374DDD30134C4C121EA27D16B

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 15 August 2012 - 10:59 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 11:09 AM

Done.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date: 08/15/2012 11:08:39

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\administrator\appdata\local\{9fc6985d-76a7-7795-1f5b-c86de6183a84}\L --> REMOVED

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS721080G9SA00 ATA Device +++++
--- User ---
[MBR] fbd9052752deabdc258c06076ac35948
[BSP] 30b29a52438311981d61eb6325ea0b7f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 317440 | Size: 76163 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 15 August 2012 - 11:57 AM

Greetings

how are things running?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 12:49 PM

Done. It seems to be running fine, other than RogueKiller still saying Infection: ZeroAccess. Here are the results of the last two.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 12:35:02
-----------------------------
12:35:02.771 OS Version: Windows 6.1.7601 Service Pack 1
12:35:02.771 Number of processors: 2 586 0xF0A
12:35:02.772 ComputerName: KRISTEN-PC UserName:
12:35:03.823 Initialize success
12:36:55.855 AVAST engine defs: 12081503
12:37:59.891 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:37:59.897 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 76319MB BusType: 11
12:37:59.937 Disk 0 MBR read successfully
12:37:59.944 Disk 0 MBR scan
12:37:59.956 Disk 0 Windows 7 default MBR code
12:37:59.964 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
12:37:59.980 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 112640
12:37:59.994 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 76163 MB offset 317440
12:38:00.003 Disk 0 scanning sectors +156299264
12:38:00.079 Disk 0 scanning C:\Windows\system32\drivers
12:38:11.840 Service scanning
12:38:45.989 Modules scanning
12:38:55.719 Disk 0 trace - called modules:
12:38:55.738 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
12:38:55.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85db27b8]
12:38:55.751 3 CLASSPNP.SYS[8b42959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85ca7908]
12:38:56.960 AVAST engine scan C:\Windows
12:39:00.000 AVAST engine scan C:\Windows\system32
12:42:48.356 AVAST engine scan C:\Windows\system32\drivers
12:43:04.272 AVAST engine scan C:\Users\Administrator
12:44:01.096 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
12:44:01.102 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"



12:44:43.0715 0316 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:44:44.0151 0316 ============================================================
12:44:44.0151 0316 Current date / time: 2012/08/15 12:44:44.0151
12:44:44.0151 0316 SystemInfo:
12:44:44.0151 0316
12:44:44.0152 0316 OS Version: 6.1.7601 ServicePack: 1.0
12:44:44.0152 0316 Product type: Workstation
12:44:44.0152 0316 ComputerName: KRISTEN-PC
12:44:44.0152 0316 UserName: Administrator
12:44:44.0152 0316 Windows directory: C:\Windows
12:44:44.0152 0316 System windows directory: C:\Windows
12:44:44.0152 0316 Processor architecture: Intel x86
12:44:44.0152 0316 Number of processors: 2
12:44:44.0152 0316 Page size: 0x1000
12:44:44.0152 0316 Boot type: Normal boot
12:44:44.0152 0316 ============================================================
12:44:45.0190 0316 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:44:45.0192 0316 ============================================================
12:44:45.0192 0316 \Device\Harddisk0\DR0:
12:44:45.0195 0316 MBR partitions:
12:44:45.0195 0316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x32000
12:44:45.0195 0316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4D800, BlocksNum 0x94C1800
12:44:45.0195 0316 ============================================================
12:44:45.0235 0316 C: <-> \Device\Harddisk0\DR0\Partition2
12:44:45.0235 0316 ============================================================
12:44:45.0235 0316 Initialize success
12:44:45.0235 0316 ============================================================
12:44:46.0606 3856 ============================================================
12:44:46.0606 3856 Scan started
12:44:46.0606 3856 Mode: Manual;
12:44:46.0606 3856 ============================================================
12:44:47.0091 3856 ================ Scan services =============================
12:44:47.0333 3856 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:44:47.0337 3856 1394ohci - ok
12:44:47.0400 3856 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:44:47.0405 3856 ACPI - ok
12:44:47.0430 3856 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:44:47.0432 3856 AcpiPmi - ok
12:44:47.0556 3856 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:44:47.0559 3856 AdobeARMservice - ok
12:44:47.0673 3856 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:47.0678 3856 AdobeFlashPlayerUpdateSvc - ok
12:44:47.0745 3856 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:44:47.0753 3856 adp94xx - ok
12:44:47.0790 3856 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:44:47.0793 3856 adpahci - ok
12:44:47.0813 3856 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:44:47.0815 3856 adpu320 - ok
12:44:47.0854 3856 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:44:47.0856 3856 AeLookupSvc - ok
12:44:47.0927 3856 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:44:47.0933 3856 AFD - ok
12:44:47.0978 3856 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
12:44:47.0981 3856 agp440 - ok
12:44:48.0039 3856 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:44:48.0041 3856 aic78xx - ok
12:44:48.0075 3856 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
12:44:48.0077 3856 ALG - ok
12:44:48.0101 3856 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:44:48.0102 3856 aliide - ok
12:44:48.0122 3856 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:44:48.0124 3856 amdagp - ok
12:44:48.0143 3856 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:44:48.0144 3856 amdide - ok
12:44:48.0170 3856 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:44:48.0172 3856 AmdK8 - ok
12:44:48.0190 3856 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:44:48.0192 3856 AmdPPM - ok
12:44:48.0248 3856 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:44:48.0251 3856 amdsata - ok
12:44:48.0288 3856 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:44:48.0290 3856 amdsbs - ok
12:44:48.0305 3856 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:44:48.0306 3856 amdxata - ok
12:44:48.0362 3856 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
12:44:48.0363 3856 AppID - ok
12:44:48.0394 3856 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:44:48.0395 3856 AppIDSvc - ok
12:44:48.0458 3856 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
12:44:48.0459 3856 Appinfo - ok
12:44:48.0500 3856 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
12:44:48.0502 3856 AppMgmt - ok
12:44:48.0527 3856 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:44:48.0529 3856 arc - ok
12:44:48.0549 3856 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:44:48.0550 3856 arcsas - ok
12:44:48.0642 3856 [ 39cdcb109bf200cc8a05b9c7e6272d11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:44:48.0643 3856 aspnet_state - ok
12:44:48.0671 3856 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:48.0672 3856 AsyncMac - ok
12:44:48.0712 3856 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
12:44:48.0713 3856 atapi - ok
12:44:48.0791 3856 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:44:48.0799 3856 AudioEndpointBuilder - ok
12:44:48.0817 3856 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:44:48.0821 3856 Audiosrv - ok
12:44:48.0857 3856 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
12:44:48.0858 3856 AVGIDSHX - ok
12:44:48.0913 3856 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
12:44:48.0918 3856 Avgldx86 - ok
12:44:48.0940 3856 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
12:44:48.0942 3856 Avgmfx86 - ok
12:44:48.0982 3856 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
12:44:48.0983 3856 Avgrkx86 - ok
12:44:49.0051 3856 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:44:49.0054 3856 avgwd - ok
12:44:49.0119 3856 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:44:49.0122 3856 AxInstSV - ok
12:44:49.0177 3856 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:44:49.0185 3856 b06bdrv - ok
12:44:49.0230 3856 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:44:49.0233 3856 b57nd60x - ok
12:44:49.0267 3856 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:44:49.0269 3856 BDESVC - ok
12:44:49.0299 3856 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:44:49.0301 3856 Beep - ok
12:44:49.0383 3856 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
12:44:49.0389 3856 BFE - ok
12:44:49.0431 3856 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:44:49.0432 3856 blbdrive - ok
12:44:49.0477 3856 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:44:49.0479 3856 bowser - ok
12:44:49.0489 3856 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:44:49.0491 3856 BrFiltLo - ok
12:44:49.0506 3856 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:44:49.0507 3856 BrFiltUp - ok
12:44:49.0525 3856 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:44:49.0526 3856 BridgeMP - ok
12:44:49.0565 3856 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
12:44:49.0567 3856 Browser - ok
12:44:49.0595 3856 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:44:49.0599 3856 Brserid - ok
12:44:49.0607 3856 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:44:49.0609 3856 BrSerWdm - ok
12:44:49.0615 3856 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:44:49.0617 3856 BrUsbMdm - ok
12:44:49.0631 3856 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:44:49.0631 3856 BrUsbSer - ok
12:44:49.0687 3856 [ 2865a5c8e98c70c605f417908cebb3a4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:44:49.0689 3856 BthEnum - ok
12:44:49.0714 3856 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:44:49.0716 3856 BTHMODEM - ok
12:44:49.0749 3856 [ ad1872e5829e8a2c3b5b4b641c3eab0e ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:44:49.0751 3856 BthPan - ok
12:44:49.0791 3856 [ c2fbf6d271d9a94d839c416bf186ead9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:44:49.0796 3856 BTHPORT - ok
12:44:49.0845 3856 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
12:44:49.0850 3856 bthserv - ok
12:44:49.0869 3856 [ c81e9413a25a439f436b1d4b6a0cf9e9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:44:49.0871 3856 BTHUSB - ok
12:44:49.0981 3856 catchme - ok
12:44:50.0012 3856 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:44:50.0015 3856 cdfs - ok
12:44:50.0081 3856 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:44:50.0083 3856 cdrom - ok
12:44:50.0131 3856 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
12:44:50.0133 3856 CertPropSvc - ok
12:44:50.0163 3856 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:44:50.0164 3856 circlass - ok
12:44:50.0204 3856 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
12:44:50.0208 3856 CLFS - ok
12:44:50.0243 3856 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:50.0245 3856 clr_optimization_v2.0.50727_32 - ok
12:44:50.0344 3856 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:50.0347 3856 clr_optimization_v4.0.30319_32 - ok
12:44:50.0366 3856 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:50.0368 3856 CmBatt - ok
12:44:50.0391 3856 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:44:50.0392 3856 cmdide - ok
12:44:50.0450 3856 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
12:44:50.0458 3856 CNG - ok
12:44:50.0496 3856 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:44:50.0497 3856 Compbatt - ok
12:44:50.0560 3856 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:44:50.0562 3856 CompositeBus - ok
12:44:50.0584 3856 COMSysApp - ok
12:44:50.0656 3856 [ d01f685f8b4598d144b0cce9ff95d8d5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:44:50.0658 3856 cpudrv - ok
12:44:50.0678 3856 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:44:50.0680 3856 crcdisk - ok
12:44:50.0734 3856 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:44:50.0738 3856 CryptSvc - ok
12:44:50.0795 3856 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys
12:44:50.0802 3856 CSC - ok
12:44:50.0842 3856 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll
12:44:50.0847 3856 CscService - ok
12:44:50.0871 3856 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
12:44:50.0877 3856 DcomLaunch - ok
12:44:50.0908 3856 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:44:50.0911 3856 defragsvc - ok
12:44:50.0957 3856 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:44:50.0959 3856 DfsC - ok
12:44:51.0023 3856 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:44:51.0027 3856 Dhcp - ok
12:44:51.0046 3856 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
12:44:51.0048 3856 discache - ok
12:44:51.0093 3856 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:44:51.0095 3856 Disk - ok
12:44:51.0143 3856 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:44:51.0146 3856 Dnscache - ok
12:44:51.0194 3856 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:44:51.0199 3856 dot3svc - ok
12:44:51.0244 3856 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
12:44:51.0248 3856 DPS - ok
12:44:51.0280 3856 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:44:51.0281 3856 drmkaud - ok
12:44:51.0351 3856 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:44:51.0363 3856 DXGKrnl - ok
12:44:51.0391 3856 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
12:44:51.0393 3856 EapHost - ok
12:44:51.0880 3856 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:44:51.0900 3856 ebdrv - ok
12:44:51.0928 3856 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
12:44:51.0931 3856 EFS - ok
12:44:52.0015 3856 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:44:52.0024 3856 ehRecvr - ok
12:44:52.0054 3856 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
12:44:52.0057 3856 ehSched - ok
12:44:52.0123 3856 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:44:52.0131 3856 elxstor - ok
12:44:52.0170 3856 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:44:52.0171 3856 ErrDev - ok
12:44:52.0210 3856 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
12:44:52.0213 3856 EventSystem - ok
12:44:52.0235 3856 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
12:44:52.0237 3856 exfat - ok
12:44:52.0258 3856 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:44:52.0260 3856 fastfat - ok
12:44:52.0333 3856 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
12:44:52.0344 3856 Fax - ok
12:44:52.0384 3856 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:44:52.0385 3856 fdc - ok
12:44:52.0399 3856 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
12:44:52.0401 3856 fdPHost - ok
12:44:52.0417 3856 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
12:44:52.0419 3856 FDResPub - ok
12:44:52.0437 3856 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:44:52.0438 3856 FileInfo - ok
12:44:52.0455 3856 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:44:52.0456 3856 Filetrace - ok
12:44:52.0471 3856 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:52.0472 3856 flpydisk - ok
12:44:52.0492 3856 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:44:52.0494 3856 FltMgr - ok
12:44:52.0556 3856 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
12:44:52.0568 3856 FontCache - ok
12:44:52.0634 3856 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:44:52.0637 3856 FontCache3.0.0.0 - ok
12:44:52.0666 3856 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:44:52.0668 3856 FsDepends - ok
12:44:52.0692 3856 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:44:52.0694 3856 Fs_Rec - ok
12:44:52.0759 3856 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:44:52.0763 3856 fvevol - ok
12:44:52.0797 3856 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:44:52.0799 3856 gagp30kx - ok
12:44:52.0848 3856 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:44:52.0849 3856 GEARAspiWDM - ok
12:44:52.0911 3856 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:44:52.0919 3856 gpsvc - ok
12:44:52.0994 3856 [ f058c5f64dff28a2c8d7d1d04171e604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
12:44:52.0996 3856 guardian2 - ok
12:44:53.0134 3856 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:44:53.0140 3856 gupdate - ok
12:44:53.0161 3856 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:44:53.0164 3856 gupdatem - ok
12:44:53.0196 3856 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:44:53.0197 3856 hcw85cir - ok
12:44:53.0243 3856 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:44:53.0245 3856 HdAudAddService - ok
12:44:53.0289 3856 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:44:53.0292 3856 HDAudBus - ok
12:44:53.0313 3856 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:44:53.0315 3856 HidBatt - ok
12:44:53.0332 3856 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:44:53.0333 3856 HidBth - ok
12:44:53.0364 3856 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:44:53.0366 3856 HidIr - ok
12:44:53.0384 3856 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
12:44:53.0386 3856 hidserv - ok
12:44:53.0439 3856 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:44:53.0441 3856 HidUsb - ok
12:44:53.0489 3856 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:44:53.0492 3856 hkmsvc - ok
12:44:53.0536 3856 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:44:53.0543 3856 HomeGroupListener - ok
12:44:53.0599 3856 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:44:53.0607 3856 HomeGroupProvider - ok
12:44:53.0632 3856 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:44:53.0634 3856 HpSAMD - ok
12:44:53.0697 3856 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:44:53.0706 3856 HTTP - ok
12:44:53.0750 3856 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:44:53.0751 3856 hwpolicy - ok
12:44:53.0805 3856 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:44:53.0807 3856 i8042prt - ok
12:44:53.0843 3856 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:44:53.0850 3856 iaStorV - ok
12:44:53.0935 3856 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:44:53.0944 3856 idsvc - ok
12:44:54.0135 3856 [ 9467514ea189475a6e7fdc5d7bde9d3f ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:44:54.0166 3856 igfx - ok
12:44:54.0198 3856 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:44:54.0199 3856 iirsp - ok
12:44:54.0260 3856 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:44:54.0274 3856 IKEEXT - ok
12:44:54.0319 3856 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:44:54.0320 3856 intelide - ok
12:44:54.0354 3856 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:44:54.0356 3856 intelppm - ok
12:44:54.0393 3856 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:44:54.0397 3856 IPBusEnum - ok
12:44:54.0420 3856 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:54.0422 3856 IpFilterDriver - ok
12:44:54.0505 3856 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:44:54.0516 3856 iphlpsvc - ok
12:44:54.0533 3856 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:44:54.0535 3856 IPMIDRV - ok
12:44:54.0568 3856 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:44:54.0570 3856 IPNAT - ok
12:44:54.0605 3856 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:44:54.0606 3856 IRENUM - ok
12:44:54.0629 3856 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:44:54.0630 3856 isapnp - ok
12:44:54.0671 3856 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:44:54.0674 3856 iScsiPrt - ok
12:44:54.0705 3856 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:44:54.0707 3856 kbdclass - ok
12:44:54.0732 3856 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:44:54.0734 3856 kbdhid - ok
12:44:54.0753 3856 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
12:44:54.0756 3856 KeyIso - ok
12:44:54.0803 3856 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:44:54.0804 3856 KSecDD - ok
12:44:54.0827 3856 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:44:54.0829 3856 KSecPkg - ok
12:44:54.0871 3856 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
12:44:54.0877 3856 KtmRm - ok
12:44:54.0903 3856 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll
12:44:54.0909 3856 LanmanServer - ok
12:44:54.0927 3856 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:44:54.0933 3856 LanmanWorkstation - ok
12:44:54.0978 3856 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:44:54.0980 3856 lltdio - ok
12:44:55.0010 3856 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:44:55.0015 3856 lltdsvc - ok
12:44:55.0038 3856 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
12:44:55.0041 3856 lmhosts - ok
12:44:55.0072 3856 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:44:55.0073 3856 LSI_FC - ok
12:44:55.0087 3856 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:44:55.0089 3856 LSI_SAS - ok
12:44:55.0109 3856 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:44:55.0110 3856 LSI_SAS2 - ok
12:44:55.0135 3856 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:44:55.0137 3856 LSI_SCSI - ok
12:44:55.0161 3856 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
12:44:55.0162 3856 luafv - ok
12:44:55.0210 3856 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:44:55.0215 3856 Mcx2Svc - ok
12:44:55.0238 3856 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:44:55.0239 3856 megasas - ok
12:44:55.0270 3856 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:44:55.0273 3856 MegaSR - ok
12:44:55.0350 3856 Microsoft SharePoint Workspace Audit Service - ok
12:44:55.0394 3856 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
12:44:55.0399 3856 MMCSS - ok
12:44:55.0418 3856 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:44:55.0421 3856 Modem - ok
12:44:55.0452 3856 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:44:55.0454 3856 monitor - ok
12:44:55.0484 3856 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:44:55.0487 3856 mouclass - ok
12:44:55.0529 3856 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:44:55.0531 3856 mouhid - ok
12:44:55.0575 3856 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:44:55.0578 3856 mountmgr - ok
12:44:55.0667 3856 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:44:55.0670 3856 MozillaMaintenance - ok
12:44:55.0738 3856 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:44:55.0742 3856 MpFilter - ok
12:44:55.0788 3856 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:44:55.0792 3856 mpio - ok
12:44:55.0816 3856 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:44:55.0817 3856 mpsdrv - ok
12:44:55.0895 3856 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:44:55.0904 3856 MpsSvc - ok
12:44:55.0949 3856 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:44:55.0951 3856 MRxDAV - ok
12:44:55.0992 3856 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:44:55.0996 3856 mrxsmb - ok
12:44:56.0021 3856 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:44:56.0024 3856 mrxsmb10 - ok
12:44:56.0046 3856 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:44:56.0048 3856 mrxsmb20 - ok
12:44:56.0087 3856 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
12:44:56.0089 3856 msahci - ok
12:44:56.0138 3856 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:44:56.0141 3856 msdsm - ok
12:44:56.0171 3856 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
12:44:56.0174 3856 MSDTC - ok
12:44:56.0215 3856 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:44:56.0216 3856 Msfs - ok
12:44:56.0230 3856 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:44:56.0231 3856 mshidkmdf - ok
12:44:56.0243 3856 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:44:56.0244 3856 msisadrv - ok
12:44:56.0278 3856 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:44:56.0281 3856 MSiSCSI - ok
12:44:56.0285 3856 msiserver - ok
12:44:56.0317 3856 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:44:56.0318 3856 MSKSSRV - ok
12:44:56.0334 3856 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:44:56.0335 3856 MSPCLOCK - ok
12:44:56.0348 3856 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:44:56.0349 3856 MSPQM - ok
12:44:56.0368 3856 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:44:56.0370 3856 MsRPC - ok
12:44:56.0409 3856 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:44:56.0411 3856 mssmbios - ok
12:44:56.0440 3856 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:44:56.0441 3856 MSTEE - ok
12:44:56.0454 3856 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:44:56.0456 3856 MTConfig - ok
12:44:56.0472 3856 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:44:56.0473 3856 Mup - ok
12:44:56.0525 3856 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
12:44:56.0535 3856 napagent - ok
12:44:56.0579 3856 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:44:56.0583 3856 NativeWifiP - ok
12:44:56.0628 3856 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:44:56.0636 3856 NDIS - ok
12:44:56.0660 3856 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:44:56.0661 3856 NdisCap - ok
12:44:56.0682 3856 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:44:56.0683 3856 NdisTapi - ok
12:44:56.0731 3856 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:44:56.0732 3856 Ndisuio - ok
12:44:56.0771 3856 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:44:56.0773 3856 NdisWan - ok
12:44:56.0788 3856 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:44:56.0789 3856 NDProxy - ok
12:44:56.0820 3856 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:44:56.0822 3856 NetBIOS - ok
12:44:56.0891 3856 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:44:56.0895 3856 NetBT - ok
12:44:56.0911 3856 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
12:44:56.0916 3856 Netlogon - ok
12:44:56.0963 3856 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
12:44:56.0967 3856 Netman - ok
12:44:56.0987 3856 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
12:44:56.0992 3856 netprofm - ok
12:44:57.0039 3856 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:44:57.0042 3856 NetTcpPortSharing - ok
12:44:57.0235 3856 [ 58218ec6b61b1169cf54aab0d00f5fe2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:44:57.0264 3856 netw5v32 - ok
12:44:57.0303 3856 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:44:57.0304 3856 nfrd960 - ok
12:44:57.0360 3856 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:44:57.0363 3856 NisDrv - ok
12:44:57.0429 3856 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:44:57.0432 3856 NisSrv - ok
12:44:57.0476 3856 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:44:57.0482 3856 NlaSvc - ok
12:44:57.0498 3856 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:44:57.0500 3856 Npfs - ok
12:44:57.0532 3856 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
12:44:57.0536 3856 nsi - ok
12:44:57.0566 3856 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:44:57.0567 3856 nsiproxy - ok
12:44:57.0651 3856 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:44:57.0670 3856 Ntfs - ok
12:44:57.0682 3856 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
12:44:57.0683 3856 Null - ok
12:44:57.0727 3856 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:44:57.0730 3856 nvraid - ok
12:44:57.0754 3856 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:44:57.0757 3856 nvstor - ok
12:44:57.0780 3856 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:44:57.0782 3856 nv_agp - ok
12:44:57.0824 3856 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:44:57.0826 3856 ohci1394 - ok
12:44:57.0882 3856 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:44:57.0884 3856 ose - ok
12:44:58.0105 3856 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:44:58.0135 3856 osppsvc - ok
12:44:58.0170 3856 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:44:58.0174 3856 p2pimsvc - ok
12:44:58.0219 3856 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:44:58.0223 3856 p2psvc - ok
12:44:58.0251 3856 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:44:58.0252 3856 Parport - ok
12:44:58.0294 3856 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:44:58.0295 3856 partmgr - ok
12:44:58.0317 3856 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:44:58.0319 3856 Parvdm - ok
12:44:58.0343 3856 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:44:58.0347 3856 PcaSvc - ok
12:44:58.0369 3856 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
12:44:58.0371 3856 pci - ok
12:44:58.0385 3856 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
12:44:58.0386 3856 pciide - ok
12:44:58.0409 3856 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:44:58.0411 3856 pcmcia - ok
12:44:58.0430 3856 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
12:44:58.0431 3856 pcw - ok
12:44:58.0462 3856 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:44:58.0467 3856 PEAUTH - ok
12:44:58.0540 3856 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:44:58.0553 3856 PeerDistSvc - ok
12:44:58.0662 3856 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
12:44:58.0681 3856 pla - ok
12:44:58.0744 3856 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:44:58.0753 3856 PlugPlay - ok
12:44:58.0769 3856 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:44:58.0774 3856 PNRPAutoReg - ok
12:44:58.0796 3856 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:44:58.0800 3856 PNRPsvc - ok
12:44:58.0846 3856 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:44:58.0855 3856 PolicyAgent - ok
12:44:58.0912 3856 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
12:44:58.0921 3856 Power - ok
12:44:58.0956 3856 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:44:58.0958 3856 PptpMiniport - ok
12:44:58.0976 3856 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:44:58.0978 3856 Processor - ok
12:44:59.0027 3856 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
12:44:59.0035 3856 ProfSvc - ok
12:44:59.0054 3856 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:44:59.0057 3856 ProtectedStorage - ok
12:44:59.0090 3856 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:44:59.0093 3856 Psched - ok
12:44:59.0152 3856 [ 03e0fe281823ba64b3782f5b38950e73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:44:59.0154 3856 PxHelp20 - ok
12:44:59.0227 3856 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:44:59.0242 3856 ql2300 - ok
12:44:59.0275 3856 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:44:59.0276 3856 ql40xx - ok
12:44:59.0315 3856 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
12:44:59.0320 3856 QWAVE - ok
12:44:59.0340 3856 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:44:59.0343 3856 QWAVEdrv - ok
12:44:59.0370 3856 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:44:59.0372 3856 RasAcd - ok
12:44:59.0407 3856 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:44:59.0409 3856 RasAgileVpn - ok
12:44:59.0427 3856 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
12:44:59.0433 3856 RasAuto - ok
12:44:59.0447 3856 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:44:59.0449 3856 Rasl2tp - ok
12:44:59.0499 3856 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
12:44:59.0508 3856 RasMan - ok
12:44:59.0526 3856 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:44:59.0528 3856 RasPppoe - ok
12:44:59.0546 3856 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:44:59.0547 3856 RasSstp - ok
12:44:59.0600 3856 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:44:59.0605 3856 rdbss - ok
12:44:59.0640 3856 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:44:59.0642 3856 rdpbus - ok
12:44:59.0684 3856 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:44:59.0686 3856 RDPCDD - ok
12:44:59.0743 3856 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:44:59.0746 3856 RDPDR - ok
12:44:59.0775 3856 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:44:59.0776 3856 RDPENCDD - ok
12:44:59.0794 3856 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:44:59.0795 3856 RDPREFMP - ok
12:44:59.0867 3856 [ 68a0387f58e226deee23d9715955572a ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:44:59.0869 3856 RdpVideoMiniport - ok
12:44:59.0921 3856 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:44:59.0925 3856 RDPWD - ok
12:44:59.0982 3856 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:44:59.0986 3856 rdyboost - ok
12:45:00.0017 3856 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
12:45:00.0019 3856 RemoteAccess - ok
12:45:00.0054 3856 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:45:00.0057 3856 RemoteRegistry - ok
12:45:00.0100 3856 [ cb928d9e6daf51879dd6ba8d02f01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:00.0102 3856 RFCOMM - ok
12:45:00.0119 3856 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:45:00.0123 3856 RpcEptMapper - ok
12:45:00.0150 3856 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
12:45:00.0154 3856 RpcLocator - ok
12:45:00.0180 3856 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
12:45:00.0188 3856 RpcSs - ok
12:45:00.0226 3856 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:45:00.0228 3856 rspndr - ok
12:45:00.0270 3856 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:45:00.0271 3856 s3cap - ok
12:45:00.0287 3856 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
12:45:00.0290 3856 SamSs - ok
12:45:00.0321 3856 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:45:00.0323 3856 sbp2port - ok
12:45:00.0357 3856 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:45:00.0362 3856 SCardSvr - ok
12:45:00.0404 3856 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:45:00.0406 3856 scfilter - ok
12:45:00.0473 3856 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
12:45:00.0484 3856 Schedule - ok
12:45:00.0497 3856 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
12:45:00.0499 3856 SCPolicySvc - ok
12:45:00.0545 3856 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:45:00.0550 3856 SDRSVC - ok
12:45:00.0594 3856 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:45:00.0596 3856 secdrv - ok
12:45:00.0626 3856 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
12:45:00.0630 3856 seclogon - ok
12:45:00.0647 3856 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
12:45:00.0652 3856 SENS - ok
12:45:00.0681 3856 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:45:00.0686 3856 SensrSvc - ok
12:45:00.0723 3856 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:45:00.0725 3856 Serenum - ok
12:45:00.0743 3856 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:45:00.0745 3856 Serial - ok
12:45:00.0790 3856 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:45:00.0793 3856 sermouse - ok
12:45:00.0848 3856 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:45:00.0856 3856 SessionEnv - ok
12:45:00.0902 3856 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:45:00.0904 3856 sffdisk - ok
12:45:00.0914 3856 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:45:00.0916 3856 sffp_mmc - ok
12:45:00.0932 3856 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:45:00.0933 3856 sffp_sd - ok
12:45:00.0966 3856 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:00.0968 3856 sfloppy - ok
12:45:01.0037 3856 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:45:01.0043 3856 SharedAccess - ok
12:45:01.0064 3856 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:45:01.0072 3856 ShellHWDetection - ok
12:45:01.0116 3856 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:45:01.0119 3856 sisagp - ok
12:45:01.0159 3856 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:01.0161 3856 SiSRaid2 - ok
12:45:01.0195 3856 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:01.0197 3856 SiSRaid4 - ok
12:45:01.0234 3856 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:45:01.0236 3856 Smb - ok
12:45:01.0285 3856 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:45:01.0290 3856 SNMPTRAP - ok
12:45:01.0309 3856 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:45:01.0310 3856 spldr - ok
12:45:01.0338 3856 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
12:45:01.0345 3856 Spooler - ok
12:45:01.0511 3856 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:45:01.0534 3856 sppsvc - ok
12:45:01.0577 3856 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:45:01.0580 3856 sppuinotify - ok
12:45:01.0627 3856 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:45:01.0633 3856 srv - ok
12:45:01.0657 3856 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:45:01.0660 3856 srv2 - ok
12:45:01.0684 3856 [ e00fdfaff025e94f9821153750c35a6d ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:45:01.0687 3856 SrvHsfHDA - ok
12:45:01.0731 3856 [ ceb4e3b6890e1e42dca6694d9e59e1a0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:45:01.0739 3856 SrvHsfV92 - ok
12:45:01.0772 3856 [ bc0c7ea89194c299f051c24119000e17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:45:01.0776 3856 SrvHsfWinac - ok
12:45:01.0825 3856 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:45:01.0826 3856 srvnet - ok
12:45:01.0862 3856 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:45:01.0869 3856 SSDPSRV - ok
12:45:01.0892 3856 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:45:01.0896 3856 SstpSvc - ok
12:45:01.0924 3856 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:45:01.0925 3856 stexstor - ok
12:45:01.0980 3856 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:45:01.0987 3856 StiSvc - ok
12:45:02.0040 3856 [ e476c66713c842f58e61a95826ed1d57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:45:02.0041 3856 stllssvr - ok
12:45:02.0062 3856 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:45:02.0063 3856 storflt - ok
12:45:02.0100 3856 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:45:02.0101 3856 storvsc - ok
12:45:02.0134 3856 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:45:02.0135 3856 swenum - ok
12:45:02.0175 3856 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
12:45:02.0183 3856 swprv - ok
12:45:02.0200 3856 Synth3dVsc - ok
12:45:02.0283 3856 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
12:45:02.0300 3856 SysMain - ok
12:45:02.0342 3856 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:45:02.0345 3856 TabletInputService - ok
12:45:02.0401 3856 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
12:45:02.0408 3856 TapiSrv - ok
12:45:02.0439 3856 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
12:45:02.0444 3856 TBS - ok
12:45:02.0530 3856 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:45:02.0543 3856 Tcpip - ok
12:45:02.0586 3856 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:45:02.0595 3856 TCPIP6 - ok
12:45:02.0634 3856 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:45:02.0635 3856 tcpipreg - ok
12:45:02.0676 3856 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:45:02.0677 3856 TDPIPE - ok
12:45:02.0719 3856 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:45:02.0720 3856 TDTCP - ok
12:45:02.0756 3856 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:45:02.0758 3856 tdx - ok
12:45:02.0796 3856 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:45:02.0797 3856 TermDD - ok
12:45:02.0865 3856 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
12:45:02.0879 3856 TermService - ok
12:45:02.0910 3856 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
12:45:02.0913 3856 Themes - ok
12:45:02.0927 3856 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
12:45:02.0929 3856 THREADORDER - ok
12:45:02.0945 3856 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
12:45:02.0948 3856 TrkWks - ok
12:45:03.0006 3856 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:45:03.0009 3856 TrustedInstaller - ok
12:45:03.0059 3856 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:03.0061 3856 tssecsrv - ok
12:45:03.0119 3856 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:45:03.0122 3856 TsUsbFlt - ok
12:45:03.0130 3856 tsusbhub - ok
12:45:03.0200 3856 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:45:03.0202 3856 tunnel - ok
12:45:03.0237 3856 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:45:03.0239 3856 uagp35 - ok
12:45:03.0265 3856 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:45:03.0269 3856 udfs - ok
12:45:03.0306 3856 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:45:03.0311 3856 UI0Detect - ok
12:45:03.0334 3856 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:45:03.0336 3856 uliagpkx - ok
12:45:03.0385 3856 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:45:03.0387 3856 umbus - ok
12:45:03.0402 3856 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:45:03.0403 3856 UmPass - ok
12:45:03.0458 3856 [ 409994a8eaceee4e328749c0353527a0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:45:03.0468 3856 UmRdpService - ok
12:45:03.0495 3856 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
12:45:03.0500 3856 upnphost - ok
12:45:03.0545 3856 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:45:03.0546 3856 USBAAPL - ok
12:45:03.0586 3856 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:03.0588 3856 usbccgp - ok
12:45:03.0601 3856 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:45:03.0603 3856 usbcir - ok
12:45:03.0619 3856 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:45:03.0621 3856 usbehci - ok
12:45:03.0657 3856 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:45:03.0661 3856 usbhub - ok
12:45:03.0673 3856 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:45:03.0674 3856 usbohci - ok
12:45:03.0702 3856 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:45:03.0703 3856 usbprint - ok
12:45:03.0717 3856 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:03.0719 3856 USBSTOR - ok
12:45:03.0737 3856 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:03.0738 3856 usbuhci - ok
12:45:03.0770 3856 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
12:45:03.0773 3856 UxSms - ok
12:45:03.0786 3856 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
12:45:03.0788 3856 VaultSvc - ok
12:45:03.0818 3856 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:45:03.0819 3856 vdrvroot - ok
12:45:03.0876 3856 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
12:45:03.0881 3856 vds - ok
12:45:03.0916 3856 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:03.0917 3856 vga - ok
12:45:03.0944 3856 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:45:03.0945 3856 VgaSave - ok
12:45:03.0959 3856 VGPU - ok
12:45:04.0004 3856 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:45:04.0008 3856 vhdmp - ok
12:45:04.0038 3856 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:45:04.0040 3856 viaagp - ok
12:45:04.0068 3856 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:45:04.0070 3856 ViaC7 - ok
12:45:04.0123 3856 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
12:45:04.0126 3856 viaide - ok
12:45:04.0153 3856 [ c2f2911156fdc7817c52829c86da494e ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:45:04.0156 3856 vmbus - ok
12:45:04.0172 3856 [ d4d77455211e204f370d08f4963063ce ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:45:04.0173 3856 VMBusHID - ok
12:45:04.0190 3856 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:45:04.0192 3856 volmgr - ok
12:45:04.0239 3856 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:45:04.0245 3856 volmgrx - ok
12:45:04.0271 3856 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:45:04.0274 3856 volsnap - ok
12:45:04.0338 3856 [ 3730b7b03e2fd363d63e9327e0e1ebea ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:45:04.0347 3856 vpnagent - ok
12:45:04.0400 3856 [ 1b7c80c66742dafaa31f98af4c3a5bc2 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
12:45:04.0402 3856 vpnva - ok
12:45:04.0450 3856 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:04.0452 3856 vsmraid - ok
12:45:04.0539 3856 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
12:45:04.0556 3856 VSS - ok
12:45:04.0574 3856 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:45:04.0574 3856 vwifibus - ok
12:45:04.0614 3856 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
12:45:04.0619 3856 W32Time - ok
12:45:04.0643 3856 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:45:04.0644 3856 WacomPen - ok
12:45:04.0676 3856 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:45:04.0679 3856 WANARP - ok
12:45:04.0687 3856 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:45:04.0689 3856 Wanarpv6 - ok
12:45:04.0825 3856 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:04.0841 3856 WatAdminSvc - ok
12:45:04.0896 3856 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
12:45:04.0906 3856 wbengine - ok
12:45:04.0950 3856 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:45:04.0954 3856 WbioSrvc - ok
12:45:05.0010 3856 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:45:05.0019 3856 wcncsvc - ok
12:45:05.0035 3856 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:45:05.0040 3856 WcsPlugInService - ok
12:45:05.0068 3856 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:45:05.0069 3856 Wd - ok
12:45:05.0096 3856 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:45:05.0100 3856 Wdf01000 - ok
12:45:05.0114 3856 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:45:05.0118 3856 WdiServiceHost - ok
12:45:05.0122 3856 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:45:05.0126 3856 WdiSystemHost - ok
12:45:05.0178 3856 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
12:45:05.0188 3856 WebClient - ok
12:45:05.0222 3856 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:45:05.0227 3856 Wecsvc - ok
12:45:05.0236 3856 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:45:05.0240 3856 wercplsupport - ok
12:45:05.0262 3856 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:45:05.0266 3856 WerSvc - ok
12:45:05.0305 3856 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:05.0307 3856 WfpLwf - ok
12:45:05.0320 3856 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:45:05.0321 3856 WIMMount - ok
12:45:05.0405 3856 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:45:05.0413 3856 WinDefend - ok
12:45:05.0422 3856 WinHttpAutoProxySvc - ok
12:45:05.0489 3856 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:45:05.0494 3856 Winmgmt - ok
12:45:05.0583 3856 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
12:45:05.0601 3856 WinRM - ok
12:45:05.0662 3856 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:05.0665 3856 WinUsb - ok
12:45:05.0720 3856 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:45:05.0738 3856 Wlansvc - ok
12:45:05.0750 3856 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:45:05.0751 3856 WmiAcpi - ok
12:45:05.0786 3856 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:45:05.0788 3856 wmiApSrv - ok
12:45:05.0892 3856 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:45:05.0903 3856 WMPNetworkSvc - ok
12:45:05.0931 3856 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:45:05.0934 3856 WPCSvc - ok
12:45:05.0971 3856 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:45:05.0975 3856 WPDBusEnum - ok
12:45:05.0999 3856 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:45:06.0000 3856 ws2ifsl - ok
12:45:06.0041 3856 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:45:06.0050 3856 wscsvc - ok
12:45:06.0060 3856 WSearch - ok
12:45:06.0197 3856 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
12:45:06.0224 3856 wuauserv - ok
12:45:06.0242 3856 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:45:06.0243 3856 WudfPf - ok
12:45:06.0294 3856 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:06.0297 3856 WUDFRd - ok
12:45:06.0341 3856 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:45:06.0350 3856 wudfsvc - ok
12:45:06.0387 3856 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:45:06.0394 3856 WwanSvc - ok
12:45:06.0425 3856 ================ Scan global ===============================
12:45:06.0472 3856 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
12:45:06.0517 3856 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
12:45:06.0529 3856 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
12:45:06.0559 3856 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
12:45:06.0615 3856 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
12:45:06.0625 3856 [Global] - ok
12:45:06.0626 3856 ================ Scan MBR ==================================
12:45:06.0639 3856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:45:07.0077 3856 \Device\Harddisk0\DR0 - ok
12:45:07.0078 3856 ================ Scan VBR ==================================
12:45:07.0082 3856 Boot (0x1200) (65c4248ba94e9ffc6fe85f259312dd53) \Device\Harddisk0\DR0\Partition1
12:45:07.0085 3856 \Device\Harddisk0\DR0\Partition1 - ok
12:45:07.0097 3856 Boot (0x1200) (d16320be6b35a4b4d94305990b638062) \Device\Harddisk0\DR0\Partition2
12:45:07.0100 3856 \Device\Harddisk0\DR0\Partition2 - ok
12:45:07.0101 3856 ============================================================
12:45:07.0101 3856 Scan finished
12:45:07.0101 3856 ============================================================
12:45:07.0115 2868 Detected object count: 0
12:45:07.0115 2868 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 15 August 2012 - 12:58 PM

Greetings

it was removed

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

File::
c:\program files\Common Files\AutoCompletePro.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Tranceknight

Tranceknight
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 August 2012 - 02:09 PM

Done. The computer seems to be running fine at the moment. You, sir, make the world a better place.

Here's the most recent log.

ComboFix 12-08-14.05 - Administrator 08/15/2012 13:56:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2135 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\AutoCompletePro.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AutoCompletePro.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 19:00 . 2012-08-15 19:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-15 19:00 . 2012-08-15 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 19:59 . 2012-08-10 20:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2012-08-10 15:13 . 2012-08-10 15:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 14:36 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF837F0-9766-417C-9E9C-984801B64114}\mpengine.dll
2012-08-08 14:56 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-29 21:01 . 2012-07-29 21:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:48 . 2012-06-27 06:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 15:48 . 2012-01-15 02:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 19:11 . 2012-06-14 19:11 435 ----a-w- c:\program files\0614201214110087.bat
2012-06-12 02:40 . 2012-07-12 17:41 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 17:24 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 17:24 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 17:24 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-25 15:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 15:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 15:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 15:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 15:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 15:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 15:50 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-25 15:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-25 15:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 17:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 17:45 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 17:45 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 17:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 17:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 17:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 17:24 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 17:24 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 17:24 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 17:24 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-29 21:01 . 2012-06-24 21:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 07126878
*NewlyCreated* - 45613169
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 07126878
*Deregistered* - 45613169
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 15:48]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-10 03:43]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-10 03:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ea7xubtl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,ca,
07,9a,be,e4,0f,ba,9e,ba,17,8d,69,f9,db
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,90,
6d,f2,66,45,00,a8,f1,4b,fc,1c,7f,e7,66
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e6,
ab,16,58,3e,04,a5,2a,02,f3,01,c9,46,e7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dd,
c4,72,f2,3c,0e,a3,7c,dc,65,c0,82,cc,b1
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
35,c1,0d,02,0b,b7,ab,8f,e9,66,69,06,89
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:0c,5e,05,9c,42,d3,cc,01
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,56,cb,bd,06,7f,79,4c,91,ed,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,56,cb,bd,06,7f,79,4c,91,ed,7a,\
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2760580332-141408871-1719703288-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 14:01:56
ComboFix-quarantined-files.txt 2012-08-15 19:01
ComboFix2.txt 2012-08-15 15:29
.
Pre-Run: 43,632,615,424 bytes free
Post-Run: 43,487,924,224 bytes free
.
- - End Of File - - DDC8D5561B6D11C0551D77DCB685F6DD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users