Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan, Loosing hardware space, ad popups and wireless connection problems


  • This topic is locked This topic is locked
46 replies to this topic

#1 billiam864

billiam864

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 December 2012 - 02:51 PM

Hello

Problems started yesterday. Windows XP Home, 6 year old HP Laptop. I first noticed an redirect ad-popup problem sending me to a random page whenever i clicked on a link in google. I disabled the extension in Chrome and the problem seemed to go away. Next i noticed that i was loosing hard drive space. I was at over 600 Mbs remaining and I'm not down to 120MBs and falling occasionally. I believe the Virus/Torjan is also effecting my wireless connection, as it is now going in and out and struggles to reconnect despite reseting the router, etc. I can get on sometimes.

After noticing the loss of hard drive space i ran Malwarebytes Anti-Malware Quick Scan. Identified 31 issues, and I deleted them. I went back to 600MBs. Now I'm back to 120Mbs again, so I ran a Full Scan. Identified 2 Trojans (log is attached). I deleted them, but hard drive space didn't return.

I'm not sure how to correct this problem and I cannot read Anti-Malware logs. Please help.

Bill

Attached Files



BC AdBot (Login to Remove)

 


#2 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 December 2012 - 04:13 PM

Sorry, I didn't include and attach the asked for DDS. Here you go:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by DerochaWS1 at 16:08:51 on 2012-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.812 [GMT -5:00]
.
AV: Microsoft Forefront Client Security *Disabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\DerochaWS1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08012012
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\derochaws1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GCC_Settings] c:\gcc\tools\GCC_Settings.vbs
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\docume~1\deroch~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\derochaws1\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265638856453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266413219979
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{82E3FFBA-55CD-4CA8-AABD-1CCB7F0CFFDD} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-10-30 47640]
R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-2-8 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-1-22 34736]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-2-17 71296]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-1-6 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-12-14 17:27:03 43600 ----a-w- c:\windows\system32\drivers\dkzuusaq.sys
2012-12-14 17:26:30 57600 ----a-w- c:\windows\system32\drivers\xqqbwwmu.sys
2012-12-14 04:30:56 -------- d-----w- c:\program files\Mega Codec Pack
2012-12-13 17:22:46 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{b5f215d3-bdd1-49e6-af48-60603c30b14f}\mpengine.dll
2012-12-08 03:04:07 -------- d-----w- c:\documents and settings\derochaws1\local settings\application data\Microsoft Help
2012-11-19 23:43:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-19 22:10:28 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-19 22:08:44 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-10-19 22:08:34 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-19 22:08:32 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 05:30:54 3915776 ----a-w- c:\windows\system32\ffmpeg.dll
2012-09-25 05:30:04 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-09-25 05:29:52 3504128 ----a-w- c:\windows\system32\ffdshow.ax
2012-09-25 05:29:20 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-09-25 05:29:00 99840 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-09-25 05:29:00 157184 ----a-w- c:\windows\system32\ff_unrar.dll
2012-09-25 05:29:00 147456 ----a-w- c:\windows\system32\ff_libmad.dll
2012-09-25 05:28:58 211968 ----a-w- c:\windows\system32\ff_libdts.dll
2012-09-25 05:28:58 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-09-25 05:28:58 114688 ----a-w- c:\windows\system32\ff_liba52.dll
2012-09-24 00:03:56 1289728 ----a-w- c:\windows\system32\VSFilter.dll
1999-06-01 06:23:00 571847688 ----a-w- c:\program files\INSTALL.EXE
1998-11-03 03:07:26 95232 ----a-w- c:\program files\SMACKW32.DLL
.
============= FINISH: 16:10:37.21 ===============

Attached Files



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 15 December 2012 - 10:22 AM

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 December 2012 - 04:56 PM

Ok... my cpu lost power and shutdown part way through combofix, but as it had just started, i did it again. I have the following logs from the Killer and COmbo Fix. My hard drive now has 4 gbs free space!!!

Bill

ComboFix 12-12-14.01 - DerochaWS1 12/15/2012 16:14:06.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1587 [GMT -5:00]
Running from: c:\documents and settings\DerochaWS1\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Disabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\DerochaWS1\WINDOWS
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\MUI\0406\tourstart.exe
c:\windows\system32\MUI\040b\tourstart.exe
c:\windows\system32\MUI\0413\tourstart.exe
c:\windows\system32\MUI\0414\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0419\tourstart.exe
c:\windows\system32\MUI\041D\tourstart.exe
c:\windows\system32\MUI\0816\tourstart.exe
c:\windows\system32\SETFC.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 18:05 . 2012-12-15 18:05 -------- d-----w- c:\program files\RndLabs
2012-12-15 17:55 . 2012-12-15 20:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-14 17:27 . 2012-12-14 17:27 43600 ----a-w- c:\windows\system32\drivers\dkzuusaq.sys
2012-12-14 17:26 . 2012-12-14 17:26 57600 ----a-w- c:\windows\system32\drivers\xqqbwwmu.sys
2012-12-14 04:31 . 2012-12-14 04:31 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-14 04:30 . 2012-12-14 16:17 -------- d-----w- c:\program files\Mega Codec Pack
2012-12-13 17:22 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{B5F215D3-BDD1-49E6-AF48-60603C30B14F}\mpengine.dll
2012-12-08 03:04 . 2012-12-08 03:04 -------- d-----w- c:\documents and settings\DerochaWS1\Local Settings\Application Data\Microsoft Help
2012-11-19 23:43 . 2012-09-25 04:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 17:57 . 2009-11-10 17:31 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-11-13 01:25 . 2005-01-07 01:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:00 . 2010-02-17 14:22 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-06 00:41 . 2005-01-07 01:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2005-01-07 01:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2005-01-07 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2005-01-07 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2005-01-07 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-01-07 01:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-19 22:10 . 2012-10-30 16:57 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-19 22:08 . 2012-10-30 16:57 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-10-19 22:08 . 2012-10-30 16:57 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-19 22:08 . 2012-10-30 16:56 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-02 18:04 . 2005-01-07 01:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2010-12-12 01:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 05:30 . 2012-09-25 05:30 3915776 ----a-w- c:\windows\system32\ffmpeg.dll
2012-09-25 05:30 . 2012-09-25 05:30 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-09-25 05:29 . 2012-09-25 05:29 3504128 ----a-w- c:\windows\system32\ffdshow.ax
2012-09-25 05:29 . 2012-09-25 05:29 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-09-25 05:29 . 2012-09-25 05:29 99840 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-09-25 05:29 . 2012-09-25 05:29 157184 ----a-w- c:\windows\system32\ff_unrar.dll
2012-09-25 05:29 . 2012-09-25 05:29 147456 ----a-w- c:\windows\system32\ff_libmad.dll
2012-09-25 05:28 . 2012-09-25 05:28 211968 ----a-w- c:\windows\system32\ff_libdts.dll
2012-09-25 05:28 . 2012-09-25 05:28 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-09-25 05:28 . 2012-09-25 05:28 114688 ----a-w- c:\windows\system32\ff_liba52.dll
2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\system32\VSFilter.dll
1999-06-01 06:23 . 2010-07-15 21:41 571847688 ----a-w- c:\program files\INSTALL.EXE
1998-11-03 03:07 . 2010-07-15 21:43 95232 ----a-w- c:\program files\SMACKW32.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-12-14 04:31 220160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\DerochaWS1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\DerochaWS1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\DerochaWS1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\DerochaWS1\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GCC_Settings"="c:\gcc\TOOLS\GCC_Settings.vbs" [2009-05-12 7989]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-15 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\documents and settings\DerochaWS1\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DerochaWS1\Application Data\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 20:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-10-19 22:08 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 08:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DerochaWS1^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\DerochaWS1\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-11-16 19:12 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-12-21 16:11 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-12-21 16:16 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2005-01-07 01:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 22:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2005-01-07 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2005-01-07 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2006-06-08 19:02 131072 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2007-10-19 18:05 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-09-23 17:41 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 14:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\DerochaWS1\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\DerochaWS1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\DerochaWS1\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/29/2005 4:56 PM 36768]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/8/2011 5:06 PM 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/10/2012 5:29 PM 1435568]
R2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [7/21/2005 11:14 AM 134656]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2010 10:54 AM 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 11:19 AM 36352]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950671833-3177337169-3772750312-1009Core.job
- c:\documents and settings\DerochaWS1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 00:28]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-950671833-3177337169-3772750312-1009UA.job
- c:\documents and settings\DerochaWS1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 00:28]
.
2012-12-15 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]
.
2012-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]
.
2012-12-15 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]
.
2012-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-950671833-3177337169-3772750312-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-950671833-3177337169-3772750312-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-12-15 c:\windows\Tasks\User_Feed_Synchronization-{EDB103D0-FFEC-4608-BDD8-B86B8CBCB0E0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08012012
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
SafeBoot-54381557.sys
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-SynTPStart - c:\program files\Synaptics\SynTP\SynTPStart.exe
MSConfigStartUp-VooMuuSA - c:\program files\VooMuu\bin\1.0.29.0\VooMuuSA.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-WacomPenabled - c:\program files\Wacom\Penabled\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 16:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\LMIinit.dll
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-12-15 16:38:12
ComboFix-quarantined-files.txt 2012-12-15 21:37
.
Pre-Run: 1,068,945,408 bytes free
Post-Run: 4,913,438,720 bytes free
.
- - End Of File - - 4AEF5CB50442A81506FCA96320035109


15:39:08.0171 3104 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:39:08.0531 3104 ============================================================
15:39:08.0531 3104 Current date / time: 2012/12/15 15:39:08.0531
15:39:08.0531 3104 SystemInfo:
15:39:08.0531 3104
15:39:08.0531 3104 OS Version: 5.1.2600 ServicePack: 3.0
15:39:08.0531 3104 Product type: Workstation
15:39:08.0531 3104 ComputerName: CND6220870
15:39:08.0531 3104 UserName: DerochaWS1
15:39:08.0531 3104 Windows directory: C:\WINDOWS
15:39:08.0531 3104 System windows directory: C:\WINDOWS
15:39:08.0531 3104 Processor architecture: Intel x86
15:39:08.0531 3104 Number of processors: 1
15:39:08.0531 3104 Page size: 0x1000
15:39:08.0531 3104 Boot type: Normal boot
15:39:08.0531 3104 ============================================================
15:39:10.0500 3104 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:39:10.0500 3104 ============================================================
15:39:10.0500 3104 \Device\Harddisk0\DR0:
15:39:10.0500 3104 MBR partitions:
15:39:10.0500 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
15:39:10.0500 3104 ============================================================
15:39:10.0531 3104 C: <-> \Device\Harddisk0\DR0\Partition1
15:39:10.0531 3104 ============================================================
15:39:10.0531 3104 Initialize success
15:39:10.0531 3104 ============================================================
15:39:16.0640 3816 ============================================================
15:39:16.0640 3816 Scan started
15:39:16.0640 3816 Mode: Manual; TDLFS;
15:39:16.0640 3816 ============================================================
15:39:20.0140 3816 ================ Scan system memory ========================
15:39:20.0156 3816 System memory - ok
15:39:20.0156 3816 ================ Scan services =============================
15:39:20.0875 3816 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
15:39:20.0875 3816 61883 - ok
15:39:20.0890 3816 Abiosdsk - ok
15:39:20.0906 3816 abp480n5 - ok
15:39:20.0968 3816 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:39:20.0984 3816 ACPI - ok
15:39:21.0000 3816 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:39:21.0000 3816 ACPIEC - ok
15:39:21.0015 3816 adpu160m - ok
15:39:21.0078 3816 [ 9F59AE2DE835641FBB0C6AFD80D8FA9B ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
15:39:21.0093 3816 aeaudio - ok
15:39:21.0156 3816 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:39:21.0156 3816 aec - ok
15:39:21.0234 3816 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:39:21.0234 3816 AFD - ok
15:39:21.0343 3816 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:39:21.0390 3816 AgereSoftModem - ok
15:39:21.0406 3816 Aha154x - ok
15:39:21.0437 3816 aic78u2 - ok
15:39:21.0453 3816 aic78xx - ok
15:39:21.0500 3816 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:39:21.0515 3816 Alerter - ok
15:39:21.0546 3816 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:39:21.0546 3816 ALG - ok
15:39:21.0562 3816 AliIde - ok
15:39:21.0578 3816 amsint - ok
15:39:21.0625 3816 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:39:21.0625 3816 AppMgmt - ok
15:39:21.0671 3816 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:39:21.0671 3816 Arp1394 - ok
15:39:21.0687 3816 asc - ok
15:39:21.0718 3816 asc3350p - ok
15:39:21.0734 3816 asc3550 - ok
15:39:21.0859 3816 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:39:21.0859 3816 aspnet_state - ok
15:39:21.0890 3816 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:39:21.0906 3816 AsyncMac - ok
15:39:21.0937 3816 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:39:21.0937 3816 atapi - ok
15:39:21.0968 3816 Atdisk - ok
15:39:22.0015 3816 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:39:22.0015 3816 Atmarpc - ok
15:39:22.0062 3816 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:39:22.0062 3816 AudioSrv - ok
15:39:22.0078 3816 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:39:22.0078 3816 audstub - ok
15:39:22.0140 3816 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
15:39:22.0140 3816 Avc - ok
15:39:22.0187 3816 [ 2FA609C3411EC5F77F42D0B04D304AE5 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:39:22.0203 3816 b57w2k - ok
15:39:22.0265 3816 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:39:22.0265 3816 Beep - ok
15:39:22.0328 3816 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:39:22.0343 3816 Browser - ok
15:39:22.0375 3816 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:39:22.0375 3816 cbidf2k - ok
15:39:22.0406 3816 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:39:22.0421 3816 CCDECODE - ok
15:39:22.0437 3816 cd20xrnt - ok
15:39:22.0453 3816 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:39:22.0453 3816 Cdaudio - ok
15:39:22.0484 3816 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:39:22.0500 3816 Cdfs - ok
15:39:22.0531 3816 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:39:22.0531 3816 Cdrom - ok
15:39:22.0546 3816 Changer - ok
15:39:22.0578 3816 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:39:22.0578 3816 CiSvc - ok
15:39:22.0609 3816 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:39:22.0609 3816 ClipSrv - ok
15:39:22.0656 3816 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:39:22.0750 3816 clr_optimization_v2.0.50727_32 - ok
15:39:22.0796 3816 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:39:22.0796 3816 CmBatt - ok
15:39:22.0812 3816 CmdIde - ok
15:39:22.0859 3816 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:39:22.0859 3816 Compbatt - ok
15:39:22.0875 3816 COMSysApp - ok
15:39:22.0921 3816 Cpqarray - ok
15:39:22.0968 3816 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:39:22.0984 3816 CryptSvc - ok
15:39:23.0000 3816 dac2w2k - ok
15:39:23.0015 3816 dac960nt - ok
15:39:23.0078 3816 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:39:23.0125 3816 DcomLaunch - ok
15:39:23.0171 3816 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:39:23.0171 3816 Dhcp - ok
15:39:23.0187 3816 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:39:23.0203 3816 Disk - ok
15:39:23.0218 3816 dmadmin - ok
15:39:23.0312 3816 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:39:23.0343 3816 dmboot - ok
15:39:23.0375 3816 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:39:23.0375 3816 dmio - ok
15:39:23.0390 3816 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:39:23.0390 3816 dmload - ok
15:39:23.0437 3816 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:39:23.0437 3816 dmserver - ok
15:39:23.0468 3816 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:39:23.0468 3816 DMusic - ok
15:39:23.0546 3816 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:39:23.0546 3816 Dnscache - ok
15:39:23.0593 3816 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:39:23.0609 3816 Dot3svc - ok
15:39:23.0625 3816 dpti2o - ok
15:39:23.0656 3816 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:39:23.0656 3816 drmkaud - ok
15:39:23.0703 3816 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:39:23.0703 3816 EapHost - ok
15:39:23.0734 3816 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:39:23.0750 3816 ERSvc - ok
15:39:23.0796 3816 esgiguard - ok
15:39:23.0859 3816 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:39:23.0859 3816 Eventlog - ok
15:39:23.0937 3816 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:39:23.0953 3816 EventSystem - ok
15:39:24.0015 3816 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:39:24.0015 3816 Fastfat - ok
15:39:24.0093 3816 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:39:24.0109 3816 FastUserSwitchingCompatibility - ok
15:39:24.0203 3816 [ 8CAB6B589F6610BF0E20780E153248C1 ] FCSAM c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
15:39:24.0203 3816 FCSAM - ok
15:39:24.0281 3816 [ 5E162FEB08F6635F0348D250B98AC758 ] FcsSas C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
15:39:24.0281 3816 FcsSas - ok
15:39:24.0296 3816 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:39:24.0296 3816 Fdc - ok
15:39:24.0328 3816 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:39:24.0328 3816 Fips - ok
15:39:24.0359 3816 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:39:24.0359 3816 Flpydisk - ok
15:39:24.0390 3816 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:39:24.0390 3816 FltMgr - ok
15:39:24.0468 3816 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:39:24.0468 3816 FontCache3.0.0.0 - ok
15:39:24.0531 3816 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:39:24.0531 3816 Fs_Rec - ok
15:39:24.0562 3816 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:39:24.0562 3816 Ftdisk - ok
15:39:24.0625 3816 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:39:24.0625 3816 Gpc - ok
15:39:24.0687 3816 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
15:39:24.0687 3816 GTIPCI21 - ok
15:39:24.0734 3816 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:39:24.0734 3816 hamachi - ok
15:39:24.0937 3816 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
15:39:25.0062 3816 Hamachi2Svc - ok
15:39:25.0125 3816 [ 407E41DDB2BFECE109132AEC296E0D98 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
15:39:25.0125 3816 HBtnKey - ok
15:39:25.0234 3816 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:39:25.0234 3816 helpsvc - ok
15:39:25.0250 3816 HidServ - ok
15:39:25.0312 3816 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:39:25.0312 3816 HidUsb - ok
15:39:25.0375 3816 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:39:25.0375 3816 hkmsvc - ok
15:39:25.0390 3816 hpn - ok
15:39:25.0453 3816 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:39:25.0453 3816 HpqKbFiltr - ok
15:39:25.0562 3816 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:39:25.0562 3816 hpqwmiex - ok
15:39:25.0625 3816 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:39:25.0625 3816 HPZid412 - ok
15:39:25.0656 3816 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:39:25.0656 3816 HPZipr12 - ok
15:39:25.0687 3816 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:39:25.0687 3816 HPZius12 - ok
15:39:25.0750 3816 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:39:25.0750 3816 HTTP - ok
15:39:25.0812 3816 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:39:25.0812 3816 HTTPFilter - ok
15:39:25.0828 3816 i2omgmt - ok
15:39:25.0843 3816 i2omp - ok
15:39:25.0906 3816 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:39:25.0906 3816 i8042prt - ok
15:39:26.0031 3816 [ C600649CA5BA2A7C9B280E9F90C5DB25 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:39:26.0078 3816 ialm - ok
15:39:26.0187 3816 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:39:26.0203 3816 IDriverT - ok
15:39:26.0296 3816 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:39:26.0343 3816 idsvc - ok
15:39:26.0421 3816 [ 1988575194189863932F73B43D9A0AD9 ] IFXSpMgtSrv C:\WINDOWS\system32\IFXSPMGT.exe
15:39:26.0453 3816 IFXSpMgtSrv - ok
15:39:26.0468 3816 [ 0A359837E021BC04A04A6FD189492C65 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:39:26.0468 3816 IFXTPM - ok
15:39:26.0500 3816 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:39:26.0500 3816 Imapi - ok
15:39:26.0562 3816 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:39:26.0578 3816 ImapiService - ok
15:39:26.0593 3816 ini910u - ok
15:39:26.0640 3816 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:39:26.0640 3816 IntelIde - ok
15:39:26.0703 3816 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:39:26.0703 3816 intelppm - ok
15:39:26.0734 3816 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:39:26.0734 3816 Ip6Fw - ok
15:39:26.0796 3816 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:39:26.0796 3816 IpFilterDriver - ok
15:39:26.0828 3816 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:39:26.0828 3816 IpInIp - ok
15:39:26.0875 3816 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:39:26.0890 3816 IpNat - ok
15:39:26.0921 3816 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:39:26.0921 3816 IPSec - ok
15:39:26.0968 3816 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:39:26.0968 3816 irda - ok
15:39:27.0046 3816 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:39:27.0046 3816 IRENUM - ok
15:39:27.0062 3816 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
15:39:27.0062 3816 Irmon - ok
15:39:27.0156 3816 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:39:27.0156 3816 isapnp - ok
15:39:27.0250 3816 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:39:27.0265 3816 JavaQuickStarterService - ok
15:39:27.0296 3816 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:39:27.0296 3816 Kbdclass - ok
15:39:27.0312 3816 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:39:27.0312 3816 kbdhid - ok
15:39:27.0343 3816 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:39:27.0359 3816 kmixer - ok
15:39:27.0750 3816 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:39:27.0750 3816 KSecDD - ok
15:39:27.0828 3816 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:39:27.0828 3816 lanmanserver - ok
15:39:27.0906 3816 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:39:27.0953 3816 lanmanworkstation - ok
15:39:27.0968 3816 lbrtfdc - ok
15:39:28.0078 3816 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:39:28.0078 3816 LmHosts - ok
15:39:28.0156 3816 LMIInfo - ok
15:39:28.0218 3816 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
15:39:28.0218 3816 lmimirr - ok
15:39:28.0250 3816 LMIRfsClientNP - ok
15:39:28.0281 3816 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:39:28.0281 3816 LMIRfsDriver - ok
15:39:28.0328 3816 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:39:28.0328 3816 Messenger - ok
15:39:28.0437 3816 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:39:28.0437 3816 Microsoft Office Groove Audit Service - ok
15:39:28.0468 3816 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:39:28.0468 3816 mnmdd - ok
15:39:28.0531 3816 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:39:28.0531 3816 mnmsrvc - ok
15:39:28.0562 3816 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:39:28.0562 3816 Modem - ok
15:39:28.0625 3816 [ F3C2E6441348A7FC20F21FE2F5EB28E6 ] MOM C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
15:39:28.0640 3816 MOM - ok
15:39:28.0718 3816 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:39:28.0718 3816 Mouclass - ok
15:39:28.0765 3816 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:39:28.0765 3816 mouhid - ok
15:39:28.0796 3816 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:39:28.0796 3816 MountMgr - ok
15:39:28.0828 3816 [ 356842AAC621AB40F18992C01A590F71 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:39:28.0843 3816 MpFilter - ok
15:39:28.0859 3816 mraid35x - ok
15:39:28.0875 3816 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:39:28.0890 3816 MRxDAV - ok
15:39:28.0984 3816 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:39:29.0000 3816 MRxSmb - ok
15:39:29.0046 3816 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:39:29.0062 3816 MSDTC - ok
15:39:29.0109 3816 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
15:39:29.0109 3816 MSDV - ok
15:39:29.0156 3816 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:39:29.0156 3816 Msfs - ok
15:39:29.0171 3816 MSIServer - ok
15:39:29.0203 3816 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:39:29.0203 3816 MSKSSRV - ok
15:39:29.0218 3816 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:39:29.0234 3816 MSPCLOCK - ok
15:39:29.0250 3816 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:39:29.0250 3816 MSPQM - ok
15:39:29.0281 3816 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:39:29.0296 3816 mssmbios - ok
15:39:29.0328 3816 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:39:29.0328 3816 MSTEE - ok
15:39:29.0359 3816 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:39:29.0406 3816 Mup - ok
15:39:29.0437 3816 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:39:29.0453 3816 NABTSFEC - ok
15:39:29.0500 3816 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:39:29.0515 3816 napagent - ok
15:39:29.0546 3816 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:39:29.0562 3816 NDIS - ok
15:39:29.0609 3816 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:39:29.0609 3816 NdisIP - ok
15:39:29.0671 3816 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:39:29.0671 3816 NdisTapi - ok
15:39:29.0718 3816 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:39:29.0734 3816 Ndisuio - ok
15:39:29.0750 3816 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:39:29.0750 3816 NdisWan - ok
15:39:29.0828 3816 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:39:29.0828 3816 NDProxy - ok
15:39:29.0890 3816 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:39:29.0890 3816 NetBIOS - ok
15:39:29.0937 3816 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:39:29.0953 3816 NetBT - ok
15:39:30.0015 3816 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:39:30.0015 3816 NetDDE - ok
15:39:30.0031 3816 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:39:30.0031 3816 NetDDEdsdm - ok
15:39:30.0078 3816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:39:30.0078 3816 Netlogon - ok
15:39:30.0140 3816 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:39:30.0140 3816 Netman - ok
15:39:30.0203 3816 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:39:30.0203 3816 NetTcpPortSharing - ok
15:39:30.0250 3816 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:39:30.0265 3816 NIC1394 - ok
15:39:30.0312 3816 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:39:30.0328 3816 Nla - ok
15:39:30.0390 3816 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:39:30.0390 3816 Npfs - ok
15:39:30.0437 3816 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:39:30.0468 3816 Ntfs - ok
15:39:30.0484 3816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:39:30.0500 3816 NtLmSsp - ok
15:39:30.0546 3816 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:39:30.0593 3816 NtmsSvc - ok
15:39:30.0625 3816 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:39:30.0625 3816 Null - ok
15:39:30.0687 3816 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:39:30.0687 3816 NwlnkFlt - ok
15:39:30.0718 3816 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:39:30.0718 3816 NwlnkFwd - ok
15:39:30.0765 3816 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:39:30.0765 3816 NwlnkIpx - ok
15:39:30.0796 3816 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:39:30.0796 3816 NwlnkNb - ok
15:39:30.0843 3816 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:39:30.0843 3816 NwlnkSpx - ok
15:39:30.0984 3816 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:39:31.0015 3816 odserv - ok
15:39:31.0078 3816 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:39:31.0078 3816 ohci1394 - ok
15:39:31.0125 3816 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:39:31.0125 3816 ose - ok
15:39:31.0203 3816 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:39:31.0203 3816 Parport - ok
15:39:31.0250 3816 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:39:31.0250 3816 PartMgr - ok
15:39:31.0312 3816 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:39:31.0312 3816 ParVdm - ok
15:39:31.0375 3816 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:39:31.0375 3816 PCI - ok
15:39:31.0390 3816 PCIDump - ok
15:39:31.0421 3816 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
15:39:31.0421 3816 PCIIde - ok
15:39:31.0453 3816 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:39:31.0453 3816 Pcmcia - ok
15:39:31.0468 3816 PDCOMP - ok
15:39:31.0484 3816 PDFRAME - ok
15:39:31.0500 3816 PDRELI - ok
15:39:31.0531 3816 PDRFRAME - ok
15:39:31.0546 3816 perc2 - ok
15:39:31.0562 3816 perc2hib - ok
15:39:31.0625 3816 [ E1653A632F878E353399B96F2CEF6570 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys
15:39:31.0625 3816 PersonalSecureDrive - ok
15:39:31.0734 3816 [ 2705BD86D5A1FA46755BCC48C5BE0F18 ] PersonalSecureDriveService C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
15:39:31.0734 3816 PersonalSecureDriveService - ok
15:39:31.0765 3816 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:39:31.0781 3816 PlugPlay - ok
15:39:31.0843 3816 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:39:31.0859 3816 Pml Driver HPZ12 - ok
15:39:31.0875 3816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:39:31.0890 3816 PolicyAgent - ok
15:39:31.0921 3816 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:39:31.0921 3816 PptpMiniport - ok
15:39:31.0953 3816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:39:31.0953 3816 ProtectedStorage - ok
15:39:31.0984 3816 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:39:31.0984 3816 PSched - ok
15:39:32.0046 3816 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:39:32.0046 3816 Ptilink - ok
15:39:32.0093 3816 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:39:32.0093 3816 PxHelp20 - ok
15:39:32.0109 3816 ql1080 - ok
15:39:32.0125 3816 Ql10wnt - ok
15:39:32.0140 3816 ql12160 - ok
15:39:32.0171 3816 ql1240 - ok
15:39:32.0187 3816 ql1280 - ok
15:39:32.0203 3816 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:39:32.0203 3816 RasAcd - ok
15:39:32.0250 3816 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:39:32.0250 3816 RasAuto - ok
15:39:32.0312 3816 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:39:32.0312 3816 Rasirda - ok
15:39:32.0343 3816 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:39:32.0343 3816 Rasl2tp - ok
15:39:32.0375 3816 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:39:32.0390 3816 RasMan - ok
15:39:32.0421 3816 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:39:32.0421 3816 RasPppoe - ok
15:39:32.0437 3816 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:39:32.0437 3816 Raspti - ok
15:39:32.0468 3816 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:39:32.0468 3816 Rdbss - ok
15:39:32.0500 3816 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:39:32.0500 3816 RDPCDD - ok
15:39:32.0578 3816 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:39:32.0578 3816 rdpdr - ok
15:39:32.0687 3816 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:39:32.0687 3816 RDPWD - ok
15:39:32.0750 3816 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:39:32.0765 3816 RDSessMgr - ok
15:39:32.0812 3816 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:39:32.0812 3816 redbook - ok
15:39:32.0875 3816 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:39:32.0890 3816 RemoteAccess - ok
15:39:32.0937 3816 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:39:32.0953 3816 RemoteRegistry - ok
15:39:33.0031 3816 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:39:33.0031 3816 RpcLocator - ok
15:39:33.0078 3816 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:39:33.0093 3816 RpcSs - ok
15:39:33.0156 3816 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:39:33.0156 3816 RSVP - ok
15:39:33.0187 3816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:39:33.0187 3816 SamSs - ok
15:39:33.0234 3816 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:39:33.0234 3816 SCardSvr - ok
15:39:33.0265 3816 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:39:33.0265 3816 Schedule - ok
15:39:33.0312 3816 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:39:33.0312 3816 sdbus - ok
15:39:33.0375 3816 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:39:33.0375 3816 Secdrv - ok
15:39:33.0406 3816 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:39:33.0406 3816 seclogon - ok
15:39:33.0468 3816 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:39:33.0468 3816 SENS - ok
15:39:33.0515 3816 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:39:33.0515 3816 Serenum - ok
15:39:33.0546 3816 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:39:33.0562 3816 Serial - ok
15:39:33.0609 3816 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:39:33.0609 3816 Sfloppy - ok
15:39:33.0656 3816 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:39:33.0671 3816 SharedAccess - ok
15:39:33.0703 3816 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:39:33.0703 3816 ShellHWDetection - ok
15:39:33.0718 3816 Simbad - ok
15:39:33.0843 3816 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:39:33.0843 3816 SkypeUpdate - ok
15:39:33.0906 3816 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:39:33.0906 3816 SLIP - ok
15:39:33.0937 3816 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
15:39:33.0953 3816 SMCIRDA - ok
15:39:34.0000 3816 [ 1319EA66A96250D59665D133C0FF7CD0 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:39:34.0000 3816 smwdm - ok
15:39:34.0609 3816 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
15:39:35.0171 3816 SNPSTD3 - ok
15:39:35.0281 3816 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
15:39:35.0281 3816 SoundMAX Agent Service (default) - ok
15:39:35.0296 3816 Sparrow - ok
15:39:35.0343 3816 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:39:35.0343 3816 splitter - ok
15:39:35.0406 3816 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:39:35.0406 3816 Spooler - ok
15:39:35.0453 3816 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:39:35.0453 3816 sr - ok
15:39:35.0500 3816 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:39:35.0515 3816 srservice - ok
15:39:35.0593 3816 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:39:35.0593 3816 Srv - ok
15:39:35.0625 3816 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:39:35.0640 3816 SSDPSRV - ok
15:39:35.0703 3816 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:39:35.0703 3816 StillCam - ok
15:39:35.0781 3816 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:39:35.0796 3816 stisvc - ok
15:39:35.0828 3816 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:39:35.0828 3816 streamip - ok
15:39:35.0875 3816 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:39:35.0875 3816 swenum - ok
15:39:35.0921 3816 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:39:35.0921 3816 swmidi - ok
15:39:35.0937 3816 SwPrv - ok
15:39:35.0968 3816 symc810 - ok
15:39:35.0984 3816 symc8xx - ok
15:39:36.0000 3816 sym_hi - ok
15:39:36.0015 3816 sym_u3 - ok
15:39:36.0062 3816 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:39:36.0093 3816 sysaudio - ok
15:39:36.0156 3816 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:39:36.0171 3816 SysmonLog - ok
15:39:36.0265 3816 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:39:36.0281 3816 TapiSrv - ok
15:39:36.0343 3816 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:39:36.0437 3816 Tcpip - ok
15:39:36.0484 3816 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:39:36.0484 3816 TDPIPE - ok
15:39:36.0531 3816 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:39:36.0546 3816 TDTCP - ok
15:39:36.0593 3816 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:39:36.0593 3816 TermDD - ok
15:39:36.0656 3816 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:39:36.0671 3816 TermService - ok
15:39:36.0703 3816 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:39:36.0703 3816 Themes - ok
15:39:36.0781 3816 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
15:39:36.0796 3816 tifm21 - ok
15:39:36.0859 3816 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:39:36.0875 3816 TlntSvr - ok
15:39:36.0890 3816 TosIde - ok
15:39:36.0937 3816 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:39:36.0937 3816 TrkWks - ok
15:39:37.0000 3816 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:39:37.0000 3816 Udfs - ok
15:39:37.0031 3816 ultra - ok
15:39:37.0109 3816 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:39:37.0125 3816 Update - ok
15:39:37.0171 3816 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:39:37.0171 3816 upnphost - ok
15:39:37.0218 3816 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:39:37.0218 3816 UPS - ok
15:39:37.0281 3816 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:39:37.0281 3816 usbaudio - ok
15:39:37.0328 3816 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:39:37.0328 3816 usbccgp - ok
15:39:37.0359 3816 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:39:37.0359 3816 usbehci - ok
15:39:37.0406 3816 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:39:37.0406 3816 usbhub - ok
15:39:37.0453 3816 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:39:37.0453 3816 usbprint - ok
15:39:37.0484 3816 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:39:37.0484 3816 usbscan - ok
15:39:37.0531 3816 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:39:37.0531 3816 usbstor - ok
15:39:37.0562 3816 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:39:37.0562 3816 usbuhci - ok
15:39:37.0609 3816 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:39:37.0609 3816 usbvideo - ok
15:39:37.0687 3816 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:39:37.0687 3816 VgaSave - ok
15:39:37.0703 3816 ViaIde - ok
15:39:37.0765 3816 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:39:37.0765 3816 VolSnap - ok
15:39:37.0828 3816 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:39:37.0828 3816 VSS - ok
15:39:37.0984 3816 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
15:39:38.0125 3816 w29n51 - ok
15:39:38.0187 3816 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:39:38.0187 3816 W32Time - ok
15:39:38.0218 3816 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:39:38.0218 3816 Wanarp - ok
15:39:38.0281 3816 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:39:38.0281 3816 Wdf01000 - ok
15:39:38.0296 3816 WDICA - ok
15:39:38.0343 3816 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:39:38.0359 3816 wdmaud - ok
15:39:38.0375 3816 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:39:38.0406 3816 WebClient - ok
15:39:38.0515 3816 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:39:38.0515 3816 winmgmt - ok
15:39:38.0625 3816 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:39:38.0671 3816 WinRM - ok
15:39:38.0765 3816 [ DC2111B884AC9E942939E70869511526 ] wisdpen C:\WINDOWS\system32\DRIVERS\wisdpen.sys
15:39:38.0765 3816 wisdpen - ok
15:39:38.0937 3816 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:39:39.0046 3816 wlidsvc - ok
15:39:39.0109 3816 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:39:39.0109 3816 WmdmPmSN - ok
15:39:39.0203 3816 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:39:39.0234 3816 Wmi - ok
15:39:39.0296 3816 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:39:39.0296 3816 WmiAcpi - ok
15:39:39.0359 3816 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:39:39.0359 3816 WmiApSrv - ok
15:39:39.0468 3816 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:39:39.0515 3816 WMPNetworkSvc - ok
15:39:39.0546 3816 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:39:39.0546 3816 WpdUsb - ok
15:39:39.0593 3816 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:39:39.0609 3816 wscsvc - ok
15:39:39.0625 3816 WSearch - ok
15:39:39.0687 3816 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:39:39.0687 3816 WSTCODEC - ok
15:39:39.0718 3816 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:39:39.0718 3816 WudfPf - ok
15:39:39.0781 3816 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:39:39.0781 3816 WudfRd - ok
15:39:39.0843 3816 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:39:39.0843 3816 WudfSvc - ok
15:39:39.0937 3816 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:39:39.0968 3816 WZCSVC - ok
15:39:40.0031 3816 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:39:40.0031 3816 xmlprov - ok
15:39:40.0078 3816 ================ Scan global ===============================
15:39:40.0140 3816 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:39:40.0203 3816 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:39:40.0250 3816 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:39:40.0281 3816 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:39:40.0281 3816 [Global] - ok
15:39:40.0296 3816 ================ Scan MBR ==================================
15:39:40.0312 3816 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:39:40.0562 3816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:39:40.0562 3816 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:39:40.0562 3816 ================ Scan VBR ==================================
15:39:40.0578 3816 [ ABDFD526BAA23B87BFB5BE57E6952AAC ] \Device\Harddisk0\DR0\Partition1
15:39:40.0578 3816 \Device\Harddisk0\DR0\Partition1 - ok
15:39:40.0578 3816 ============================================================
15:39:40.0578 3816 Scan finished
15:39:40.0578 3816 ============================================================
15:39:40.0609 1392 Detected object count: 1
15:39:40.0609 1392 Actual detected object count: 1
15:39:53.0000 1392 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:39:53.0015 1392 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:39:53.0015 1392 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:39:53.0031 1392 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:39:53.0031 1392 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:39:53.0031 1392 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:39:53.0031 1392 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:39:53.0046 1392 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:39:53.0046 1392 \Device\Harddisk0\DR0\TDLFS - deleted
15:39:53.0046 1392 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
15:41:00.0812 1296 Deinitialize success

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 15 December 2012 - 06:14 PM

Please do the following:

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\system32\drivers\dkzuusaq.sys
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Do the same for the following file

c:\windows\system32\drivers\xqqbwwmu.sys

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 December 2012 - 09:24 PM

Okay...here is the link to that test:

https://www.virustotal.com/file/c94c7f88477f740bda08ce68eafac2599e2b45025c8f302cd42985b270185f03/analysis/1355624525/

Bill

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 15 December 2012 - 09:30 PM

How is the computer running now? Are there any outstanding issues?

Edited by CatByte, 15 December 2012 - 09:37 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 December 2012 - 09:32 PM

And the 2nd test.

https://www.virustotal.com/file/e6150e1f598ba4cfedb8ff075bc0d576518c331b864388f1cae8812eff106ecf/analysis/1355625019/

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 15 December 2012 - 09:37 PM

ok, good, I thought they were random names of tools that have been run on your system but wanted to make certain, I'd still like to run a couple of scans to make sure there are no leftovers, please do the following:


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 December 2012 - 09:39 PM

Seems to be running well, my hard drive space is back and I haven't had any redirect loops... I'm connected via LAN currently and cannot try the wireless in this location. Most definitely a improvement!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 15 December 2012 - 09:44 PM

ok good, let's see what the rest of the scans turn up :)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 16 December 2012 - 03:06 PM

Woke up this morning, and my CPU is running pretty slow, taking its time even opening My Computer. I believe I've also lost some hard drive space again.

I am also unable to run JRT. My Administrator option has a password I don't know. (This is a computer I inherted from my past college after leaving, but it was setup for use by the school before being given to students).

I didn't run the other scans.

What should i do next?

Bill

#13 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 16 December 2012 - 03:11 PM

IN my Task Manager....a FcsSas.exe is making my processor run at 100%...not sure what that is.

#14 billiam864

billiam864
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 16 December 2012 - 03:44 PM

FcsSas has gone away...running smoothly now, but lost a bit more hard drive space.

Bill

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:33 AM

Posted 16 December 2012 - 04:04 PM

FcsSas.exe belongs to Microsoft Forefront Client Security State Assessment Service

please try running the other tools (in safe modeif you need to)


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users