Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zefarch, Malware-gen infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 zefarch

zefarch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 18 October 2012 - 02:14 PM

Hello,

I've already read some posts about Zefarch trojan. I'll try to explain you my troubles:
My sister's laptop was infected by a virus which prompted out a message like "Critical hard disk drive error". At that time we tried to solve it, but it didn't work. We couldn't see any folder, but files were there. In safe mode, we copy those important files for us, such as photos, ...

We run Spyware doctor and it found a trojan called Zefarch. Moved to vault. Run it again and none other virus found. But on rebooting the computer, many applications crash, no internet connection.

After that, we run Avast antivirus free edition, it found a dangerous Win32: Malware-gen, moved to vault too. On rebooting, a new Avast scan found a Rootkit called Win32: Aleuron-PS, but the same troubles.

Finally, and desperately, we download and run ComboFix (sorry, we couldn't wait any more) and here is the log.
Would you mind help us? Thanks in advance.
.............................................................................................................................................


ComboFix 12-10-16.02 - anabel 17/10/2012 20:47:25.1.2 - x86 NETWORK
Running from: c:\users\anabel\Desktop\ANTIVIRUS2012\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\43376392
c:\users\anabel\AppData\Roaming\Adobe\plugs
c:\users\anabel\AppData\Roaming\Adobe\shed
c:\users\anabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\windows\system32\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 18:58 . 2012-10-17 18:58 -------- d-----w- c:\users\anabel\AppData\Local\temp
2012-10-17 18:58 . 2012-10-17 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 10:42 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-17 10:42 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-17 10:42 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-17 10:42 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-17 10:42 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-17 10:42 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-17 10:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-17 10:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-17 10:41 . 2012-10-17 10:41 -------- d-----w- c:\programdata\AVAST Software
2012-10-17 10:41 . 2012-10-17 10:41 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 17:13 . 2011-05-06 17:56 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-12 17:13 . 2011-05-06 17:56 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-14 16:43 . 2011-05-06 18:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-03-31 20:47 . 2009-01-20 21:31 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-11-18 11:53 . 2009-01-21 17:42 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-02-28 1883672]
"{54e47652-e296-4b68-bac1-bb725f97141f}"= "c:\program files\Peque_Juegos\tbPeq1.dll" [2010-02-01 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
.
[HKEY_CLASSES_ROOT\clsid\{54e47652-e296-4b68-bac1-bb725f97141f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54e47652-e296-4b68-bac1-bb725f97141f}]
2010-02-01 13:49 2166296 ----a-w- c:\program files\Peque_Juegos\tbPeq1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2009-02-28 09:10 1883672 ----a-w- c:\program files\Softonic_ES\tbSof1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-02-28 1883672]
"{54e47652-e296-4b68-bac1-bb725f97141f}"= "c:\program files\Peque_Juegos\tbPeq1.dll" [2010-02-01 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
.
[HKEY_CLASSES_ROOT\clsid\{54e47652-e296-4b68-bac1-bb725f97141f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-02-28 1883672]
"{54E47652-E296-4B68-BAC1-BB725F97141F}"= "c:\program files\Peque_Juegos\tbPeq1.dll" [2010-02-01 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
.
[HKEY_CLASSES_ROOT\clsid\{54e47652-e296-4b68-bac1-bb725f97141f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\anabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-06-08 14:52 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Escritorio movistar]
2007-12-18 14:38 3159920 ----a-w- c:\program files\Movistar\Escritorio movistar\EMMSN.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-17 09:12]
.
2012-10-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-06 18:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://www.pucuy.com/
IE: &AOL Toolbar Buscar - c:\programdata\AOL\ieToolbar\resources\es-ES\local\search.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.42.63.52 62.42.230.24
FF - ProfilePath - c:\users\anabel\AppData\Roaming\Mozilla\Firefox\Profiles\rl1j3pli.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/
FF - ExtSQL: !HIDDEN! 2009-09-18 19:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-17 20:58
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-17 21:00:06
ComboFix-quarantined-files.txt 2012-10-17 19:00
.
Pre-Run: 120.655.466.496 bytes libres
Post-Run: 122.014.593.024 bytes libres
.
- - End Of File - - 46292DEBA62AE40750004A4F72EA832A
............................................................................................................................................

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 18 October 2012 - 09:32 PM

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 19 October 2012 - 05:38 AM

Thank you very much for your help.

I've done what you told me and this is the log:

...................................................................................................................................


12:26:46.0811 1688 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:26:46.0857 1688 ============================================================
12:26:46.0857 1688 Current date / time: 2012/10/19 12:26:46.0857
12:26:46.0857 1688 SystemInfo:
12:26:46.0857 1688
12:26:46.0857 1688 OS Version: 6.0.6001 ServicePack: 1.0
12:26:46.0857 1688 Product type: Workstation
12:26:46.0857 1688 ComputerName: ZAZA
12:26:46.0857 1688 UserName: anabel
12:26:46.0857 1688 Windows directory: C:\Windows
12:26:46.0857 1688 System windows directory: C:\Windows
12:26:46.0857 1688 Processor architecture: Intel x86
12:26:46.0857 1688 Number of processors: 2
12:26:46.0857 1688 Page size: 0x1000
12:26:46.0857 1688 Boot type: Safe boot
12:26:46.0857 1688 ============================================================
12:26:48.0651 1688 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:26:48.0651 1688 ============================================================
12:26:48.0651 1688 \Device\Harddisk0\DR0:
12:26:48.0667 1688 MBR partitions:
12:26:48.0667 1688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C100FC1
12:26:48.0667 1688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C101000, BlocksNum 0x10C3000
12:26:48.0667 1688 ============================================================
12:26:48.0667 1688 C: <-> \Device\Harddisk0\DR0\Partition1
12:26:48.0714 1688 D: <-> \Device\Harddisk0\DR0\Partition2
12:26:48.0714 1688 ============================================================
12:26:48.0714 1688 Initialize success
12:26:48.0714 1688 ============================================================
12:27:32.0347 1724 ============================================================
12:27:32.0347 1724 Scan started
12:27:32.0347 1724 Mode: Manual; TDLFS;
12:27:32.0347 1724 ============================================================
12:27:33.0501 1724 ================ Scan system memory ========================
12:27:33.0501 1724 System memory - ok
12:27:33.0501 1724 ================ Scan services =============================
12:27:33.0720 1724 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
12:27:33.0720 1724 ACPI - ok
12:27:33.0751 1724 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:27:33.0751 1724 adp94xx - ok
12:27:33.0782 1724 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:27:33.0782 1724 adpahci - ok
12:27:33.0798 1724 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:27:33.0813 1724 adpu160m - ok
12:27:33.0813 1724 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:27:33.0813 1724 adpu320 - ok
12:27:33.0845 1724 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:27:33.0845 1724 AeLookupSvc - ok
12:27:33.0876 1724 [ 763E172A55177E478CB419F88FD0BA03 ] AFD C:\Windows\system32\drivers\afd.sys
12:27:33.0876 1724 AFD - ok
12:27:33.0923 1724 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:27:33.0923 1724 agp440 - ok
12:27:33.0923 1724 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:27:33.0938 1724 aic78xx - ok
12:27:33.0954 1724 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:27:33.0954 1724 ALG - ok
12:27:33.0954 1724 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:27:33.0954 1724 aliide - ok
12:27:33.0969 1724 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:27:33.0969 1724 amdagp - ok
12:27:33.0985 1724 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:27:33.0985 1724 amdide - ok
12:27:33.0985 1724 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:27:34.0001 1724 AmdK7 - ok
12:27:34.0016 1724 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:27:34.0016 1724 AmdK8 - ok
12:27:34.0188 1724 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:27:34.0203 1724 AntiVirSchedulerService - ok
12:27:34.0250 1724 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:27:34.0250 1724 AntiVirService - ok
12:27:34.0281 1724 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:27:34.0281 1724 Appinfo - ok
12:27:34.0328 1724 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:27:34.0328 1724 arc - ok
12:27:34.0328 1724 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:27:34.0344 1724 arcsas - ok
12:27:34.0391 1724 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:27:34.0391 1724 aswFsBlk - ok
12:27:34.0437 1724 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:27:34.0437 1724 aswMonFlt - ok
12:27:34.0453 1724 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
12:27:34.0453 1724 AswRdr - ok
12:27:34.0500 1724 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:27:34.0515 1724 aswSnx - ok
12:27:34.0547 1724 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:27:34.0562 1724 aswSP - ok
12:27:34.0578 1724 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:27:34.0578 1724 aswTdi - ok
12:27:34.0593 1724 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:27:34.0593 1724 AsyncMac - ok
12:27:34.0609 1724 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
12:27:34.0625 1724 atapi - ok
12:27:34.0671 1724 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
12:27:34.0703 1724 athr - ok
12:27:34.0734 1724 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:27:34.0734 1724 AudioEndpointBuilder - ok
12:27:34.0749 1724 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:27:34.0749 1724 Audiosrv - ok
12:27:34.0796 1724 [ 2843669C89A00950195F51DBB5DB0B8E ] Automatic LiveUpdate Scheduler c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
12:27:34.0812 1724 Automatic LiveUpdate Scheduler - ok
12:27:34.0890 1724 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:27:34.0890 1724 avast! Antivirus - ok
12:27:34.0968 1724 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:27:34.0968 1724 avgntflt - ok
12:27:35.0030 1724 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:27:35.0030 1724 avipbb - ok
12:27:35.0093 1724 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
12:27:35.0093 1724 BCM43XV - ok
12:27:35.0108 1724 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:27:35.0108 1724 Beep - ok
12:27:35.0139 1724 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
12:27:35.0155 1724 BFE - ok
12:27:35.0217 1724 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
12:27:35.0311 1724 BITS - ok
12:27:35.0311 1724 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:27:35.0311 1724 blbdrive - ok
12:27:35.0358 1724 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:27:35.0358 1724 bowser - ok
12:27:35.0373 1724 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:27:35.0373 1724 BrFiltLo - ok
12:27:35.0389 1724 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:27:35.0389 1724 BrFiltUp - ok
12:27:35.0420 1724 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:27:35.0420 1724 Browser - ok
12:27:35.0436 1724 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:27:35.0436 1724 Brserid - ok
12:27:35.0467 1724 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:27:35.0467 1724 BrSerWdm - ok
12:27:35.0483 1724 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:27:35.0483 1724 BrUsbMdm - ok
12:27:35.0514 1724 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:27:35.0514 1724 BrUsbSer - ok
12:27:35.0545 1724 [ CCE53AFC28347CC18EA139972E5B5E5A ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:27:35.0545 1724 BthEnum - ok
12:27:35.0592 1724 [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:27:35.0592 1724 BTHMODEM - ok
12:27:35.0623 1724 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:27:35.0623 1724 BthPan - ok
12:27:35.0685 1724 [ AC8A1689D5EFC4D214201155A78D8F4B ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:27:35.0685 1724 BTHPORT - ok
12:27:35.0732 1724 [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ C:\Windows\System32\bthserv.dll
12:27:35.0748 1724 BthServ - ok
12:27:35.0763 1724 [ 288C1F74E3E2EED6C7B54EB3AAC70856 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:27:35.0779 1724 BTHUSB - ok
12:27:35.0841 1724 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:27:35.0841 1724 btwaudio - ok
12:27:35.0857 1724 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
12:27:35.0873 1724 btwavdt - ok
12:27:35.0888 1724 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:27:35.0888 1724 btwrchid - ok
12:27:35.0951 1724 catchme - ok
12:27:35.0997 1724 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccEvtMgr c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:27:36.0013 1724 ccEvtMgr - ok
12:27:36.0013 1724 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccSetMgr c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:27:36.0013 1724 ccSetMgr - ok
12:27:36.0044 1724 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:27:36.0044 1724 cdfs - ok
12:27:36.0060 1724 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:27:36.0060 1724 cdrom - ok
12:27:36.0075 1724 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
12:27:36.0075 1724 CertPropSvc - ok
12:27:36.0107 1724 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
12:27:36.0107 1724 circlass - ok
12:27:36.0153 1724 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
12:27:36.0169 1724 CLFS - ok
12:27:36.0247 1724 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:36.0247 1724 clr_optimization_v2.0.50727_32 - ok
12:27:36.0278 1724 [ 2F237AAB91497AAA03AF48EAE68758FC ] CLTNetCnService c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:27:36.0278 1724 CLTNetCnService - ok
12:27:36.0294 1724 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:27:36.0294 1724 CmBatt - ok
12:27:36.0309 1724 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:27:36.0309 1724 cmdide - ok
12:27:36.0356 1724 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
12:27:36.0356 1724 CnxtHdAudService - ok
12:27:36.0419 1724 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:27:36.0419 1724 Com4QLBEx - ok
12:27:36.0481 1724 [ 75A69CA9998577F8B2BE8695040E5DF4 ] comHost c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
12:27:36.0497 1724 comHost - ok
12:27:36.0512 1724 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:27:36.0512 1724 Compbatt - ok
12:27:36.0512 1724 COMSysApp - ok
12:27:36.0559 1724 [ 73F5D6835BFA66019C03E316D99649DA ] CO_Mon C:\Windows\system32\drivers\CO_Mon.sys
12:27:36.0559 1724 CO_Mon - ok
12:27:36.0575 1724 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:27:36.0575 1724 crcdisk - ok
12:27:36.0590 1724 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:27:36.0590 1724 Crusoe - ok
12:27:36.0637 1724 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:27:36.0637 1724 CryptSvc - ok
12:27:36.0715 1724 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:27:36.0731 1724 DcomLaunch - ok
12:27:36.0731 1724 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:27:36.0731 1724 DfsC - ok
12:27:36.0809 1724 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
12:27:36.0855 1724 DFSR - ok
12:27:36.0887 1724 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:27:36.0887 1724 Dhcp - ok
12:27:36.0902 1724 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
12:27:36.0918 1724 disk - ok
12:27:36.0949 1724 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:27:36.0949 1724 Dnscache - ok
12:27:36.0965 1724 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
12:27:36.0965 1724 dot3svc - ok
12:27:36.0980 1724 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:27:36.0980 1724 DPS - ok
12:27:36.0996 1724 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:27:36.0996 1724 drmkaud - ok
12:27:37.0074 1724 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:27:37.0089 1724 DXGKrnl - ok
12:27:37.0105 1724 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:27:37.0105 1724 E1G60 - ok
12:27:37.0136 1724 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:27:37.0136 1724 EapHost - ok
12:27:37.0152 1724 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:27:37.0152 1724 Ecache - ok
12:27:37.0183 1724 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:27:37.0183 1724 elxstor - ok
12:27:37.0245 1724 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:27:37.0261 1724 EMDMgmt - ok
12:27:37.0277 1724 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:27:37.0277 1724 ErrDev - ok
12:27:37.0355 1724 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
12:27:37.0370 1724 EventSystem - ok
12:27:37.0386 1724 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
12:27:37.0386 1724 exfat - ok
12:27:37.0417 1724 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
12:27:37.0417 1724 ezSharedSvc - ok
12:27:37.0433 1724 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:27:37.0433 1724 fastfat - ok
12:27:37.0464 1724 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:27:37.0464 1724 fdc - ok
12:27:37.0495 1724 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:27:37.0495 1724 fdPHost - ok
12:27:37.0511 1724 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:27:37.0511 1724 FDResPub - ok
12:27:37.0511 1724 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:27:37.0526 1724 FileInfo - ok
12:27:37.0542 1724 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:27:37.0542 1724 Filetrace - ok
12:27:37.0557 1724 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:27:37.0557 1724 flpydisk - ok
12:27:37.0589 1724 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:27:37.0589 1724 FltMgr - ok
12:27:37.0667 1724 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:27:37.0667 1724 FontCache3.0.0.0 - ok
12:27:37.0698 1724 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:27:37.0698 1724 fssfltr - ok
12:27:37.0823 1724 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:27:37.0838 1724 fsssvc - ok
12:27:37.0869 1724 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:27:37.0869 1724 Fs_Rec - ok
12:27:37.0901 1724 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:27:37.0901 1724 gagp30kx - ok
12:27:37.0947 1724 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
12:27:37.0963 1724 GameConsoleService - ok
12:27:38.0025 1724 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
12:27:38.0041 1724 gpsvc - ok
12:27:38.0088 1724 [ 156D0E674372EA396FD2760AB54C362F ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:27:38.0103 1724 gusvc - ok
12:27:38.0119 1724 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:27:38.0135 1724 HdAudAddService - ok
12:27:38.0150 1724 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:27:38.0150 1724 HDAudBus - ok
12:27:38.0166 1724 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:27:38.0166 1724 HidBth - ok
12:27:38.0181 1724 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:27:38.0181 1724 HidIr - ok
12:27:38.0228 1724 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
12:27:38.0244 1724 hidserv - ok
12:27:38.0275 1724 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:27:38.0275 1724 HidUsb - ok
12:27:38.0291 1724 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:27:38.0291 1724 hkmsvc - ok
12:27:38.0337 1724 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:27:38.0337 1724 HP Health Check Service - ok
12:27:38.0353 1724 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:27:38.0369 1724 HpCISSs - ok
12:27:38.0384 1724 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:27:38.0384 1724 HpqKbFiltr - ok
12:27:38.0400 1724 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:27:38.0400 1724 hpqwmiex - ok
12:27:38.0431 1724 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:27:38.0431 1724 HSFHWAZL - ok
12:27:38.0493 1724 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:27:38.0525 1724 HSF_DPV - ok
12:27:38.0556 1724 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:27:38.0571 1724 HSXHWAZL - ok
12:27:38.0618 1724 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:27:38.0634 1724 HTTP - ok
12:27:38.0649 1724 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:27:38.0649 1724 i2omp - ok
12:27:38.0665 1724 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:27:38.0681 1724 i8042prt - ok
12:27:38.0696 1724 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:27:38.0712 1724 iaStorV - ok
12:27:38.0759 1724 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:27:38.0759 1724 IDriverT - ok
12:27:38.0852 1724 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:27:38.0883 1724 idsvc - ok
12:27:39.0055 1724 [ CE5D5AABA62949B9BFA44D0EAF2D93E5 ] IDSvix86 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090217.004\IDSvix86.sys
12:27:39.0071 1724 IDSvix86 - ok
12:27:39.0320 1724 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:27:39.0539 1724 igfx - ok
12:27:39.0570 1724 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:27:39.0570 1724 iirsp - ok
12:27:39.0617 1724 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
12:27:39.0632 1724 IKEEXT - ok
12:27:39.0710 1724 [ AB8B0206BCDFF0ED03CEC500FA03A32A ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:27:39.0710 1724 IntcHdmiAddService - ok
12:27:39.0741 1724 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:27:39.0741 1724 intelide - ok
12:27:39.0757 1724 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:27:39.0757 1724 intelppm - ok
12:27:39.0788 1724 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:27:39.0788 1724 IPBusEnum - ok
12:27:39.0835 1724 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:27:39.0835 1724 iphlpsvc - ok
12:27:39.0835 1724 IpInIp - ok
12:27:39.0866 1724 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:27:39.0866 1724 IPMIDRV - ok
12:27:39.0882 1724 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:27:39.0882 1724 IPNAT - ok
12:27:39.0913 1724 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:27:39.0913 1724 IRENUM - ok
12:27:39.0944 1724 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:27:39.0944 1724 isapnp - ok
12:27:39.0975 1724 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:27:39.0975 1724 iScsiPrt - ok
12:27:39.0975 1724 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:27:39.0991 1724 iteatapi - ok
12:27:39.0991 1724 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:27:39.0991 1724 iteraid - ok
12:27:40.0007 1724 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:27:40.0007 1724 kbdclass - ok
12:27:40.0022 1724 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:27:40.0022 1724 kbdhid - ok
12:27:40.0069 1724 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
12:27:40.0069 1724 KeyIso - ok
12:27:40.0085 1724 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:27:40.0100 1724 KSecDD - ok
12:27:40.0147 1724 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:27:40.0163 1724 KtmRm - ok
12:27:40.0194 1724 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:27:40.0209 1724 LanmanServer - ok
12:27:40.0256 1724 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:27:40.0256 1724 LanmanWorkstation - ok
12:27:40.0303 1724 [ 984ECB68ED2A2B2E6A544E87E24FBA2D ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:27:40.0303 1724 LightScribeService - ok
12:27:40.0412 1724 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
12:27:40.0506 1724 LiveUpdate - ok
12:27:40.0537 1724 [ 2F237AAB91497AAA03AF48EAE68758FC ] LiveUpdate Notice c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:27:40.0537 1724 LiveUpdate Notice - ok
12:27:40.0553 1724 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:27:40.0553 1724 lltdio - ok
12:27:40.0584 1724 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:27:40.0584 1724 lltdsvc - ok
12:27:40.0615 1724 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:27:40.0615 1724 lmhosts - ok
12:27:40.0646 1724 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:27:40.0646 1724 LSI_FC - ok
12:27:40.0662 1724 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:27:40.0677 1724 LSI_SAS - ok
12:27:40.0693 1724 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:27:40.0693 1724 LSI_SCSI - ok
12:27:40.0709 1724 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:27:40.0709 1724 luafv - ok
12:27:40.0724 1724 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:27:40.0724 1724 mdmxsdk - ok
12:27:40.0755 1724 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:27:40.0755 1724 megasas - ok
12:27:40.0787 1724 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:27:40.0802 1724 MegaSR - ok
12:27:40.0818 1724 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:27:40.0833 1724 MMCSS - ok
12:27:40.0849 1724 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:27:40.0849 1724 Modem - ok
12:27:40.0865 1724 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:27:40.0865 1724 monitor - ok
12:27:40.0911 1724 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:27:40.0911 1724 mouclass - ok
12:27:40.0927 1724 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:27:40.0927 1724 mouhid - ok
12:27:40.0927 1724 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:27:40.0927 1724 MountMgr - ok
12:27:40.0943 1724 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:27:40.0943 1724 mpio - ok
12:27:40.0974 1724 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:27:40.0974 1724 mpsdrv - ok
12:27:41.0005 1724 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
12:27:41.0005 1724 MpsSvc - ok
12:27:41.0021 1724 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:27:41.0021 1724 Mraid35x - ok
12:27:41.0036 1724 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:27:41.0036 1724 MRxDAV - ok
12:27:41.0067 1724 [ CC752D233EF39875CA6885D9415BA869 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:27:41.0067 1724 mrxsmb - ok
12:27:41.0114 1724 [ 9049DDDD4BD27D43D82F5968F1DA76E4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:27:41.0130 1724 mrxsmb10 - ok
12:27:41.0130 1724 [ 91DC069B6831EF564E7D8C97EAF0343E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:27:41.0130 1724 mrxsmb20 - ok
12:27:41.0161 1724 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
12:27:41.0161 1724 msahci - ok
12:27:41.0177 1724 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:27:41.0177 1724 msdsm - ok
12:27:41.0192 1724 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:27:41.0208 1724 MSDTC - ok
12:27:41.0223 1724 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:27:41.0223 1724 Msfs - ok
12:27:41.0239 1724 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:27:41.0239 1724 msisadrv - ok
12:27:41.0270 1724 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:27:41.0270 1724 MSiSCSI - ok
12:27:41.0286 1724 msiserver - ok
12:27:41.0301 1724 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:27:41.0301 1724 MSKSSRV - ok
12:27:41.0317 1724 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:27:41.0317 1724 MSPCLOCK - ok
12:27:41.0333 1724 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:27:41.0333 1724 MSPQM - ok
12:27:41.0364 1724 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:27:41.0364 1724 MsRPC - ok
12:27:41.0395 1724 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:27:41.0395 1724 mssmbios - ok
12:27:41.0411 1724 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:27:41.0411 1724 MSTEE - ok
12:27:41.0426 1724 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
12:27:41.0442 1724 Mup - ok
12:27:41.0473 1724 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
12:27:41.0473 1724 napagent - ok
12:27:41.0535 1724 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:27:41.0535 1724 NativeWifiP - ok
12:27:41.0567 1724 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:27:41.0582 1724 NDIS - ok
12:27:41.0598 1724 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:27:41.0598 1724 NdisTapi - ok
12:27:41.0613 1724 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:27:41.0613 1724 Ndisuio - ok
12:27:41.0629 1724 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:27:41.0629 1724 NdisWan - ok
12:27:41.0645 1724 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:27:41.0645 1724 NDProxy - ok
12:27:41.0660 1724 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:27:41.0660 1724 NetBIOS - ok
12:27:41.0691 1724 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:27:41.0691 1724 netbt - ok
12:27:41.0707 1724 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
12:27:41.0707 1724 Netlogon - ok
12:27:41.0738 1724 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:27:41.0754 1724 Netman - ok
12:27:41.0785 1724 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:27:41.0801 1724 netprofm - ok
12:27:41.0832 1724 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:27:41.0832 1724 NetTcpPortSharing - ok
12:27:41.0863 1724 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:27:41.0863 1724 nfrd960 - ok
12:27:41.0894 1724 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:27:41.0894 1724 NlaSvc - ok
12:27:41.0910 1724 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:27:41.0910 1724 Npfs - ok
12:27:41.0925 1724 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:27:41.0925 1724 nsi - ok
12:27:41.0941 1724 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:27:41.0941 1724 nsiproxy - ok
12:27:41.0988 1724 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:27:42.0019 1724 Ntfs - ok
12:27:42.0050 1724 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:27:42.0050 1724 ntrigdigi - ok
12:27:42.0050 1724 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:27:42.0066 1724 Null - ok
12:27:42.0081 1724 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
12:27:42.0097 1724 NVENETFD - ok
12:27:42.0113 1724 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:27:42.0128 1724 nvraid - ok
12:27:42.0144 1724 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:27:42.0144 1724 nvstor - ok
12:27:42.0159 1724 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:27:42.0175 1724 nv_agp - ok
12:27:42.0222 1724 [ 00B1027580E2A23D331F3EFF05AFDF22 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
12:27:42.0222 1724 NWADI - ok
12:27:42.0222 1724 NwlnkFlt - ok
12:27:42.0237 1724 NwlnkFwd - ok
12:27:42.0237 1724 [ AF5DAA1C78B5A540F4FABD73B458D8E8 ] NWUSBCDFIL C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
12:27:42.0237 1724 NWUSBCDFIL - ok
12:27:42.0269 1724 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
12:27:42.0284 1724 NWUSBModem - ok
12:27:42.0315 1724 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
12:27:42.0315 1724 NWUSBPort - ok
12:27:42.0315 1724 [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
12:27:42.0331 1724 NWUSBPort2 - ok
12:27:42.0347 1724 [ 1A908AC58133B640841C74D44D5DD12D ] NWVSCR C:\Windows\system32\DRIVERS\NWVSCR.sys
12:27:42.0347 1724 NWVSCR - ok
12:27:42.0440 1724 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:27:42.0456 1724 odserv - ok
12:27:42.0518 1724 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:27:42.0518 1724 ohci1394 - ok
12:27:42.0549 1724 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:27:42.0549 1724 ose - ok
12:27:42.0596 1724 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:27:42.0612 1724 p2pimsvc - ok
12:27:42.0627 1724 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
12:27:42.0627 1724 p2psvc - ok
12:27:42.0659 1724 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:27:42.0659 1724 Parport - ok
12:27:42.0674 1724 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:27:42.0674 1724 partmgr - ok
12:27:42.0705 1724 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:27:42.0705 1724 Parvdm - ok
12:27:42.0737 1724 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:27:42.0737 1724 PcaSvc - ok
12:27:42.0752 1724 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
12:27:42.0752 1724 pci - ok
12:27:42.0783 1724 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
12:27:42.0783 1724 pciide - ok
12:27:42.0815 1724 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:27:42.0815 1724 pcmcia - ok
12:27:42.0861 1724 [ 6EF125721A9F1F7DBF3229786F7DECD0 ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
12:27:42.0861 1724 PCTCore - ok
12:27:42.0893 1724 [ F820B4C61D1E591325B679D479D4EEA4 ] pctDS C:\Windows\system32\drivers\pctDS.sys
12:27:42.0908 1724 pctDS - ok
12:27:42.0939 1724 [ ACC8C15F3D59F17C5D903FF1DE3B43D3 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
12:27:42.0955 1724 pctEFA - ok
12:27:43.0002 1724 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:27:43.0033 1724 PEAUTH - ok
12:27:43.0111 1724 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:27:43.0158 1724 pla - ok
12:27:43.0189 1724 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:27:43.0189 1724 PlugPlay - ok
12:27:43.0236 1724 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:27:43.0236 1724 PNRPAutoReg - ok
12:27:43.0267 1724 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:27:43.0283 1724 PNRPsvc - ok
12:27:43.0329 1724 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:27:43.0345 1724 PolicyAgent - ok
12:27:43.0361 1724 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:27:43.0376 1724 PptpMiniport - ok
12:27:43.0392 1724 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
12:27:43.0392 1724 Processor - ok
12:27:43.0423 1724 Profos - ok
12:27:43.0454 1724 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
12:27:43.0454 1724 ProfSvc - ok
12:27:43.0470 1724 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:27:43.0470 1724 ProtectedStorage - ok
12:27:43.0532 1724 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:27:43.0532 1724 PSched - ok
12:27:43.0579 1724 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:27:43.0610 1724 ql2300 - ok
12:27:43.0626 1724 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:27:43.0626 1724 ql40xx - ok
12:27:43.0657 1724 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:27:43.0673 1724 QWAVE - ok
12:27:43.0673 1724 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:27:43.0673 1724 QWAVEdrv - ok
12:27:43.0688 1724 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:27:43.0688 1724 RasAcd - ok
12:27:43.0719 1724 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:27:43.0719 1724 RasAuto - ok
12:27:43.0735 1724 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:27:43.0735 1724 Rasl2tp - ok
12:27:43.0751 1724 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
12:27:43.0751 1724 RasMan - ok
12:27:43.0782 1724 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:27:43.0782 1724 RasPppoe - ok
12:27:43.0782 1724 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:27:43.0797 1724 RasSstp - ok
12:27:43.0829 1724 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:27:43.0829 1724 rdbss - ok
12:27:43.0844 1724 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:27:43.0844 1724 RDPCDD - ok
12:27:43.0875 1724 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:27:43.0875 1724 rdpdr - ok
12:27:43.0891 1724 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:27:43.0891 1724 RDPENCDD - ok
12:27:43.0907 1724 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:27:43.0922 1724 RDPWD - ok
12:27:43.0969 1724 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
12:27:43.0985 1724 Recovery Service for Windows - ok
12:27:44.0016 1724 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:27:44.0031 1724 RemoteAccess - ok
12:27:44.0047 1724 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:27:44.0047 1724 RemoteRegistry - ok
12:27:44.0094 1724 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:27:44.0094 1724 RFCOMM - ok
12:27:44.0172 1724 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:27:44.0172 1724 RichVideo - ok
12:27:44.0187 1724 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:27:44.0187 1724 RpcLocator - ok
12:27:44.0219 1724 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
12:27:44.0234 1724 RpcSs - ok
12:27:44.0265 1724 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:27:44.0265 1724 rspndr - ok
12:27:44.0297 1724 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:27:44.0297 1724 RTL8169 - ok
12:27:44.0312 1724 [ B0538DEA03E088B80482CA939F4E8740 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
12:27:44.0312 1724 RTSTOR - ok
12:27:44.0328 1724 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
12:27:44.0328 1724 SamSs - ok
12:27:44.0406 1724 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:27:44.0406 1724 SASDIFSV - ok
12:27:44.0453 1724 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:27:44.0453 1724 SASKUTIL - ok
12:27:44.0468 1724 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:27:44.0468 1724 sbp2port - ok
12:27:44.0515 1724 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:27:44.0515 1724 SCardSvr - ok
12:27:44.0562 1724 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
12:27:44.0577 1724 Schedule - ok
12:27:44.0593 1724 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
12:27:44.0593 1724 SCPolicySvc - ok
12:27:44.0765 1724 [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService C:\Program Files\PC Tools Security\pctsAuxs.exe
12:27:44.0780 1724 sdAuxService - ok
12:27:44.0827 1724 [ ED6C2EFEB47524BFF4D5E5109FB1A2BB ] sdCoreService C:\Program Files\PC Tools Security\pctsSvc.exe
12:27:44.0874 1724 sdCoreService - ok
12:27:44.0905 1724 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:27:44.0905 1724 SDRSVC - ok
12:27:45.0030 1724 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:27:45.0030 1724 SeaPort - ok
12:27:45.0045 1724 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:27:45.0045 1724 secdrv - ok
12:27:45.0061 1724 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:27:45.0061 1724 seclogon - ok
12:27:45.0092 1724 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:27:45.0092 1724 SENS - ok
12:27:45.0108 1724 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:27:45.0123 1724 Serenum - ok
12:27:45.0139 1724 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:27:45.0139 1724 Serial - ok
12:27:45.0155 1724 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:27:45.0155 1724 sermouse - ok
12:27:45.0186 1724 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:27:45.0201 1724 SessionEnv - ok
12:27:45.0217 1724 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:27:45.0233 1724 sffdisk - ok
12:27:45.0248 1724 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:27:45.0248 1724 sffp_mmc - ok
12:27:45.0264 1724 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:27:45.0264 1724 sffp_sd - ok
12:27:45.0279 1724 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:27:45.0279 1724 sfloppy - ok
12:27:45.0311 1724 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:27:45.0311 1724 SharedAccess - ok
12:27:45.0357 1724 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:27:45.0357 1724 ShellHWDetection - ok
12:27:45.0389 1724 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:27:45.0389 1724 sisagp - ok
12:27:45.0404 1724 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:27:45.0404 1724 SiSRaid2 - ok
12:27:45.0435 1724 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:27:45.0435 1724 SiSRaid4 - ok
12:27:45.0529 1724 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
12:27:45.0591 1724 slsvc - ok
12:27:45.0623 1724 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:27:45.0638 1724 SLUINotify - ok
12:27:45.0669 1724 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:27:45.0669 1724 Smb - ok
12:27:45.0701 1724 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:27:45.0701 1724 SNMPTRAP - ok
12:27:45.0732 1724 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:27:45.0732 1724 spldr - ok
12:27:45.0779 1724 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
12:27:45.0779 1724 Spooler - ok
12:27:45.0825 1724 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:27:45.0825 1724 srv - ok
12:27:45.0888 1724 [ 96512F4A30B741E7D33A7936B9ABBC20 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:27:45.0888 1724 srv2 - ok
12:27:45.0935 1724 [ 1C69E33E0E23626DA5A34CA5BA0DD990 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:27:45.0935 1724 srvnet - ok
12:27:45.0950 1724 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:27:45.0950 1724 SSDPSRV - ok
12:27:45.0981 1724 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:27:45.0997 1724 ssmdrv - ok
12:27:46.0028 1724 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:27:46.0044 1724 SstpSvc - ok
12:27:46.0075 1724 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
12:27:46.0091 1724 stisvc - ok
12:27:46.0106 1724 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:27:46.0106 1724 swenum - ok
12:27:46.0122 1724 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
12:27:46.0137 1724 swprv - ok
12:27:46.0200 1724 [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
12:27:46.0247 1724 Symantec Core LC - ok
12:27:46.0262 1724 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:27:46.0262 1724 Symc8xx - ok
12:27:46.0278 1724 [ FE9F8B3A8BC22D85332B42E92308DDF9 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
12:27:46.0293 1724 SYMDNS - ok
12:27:46.0309 1724 [ 06B95820DF51502099A8A15C93E87986 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:27:46.0309 1724 SymEvent - ok
12:27:46.0325 1724 [ A0EA9D273889E53CFAABF2444692CCBF ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
12:27:46.0325 1724 SYMFW - ok
12:27:46.0340 1724 [ 8EAB28DD6CD25355B951AE460FA86B48 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
12:27:46.0340 1724 SymIM - ok
12:27:46.0356 1724 [ C94EACA4B522012EE0691F1E79C42A7D ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
12:27:46.0356 1724 SYMNDISV - ok
12:27:46.0371 1724 [ 7C6505EA598E58099D3B7E1F70426864 ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
12:27:46.0371 1724 SYMREDRV - ok
12:27:46.0403 1724 [ E6FF7ACE71D07CA90119F2C6AB592BA4 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
12:27:46.0403 1724 SYMTDI - ok
12:27:46.0418 1724 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:27:46.0434 1724 Sym_hi - ok
12:27:46.0434 1724 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:27:46.0434 1724 Sym_u3 - ok
12:27:46.0465 1724 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:27:46.0465 1724 SynTP - ok
12:27:46.0496 1724 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
12:27:46.0512 1724 SysMain - ok
12:27:46.0543 1724 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:27:46.0543 1724 TabletInputService - ok
12:27:46.0574 1724 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:27:46.0574 1724 TapiSrv - ok
12:27:46.0590 1724 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:27:46.0605 1724 TBS - ok
12:27:46.0652 1724 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:27:46.0699 1724 Tcpip - ok
12:27:46.0730 1724 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:27:46.0730 1724 Tcpip6 - ok
12:27:46.0777 1724 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:27:46.0777 1724 tcpipreg - ok
12:27:46.0793 1724 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:27:46.0793 1724 TDPIPE - ok
12:27:46.0824 1724 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:27:46.0824 1724 TDTCP - ok
12:27:46.0839 1724 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:27:46.0839 1724 tdx - ok
12:27:46.0855 1724 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:27:46.0855 1724 TermDD - ok
12:27:46.0902 1724 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
12:27:46.0902 1724 TermService - ok
12:27:46.0933 1724 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
12:27:46.0933 1724 Themes - ok
12:27:46.0949 1724 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:27:46.0949 1724 THREADORDER - ok
12:27:46.0964 1724 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:27:46.0980 1724 TrkWks - ok
12:27:46.0980 1724 Trufos - ok
12:27:47.0011 1724 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:27:47.0011 1724 TrustedInstaller - ok
12:27:47.0027 1724 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:27:47.0042 1724 tssecsrv - ok
12:27:47.0073 1724 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:27:47.0073 1724 tunmp - ok
12:27:47.0089 1724 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:27:47.0105 1724 tunnel - ok
12:27:47.0120 1724 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:27:47.0120 1724 uagp35 - ok
12:27:47.0151 1724 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:27:47.0151 1724 udfs - ok
12:27:47.0198 1724 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:27:47.0198 1724 UI0Detect - ok
12:27:47.0214 1724 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:27:47.0214 1724 uliagpkx - ok
12:27:47.0245 1724 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:27:47.0245 1724 uliahci - ok
12:27:47.0261 1724 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:27:47.0261 1724 UlSata - ok
12:27:47.0276 1724 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:27:47.0276 1724 ulsata2 - ok
12:27:47.0276 1724 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:27:47.0292 1724 umbus - ok
12:27:47.0307 1724 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:27:47.0307 1724 upnphost - ok
12:27:47.0354 1724 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:27:47.0354 1724 usbccgp - ok
12:27:47.0385 1724 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:27:47.0385 1724 usbcir - ok
12:27:47.0401 1724 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:27:47.0417 1724 usbehci - ok
12:27:47.0448 1724 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:27:47.0448 1724 usbhub - ok
12:27:47.0479 1724 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:27:47.0479 1724 usbohci - ok
12:27:47.0495 1724 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:27:47.0495 1724 usbprint - ok
12:27:47.0526 1724 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:27:47.0526 1724 USBSTOR - ok
12:27:47.0541 1724 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:27:47.0541 1724 usbuhci - ok
12:27:47.0573 1724 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:27:47.0588 1724 usbvideo - ok
12:27:47.0619 1724 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
12:27:47.0619 1724 UxSms - ok
12:27:47.0651 1724 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
12:27:47.0651 1724 vds - ok
12:27:47.0682 1724 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:47.0682 1724 vga - ok
12:27:47.0697 1724 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:27:47.0697 1724 VgaSave - ok
12:27:47.0713 1724 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:27:47.0713 1724 viaagp - ok
12:27:47.0744 1724 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:27:47.0744 1724 ViaC7 - ok
12:27:47.0760 1724 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:27:47.0760 1724 viaide - ok
12:27:47.0775 1724 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:27:47.0791 1724 volmgr - ok
12:27:47.0807 1724 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:27:47.0807 1724 volmgrx - ok
12:27:47.0822 1724 [ 0B91F93264B06EE3FCEBA84EF4676995 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:27:47.0822 1724 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 0B91F93264B06EE3FCEBA84EF4676995, Fake md5: D8B4A53DD2769F226B3EB374374987C9
12:27:47.0838 1724 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
12:27:47.0838 1724 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
12:27:47.0838 1724 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:27:47.0838 1724 vsmraid - ok
12:27:47.0885 1724 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
12:27:47.0916 1724 VSS - ok
12:27:47.0931 1724 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
12:27:47.0947 1724 W32Time - ok
12:27:47.0978 1724 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:27:47.0978 1724 WacomPen - ok
12:27:47.0994 1724 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:27:47.0994 1724 Wanarp - ok
12:27:47.0994 1724 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:27:47.0994 1724 Wanarpv6 - ok
12:27:48.0041 1724 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:27:48.0041 1724 wcncsvc - ok
12:27:48.0072 1724 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:27:48.0072 1724 WcsPlugInService - ok
12:27:48.0087 1724 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:27:48.0087 1724 Wd - ok
12:27:48.0119 1724 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:27:48.0119 1724 Wdf01000 - ok
12:27:48.0150 1724 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:27:48.0150 1724 WdiServiceHost - ok
12:27:48.0165 1724 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:27:48.0165 1724 WdiSystemHost - ok
12:27:48.0197 1724 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
12:27:48.0197 1724 WebClient - ok
12:27:48.0212 1724 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:27:48.0212 1724 Wecsvc - ok
12:27:48.0228 1724 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:27:48.0228 1724 wercplsupport - ok
12:27:48.0243 1724 [ 4081288554294F144E5A7D4EE20E3CE6 ] WerSvc C:\Windows\System32\WerSvc.dll
12:27:48.0259 1724 WerSvc - ok
12:27:48.0290 1724 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:27:48.0306 1724 winachsf - ok
12:27:48.0337 1724 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:27:48.0337 1724 WinDefend - ok
12:27:48.0353 1724 WinHttpAutoProxySvc - ok
12:27:48.0415 1724 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:27:48.0415 1724 Winmgmt - ok
12:27:48.0462 1724 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
12:27:48.0477 1724 WinRM - ok
12:27:48.0540 1724 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:27:48.0555 1724 Wlansvc - ok
12:27:48.0571 1724 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:27:48.0571 1724 WmiAcpi - ok
12:27:48.0602 1724 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:27:48.0602 1724 wmiApSrv - ok
12:27:48.0649 1724 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:27:48.0680 1724 WMPNetworkSvc - ok
12:27:48.0696 1724 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:27:48.0711 1724 WPCSvc - ok
12:27:48.0727 1724 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:27:48.0727 1724 WPDBusEnum - ok
12:27:48.0758 1724 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:27:48.0758 1724 WpdUsb - ok
12:27:48.0789 1724 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:27:48.0789 1724 ws2ifsl - ok
12:27:48.0805 1724 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
12:27:48.0821 1724 wscsvc - ok
12:27:48.0821 1724 WSearch - ok
12:27:48.0930 1724 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
12:27:48.0992 1724 wuauserv - ok
12:27:49.0008 1724 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:27:49.0008 1724 WUDFRd - ok
12:27:49.0023 1724 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:27:49.0023 1724 wudfsvc - ok
12:27:49.0039 1724 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:27:49.0039 1724 XAudio - ok
12:27:49.0070 1724 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:27:49.0086 1724 XAudioService - ok
12:27:49.0101 1724 ================ Scan global ===============================
12:27:49.0148 1724 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:27:49.0179 1724 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
12:27:49.0211 1724 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
12:27:49.0242 1724 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
12:27:49.0257 1724 [Global] - ok
12:27:49.0257 1724 ================ Scan MBR ==================================
12:27:49.0273 1724 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
12:27:49.0663 1724 \Device\Harddisk0\DR0 - ok
12:27:49.0663 1724 ================ Scan VBR ==================================
12:27:49.0663 1724 [ D5C37DFCC4C36C5FA980961AEF9E3EF0 ] \Device\Harddisk0\DR0\Partition1
12:27:49.0663 1724 \Device\Harddisk0\DR0\Partition1 - ok
12:27:49.0679 1724 [ F5D0651657256A107E6F38B886640777 ] \Device\Harddisk0\DR0\Partition2
12:27:49.0679 1724 \Device\Harddisk0\DR0\Partition2 - ok
12:27:49.0679 1724 ============================================================
12:27:49.0679 1724 Scan finished
12:27:49.0679 1724 ============================================================
12:27:49.0694 1716 Detected object count: 1
12:27:49.0694 1716 Actual detected object count: 1
12:28:21.0269 1716 C:\Windows\system32\drivers\volsnap.sys - copied to quarantine
12:28:21.0534 1716 Backup copy found, using it..
12:28:21.0565 1716 C:\Windows\system32\drivers\volsnap.sys - will be cured on reboot
12:28:21.0565 1716 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
12:29:40.0454 1684 Deinitialize success


....................................................................................................................................................

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 19 October 2012 - 03:30 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 26 October 2012 - 05:50 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 27 October 2012 - 08:11 AM

This topic has been re-opened at the request of the person who originally posted.

when did you lose the ability to connect to the internet (you hadn't mentioned this previously)

what happens when you try to connect, what steps have you taken to try and repair this:


Please run the following:

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by CatByte, 27 October 2012 - 08:13 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 27 October 2012 - 04:03 PM

Hello again, and thank you for helping.

As for the internet connection, I'm not sure about when I lose the ability to connect to the internet, but a few weeks ago it ran well
although I couldn't start any navigator (Firefox, Explorer, Chrome..) due to an appcrash message.

At the moment these are the messages I receive when trying to set an internet connection: (they are not exactely because I'm translating on the fly)
Unknown connection state.
Windows can't find any network.
Unable to initiate the network service because it's disabled or associated devices weren't found.
When trying to diagnose the causes, windows can't solve the problem.
Network connections manager at the control panel shows a blank sheet.
Every time I try to activate the network service detection it doesn't work.


First of running the Farbar Service Scanner I also did the AdwCleaner and MalwareBytes scans. The three logs are the following:




ADWCLEANER
---------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v2.005 - Fichero creado el 27/10/2012 a 20:45:56
# Actualizado el 14/10/2012 por Xplode
# Sistema operativo : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# Usuario : anabel - ZAZA
# Modo de inicio : Normal
# Ejecutado desde : F:\spywaredoctor\AdwCleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****


***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Mozilla Firefox v4.0.1 (es-ES)

Nombre del perfil : default
Fichero : C:\Users\anabel\AppData\Roaming\Mozilla\Firefox\Profiles\rl1j3pli.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[R1].txt - [6354 octets] - [22/10/2012 20:37:13]
AdwCleaner[S2].txt - [6312 octets] - [22/10/2012 20:38:15]
AdwCleaner[R2].txt - [1041 octets] - [22/10/2012 20:43:19]
AdwCleaner[S3].txt - [1103 octets] - [22/10/2012 20:51:52]
AdwCleaner[S4].txt - [1030 octets] - [27/10/2012 20:45:56]

########## EOF - C:\AdwCleaner[S4].txt - [1090 octets] ##########
----------------------------------------------------------------------------------------------------------------------------------------------







MALWAREBYTES
----------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.09.29.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
anabel :: ZAZA [administrador]

27/10/2012 20:50:25
mbam-log-2012-10-27 (20-50-25).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 198393
Tiempo transcurrido: 10 minuto(s), 59 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)
------------------------------------------------------------------------------------------------------------------------------






FARBAR SERVICE
---------------------------------------------------------------------------------------------------------------
Farbar Service Scanner Version: 27-10-2012
Ran by anabel (administrator) on 27-10-2012 at 22:50:50
Running from "F:\spywaredoctor"
Windows Vista ™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 04:33] - [2008-01-21 04:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-01-21 04:33] - [2008-01-21 04:33] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-09-01 14:45] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-17 11:02] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 04:34] - [2008-01-21 04:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 04:33] - [2008-01-21 04:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 04:33] - [2008-01-21 04:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 04:33] - [2008-01-21 04:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 04:34] - [2008-01-21 04:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 04:34] - [2008-01-21 04:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-02-02 01:10] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 04:34] - [2008-01-21 04:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-15 10:21] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****
---------------------------------------------------------------------------------------------------------------------------

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 27 October 2012 - 04:13 PM

Please run the following:


Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Posted Image

Once that is done then go to step 3 and allow it to run SFC

Posted Image

On the the Start Repairs tab => Click the Start

Posted Image

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.


Let me know if you can now connect

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 28 October 2012 - 07:17 AM

That's great!
Now I can connect to Internet, and none of those appcrash when opening Firefox.
That means it all is correct? If not, what else should I do?
Thank you very much

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 28 October 2012 - 07:33 AM

please run the ESET scan from this post

http://www.bleepingcomputer.com/forums/topic472301.html/page__view__findpost__p__2873249

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 29 October 2012 - 11:06 AM

Hello, here are the results after running the ESET online scan:

C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe a variant of Win32/1AntiVirus application
C:\TDSSKiller_Quarantine\19.10.2012_12.26.46\rtkt0000\svc0000\tsk0000.dta Win32/Olmasco.E trojan
C:\Users\anabel\Desktop\ANTIVIRUS2012\SoftonicDownloader_para_google-chrome.exe a variant of Win32/SoftonicDownloader.E application
C:\Users\anabel\Desktop\office&mescoses\Adobe Indesign Cs4\Activation\disable_activation.cmd BAT/HostsChanger.A application

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 29 October 2012 - 12:04 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe 
C:\Users\anabel\Desktop\ANTIVIRUS2012\SoftonicDownloader_para_google-chrome.exe 
C:\Users\anabel\Desktop\office&mescoses\Adobe Indesign Cs4\Activation\disable_activation.cmd 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 29 October 2012 - 01:09 PM

I've just done it:



ComboFix 12-10-29.04 - anabel 29/10/2012 18:50:53.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.34.3082.18.3002.1537 [GMT 1:00]
Running from: c:\users\anabel\Desktop\ComboFix.exe
Command switches used :: c:\users\anabel\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
FILE ::
"c:\program files\Loaris\Trojan Remover 1.2\ltr12.exe"
"c:\users\anabel\Desktop\ANTIVIRUS2012\SoftonicDownloader_para_google-chrome.exe"
"c:\users\anabel\Desktop\office&mescoses\Adobe Indesign Cs4\Activation\disable_activation.cmd"
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 18:02 . 2012-10-29 18:02 -------- d-----w- c:\users\anabel\AppData\Local\temp
2012-10-29 18:02 . 2012-10-29 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-29 09:20 . 2012-10-29 09:20 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-29 02:30 . 2011-05-18 01:05 196608 ----a-w- c:\windows\system32\fsquirt.exe
2012-10-29 02:30 . 2011-05-18 01:05 23040 ----a-w- c:\windows\system32\drivers\bthenum.sys
2012-10-29 02:30 . 2011-05-18 01:05 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-10-29 02:30 . 2011-05-18 01:05 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-10-29 02:20 . 2012-10-29 02:20 -------- d-----w- c:\program files\Common Files\Skype
2012-10-29 02:20 . 2012-10-29 02:20 -------- d-----r- c:\program files\Skype
2012-10-28 19:28 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-10-28 19:28 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-10-28 19:28 . 2011-04-21 15:02 634648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-10-28 19:28 . 2011-04-21 15:00 833024 ----a-w- c:\windows\system32\wininet.dll
2012-10-28 19:27 . 2011-04-21 13:28 389632 ----a-w- c:\windows\system32\html.iec
2012-10-28 19:27 . 2011-04-21 14:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-10-28 19:27 . 2011-04-21 13:08 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-28 19:27 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-10-28 19:27 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-10-28 19:27 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-10-28 19:27 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-10-28 19:26 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2012-10-28 19:26 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-10-28 19:26 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-10-28 19:26 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-10-28 19:26 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2012-10-28 19:25 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-28 19:25 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2012-10-28 19:25 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2012-10-28 12:08 . 2012-10-29 02:52 -------- d-----w- c:\windows\system32\catroot2
2012-10-28 11:47 . 2012-10-28 11:47 1536 ----a-w- c:\windows\system32\wbem\WMIObjectsMigration.bin
2012-10-28 11:47 . 2008-05-08 06:03 303616 ----a-w- C:\SetACL.exe
2012-10-28 11:46 . 2004-06-12 00:33 290304 ----a-w- C:\subinacl.exe
2012-10-28 11:43 . 2012-10-28 11:43 -------- d-----w- C:\RegBackup
2012-10-28 11:37 . 2012-10-28 12:06 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-28 11:36 . 2012-10-28 11:47 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-28 11:36 . 2012-10-28 11:36 -------- d-----w- c:\program files\Tweaking.com
2012-10-27 10:35 . 2012-10-27 10:35 -------- d-----w- c:\users\anabel\AppData\Roaming\Malwarebytes
2012-10-27 10:30 . 2012-10-27 10:30 -------- d-----w- c:\programdata\Malwarebytes
2012-10-27 10:30 . 2012-10-27 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 10:30 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-19 10:28 . 2012-10-19 10:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-17 10:42 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-17 10:42 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-17 10:42 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-17 10:42 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-17 10:42 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-17 10:42 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-17 10:41 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-17 10:41 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-17 10:41 . 2012-10-17 10:41 -------- d-----w- c:\programdata\AVAST Software
2012-10-17 10:41 . 2012-10-17 10:41 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 10:30 . 2008-01-21 02:32 227896 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-10-12 17:13 . 2011-05-06 17:56 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-12 17:13 . 2011-05-06 17:56 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-14 16:43 . 2011-05-06 18:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-03-31 20:47 . 2009-01-20 21:31 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-11-18 11:53 . 2009-01-21 17:42 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-01-21 128000]
"!BingBar"="c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE" [2012-10-29 8281168]
.
c:\users\anabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-06-08 14:52 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Escritorio movistar]
2007-12-18 14:38 3159920 ----a-w- c:\program files\Movistar\Escritorio movistar\EMMSN.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-17 09:12]
.
2012-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-06 18:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://www.pucuy.com/
IE: &AOL Toolbar Buscar - c:\programdata\AOL\ieToolbar\resources\es-ES\local\search.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.42.63.52 62.42.230.24
FF - ProfilePath - c:\users\anabel\AppData\Roaming\Mozilla\Firefox\Profiles\rl1j3pli.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/
FF - ExtSQL: 2012-10-17 12:41; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-18 19:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-00185605.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 19:02
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-29 19:05:23
ComboFix-quarantined-files.txt 2012-10-29 18:05
ComboFix2.txt 2012-10-17 19:00
.
Pre-Run: 118.272.376.832 bytes libres
Post-Run: 118.242.729.984 bytes libres
.
- - End Of File - - B49DA256A7A0EB8D4F04C62FC53DA181

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:57 PM

Posted 29 October 2012 - 04:53 PM

please run the following:
  • Please download MiniToolBox and save it to your desktop and run it.Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 zefarch

zefarch
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 31 October 2012 - 05:24 AM

I ran MiniToolBox with the checkboxes you told me. The results:



MiniToolBox by Farbar Version: 23-07-2012
Ran by anabel (administrator) on 31-10-2012 at 11:17:28
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Reader 8.1.4 - Español (Version: 8.1.4)
Adobe Shockwave Player (Version: 10.2.0.023)
Aikido3D 1.0 (Version: 1.0)
AIM 6
AOL Toolbar 5.0 (Version: 5.2.69.1)
AppCore (Version: 1.3)
Atheros Driver Installation Program (Version: 5.0)
avast! Free Antivirus (Version: 7.0.1466.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.719)
Bing Bar (Version: 7.1.391.0)
Bytescout XLS Viewer 1.30a (FREEWARE)
ccCommon (Version: 107.0.4.3)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Component Framework (Version: 2006.1.3.35)
Compresor WinRAR
Conexant HD Audio (Version: 4.58.0.0)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
Escritorio movistar
ESET Online Scanner v3
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Plug-In
Galería fotográfica de Windows Live (Version: 14.0.8081.709)
Google Updater (Version: 2.4.2166.3772)
HDAUDIO Soft Data Fax Modem with SmartCP
Herramienta de carga de Windows Live (Version: 14.0.8014.1029)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
HP Active Support Library (Version: 3.1.4.1)
HP Customer Experience Enhancements (Version: 5.7.0.2630)
HP Doc Viewer (Version: 1.01.0005)
HP DVD Play 3.7
HP Easy Setup - Frontend (Version: 5.7.0.2630)
HP Help and Support (Version: 2.0.9.0)
HP Quick Launch Buttons 6.40 F1 (Version: 6.40 F1)
HP Total Care Advisor (Version: 2.1.4047.2685)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 J1)
HPNetworkAssistant (Version: 1.1.70)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Java™ 6 Update 5 (Version: 1.6.0.50)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Codec Pack 5.8.3 (Full) (Version: 5.8.3)
LabelPrint (Version: 2.20.2719)
LightScribe System Software 1.12.33.2 (Version: 1.12.33.2)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.232)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
Loaris Trojan Remover 1.2
Magic Desktop
Malwarebytes Anti-Malware versión 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (Spanish) (Version: 12.0.6612.1000)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mobile Broadband Generic Drivers (Version: 2.02.03.005.15)
Mozilla Firefox 4.0.1 (x86 es-ES) (Version: 4.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My HP Games (Version: 1.0.0.43)
NetWaiting (Version: 2.5.52)
Norton Confidential Core (Version: 2.5.0.32)
Norton Internet Security (Symantec Corporation) (Version: 15.5.0.23)
Norton Internet Security (Version: 15.5.0.23)
Norton Protection Center (Version: 3.6.0.18)
Paint.NET v3.36 (Version: 3.36.0)
Paquete de compatibilidad para 2007 Office system (Version: 12.0.6612.1000)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spyware Doctor con Antivirus 8.0 (Version: 8.0)
SUPERAntiSpyware (Version: 4.52.1000)
SymNet (Version: 8.0.3.4)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Vista Codec Package (Version: 5.0.5)
VSO Image Resizer 3.0.1.76 (Version: 3.0.1.76)
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300)
Windows Live Asistente para el inicio de sesión (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Protección Infantil (Version: 14.0.8093.805)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)

**** End of log ****




You told me to advise how the computer was running, what kind of using may I do to find out something wrong?
thanks a lot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users