WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Double Click Virus [Closed]

Started by michael81 , Apr 26 2012 08:15 AM

This topic is locked

62 replies to this topic

#1 michael81

Authentic Member

Authentic Member
51 posts

Posted 26 April 2012 - 08:15 AM

Hello. I would appreciate any help in dealing with double click virus and other potential infections. I've included a HiJack This log. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:55 AM, on 4/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.9.113.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebo...toUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\Windows\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\Windows\CDProxyServ.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11776 bytes

Advertisements

Register to Remove

#2 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 27 April 2012 - 12:33 PM

Hello michael81 and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Please describe exactly how the machine is behaving.

Lets take a closer look with the following scans:

Please perform the following scan
- Please download DDS from here and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
aswMBR
- Download aswMBR.exe to your desktop.
- Double click the aswMBR.exe to run it.
- When asked if you want to download Avast's virus definitions please select Yes.
- Click the "Scan" button to start scan.
- On completion of the scan click save log, save it to your desktop and post in your next reply.
Please post both DDS logs and the aswMBR log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#3 michael81

Authentic Member

Authentic Member
51 posts

Posted 28 April 2012 - 02:29 PM

Thanks. Logs attached.

Attached Files

aswMBR.txt 3.17KB 287 downloads
Attach.txt 5.31KB 284 downloads
DDS.txt 11.34KB 265 downloads

#4 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 29 April 2012 - 07:09 AM

Hello michael81

There is no need to attach any logs, just paste them directly into your replies.

P2P Programs:
- P2P programs are a major source of Malware infections.
- From your log I see you have BitTornado 0.3.17. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
- The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
- If you wish to keep the program(s), please do not use them until your computer is cleaned.
- Information regarding the risk of using these programs can be found from here and here.
- It is strongly recommend that you uninstall any P2P programs you have on your system.
- To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Computer" and then on the "Uninstall or Change a Program" tab.
- A list of currently installed programs will be displayed.
- Find the "BitTornado 0.3.17" program, click on it once and then click on the "Uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
  
  PLEASE NOTE:
- Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
Please Clear Your Sun Java Cache
- Click on "Start", then on "Control Panel" and then on the Java icon (looks like a coffee cup). If you do not see the icon, look to your left and click "Switch to Classic View".
- On the "General" tab, under "Temporary Internet Files", click the "Settings" button.
- Next, click on the "Delete Files" button.
- There are two options in the window to clear the cache - ("Applications and Applets" and "Trace and Log Files").
- Leave BOTH Checked
- Click "OK" on Delete Temporary Files Window.
- Note: This deletes all of the Downloaded Applications and Applets from the Cache.
- Click "OK" to leave the Temporary Files Window.
- Click "OK" to leave the Java Control Panel.
TDSS Killer
- Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
- When the window opens, click on Change Parameters.
- Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
- Click on OK and then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Please post the TDSSKiller log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#5 michael81

Authentic Member

Authentic Member
51 posts

Posted 29 April 2012 - 08:13 AM

Thanks again for looking at this. Here's the TDSS log: 10:05:35.0805 2280 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 10:05:36.0148 2280 ============================================================ 10:05:36.0148 2280 Current date / time: 2012/04/29 10:05:36.0148 10:05:36.0148 2280 SystemInfo: 10:05:36.0148 2280 10:05:36.0148 2280 OS Version: 6.0.6002 ServicePack: 2.0 10:05:36.0148 2280 Product type: Workstation 10:05:36.0148 2280 ComputerName: MIKE-PC 10:05:36.0148 2280 UserName: Mike 10:05:36.0148 2280 Windows directory: C:\Windows 10:05:36.0148 2280 System windows directory: C:\Windows 10:05:36.0148 2280 Processor architecture: Intel x86 10:05:36.0148 2280 Number of processors: 2 10:05:36.0148 2280 Page size: 0x1000 10:05:36.0148 2280 Boot type: Normal boot 10:05:36.0148 2280 ============================================================ 10:05:37.0100 2280 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:05:37.0131 2280 ============================================================ 10:05:37.0131 2280 \Device\Harddisk0\DR0: 10:05:37.0131 2280 MBR partitions: 10:05:37.0131 2280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000 10:05:37.0131 2280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x38F6D800 10:05:37.0131 2280 ============================================================ 10:05:37.0178 2280 C: <-> \Device\Harddisk0\DR0\Partition1 10:05:37.0209 2280 D: <-> \Device\Harddisk0\DR0\Partition0 10:05:37.0209 2280 ============================================================ 10:05:37.0209 2280 Initialize success 10:05:37.0209 2280 ============================================================ 10:06:31.0904 3648 ============================================================ 10:06:31.0904 3648 Scan started 10:06:31.0904 3648 Mode: Manual; TDLFS; 10:06:31.0904 3648 ============================================================ 10:07:34.0912 3948 ============================================================ 10:07:34.0912 3948 Scan started 10:07:34.0912 3948 Mode: Manual; TDLFS; 10:07:34.0912 3948 ============================================================ 10:07:35.0100 3948 Scan interrupted by user! 10:07:35.0100 3948 Scan interrupted by user! 10:07:35.0100 3948 Scan interrupted by user! 10:07:35.0100 3948 ============================================================ 10:07:35.0100 3948 Scan finished 10:07:35.0100 3948 ============================================================ 10:07:35.0115 2824 Detected object count: 0 10:07:35.0115 2824 Actual detected object count: 0 10:07:37.0705 0496 ============================================================ 10:07:37.0705 0496 Scan started 10:07:37.0705 0496 Mode: Manual; TDLFS; 10:07:37.0705 0496 ============================================================ 10:07:37.0814 0496 Scan interrupted by user! 10:07:37.0814 0496 Scan interrupted by user! 10:07:37.0814 0496 Scan interrupted by user! 10:07:37.0814 0496 ============================================================ 10:07:37.0814 0496 Scan finished 10:07:37.0814 0496 ============================================================ 10:07:37.0830 2768 Detected object count: 0 10:07:37.0830 2768 Actual detected object count: 0 10:07:39.0202 0716 ============================================================ 10:07:39.0202 0716 Scan started 10:07:39.0202 0716 Mode: Manual; TDLFS; 10:07:39.0202 0716 ============================================================ 10:07:39.0421 0716 $sys$cor (53b049da317117645068f41ff6a6a80c) C:\Windows\system32\Drivers\$sys$cor.sys 10:07:39.0421 0716 $sys$cor - ok 10:07:39.0436 0716 $sys$crater (1a5e7c6cbaed64159c6b39be64f4c2ff) C:\Windows\system32\$sys$filesystem\crater.sys 10:07:39.0436 0716 $sys$crater - ok 10:07:39.0483 0716 $sys$DRMServer (3692633395142b264b0a73e4994f657f) C:\Windows\system32\$sys$filesystem\$sys$DRMServer.exe 10:07:39.0483 0716 $sys$DRMServer - ok 10:07:39.0592 0716 a016bus (b021d0ae4605ce5df67f06e741278cdf) C:\Windows\system32\DRIVERS\a016bus.sys 10:07:39.0608 0716 a016bus - ok 10:07:39.0655 0716 a016mdfl (5b6bc2de851012906d4aae84c802e3f2) C:\Windows\system32\DRIVERS\a016mdfl.sys 10:07:39.0655 0716 a016mdfl - ok 10:07:39.0702 0716 a016mdm (c80cffb5819ccfc97f2b09e2259dfde6) C:\Windows\system32\DRIVERS\a016mdm.sys 10:07:39.0702 0716 a016mdm - ok 10:07:39.0748 0716 a016mgmt (415243177ff67d3cfba44d931b809bf3) C:\Windows\system32\DRIVERS\a016mgmt.sys 10:07:39.0748 0716 a016mgmt - ok 10:07:39.0795 0716 a016obex (3a853f9b8b69541cde714a83a0a6434e) C:\Windows\system32\DRIVERS\a016obex.sys 10:07:39.0811 0716 a016obex - ok 10:07:39.0920 0716 aawservice (0629361fac4576ba48ab39f4903dce9e) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 10:07:39.0936 0716 aawservice - ok 10:07:39.0998 0716 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:07:40.0014 0716 ACPI - ok 10:07:40.0029 0716 adfs - ok 10:07:40.0107 0716 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe 10:07:40.0123 0716 Adobe Version Cue CS3 - ok 10:07:40.0185 0716 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 10:07:40.0201 0716 adp94xx - ok 10:07:40.0248 0716 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 10:07:40.0263 0716 adpahci - ok 10:07:40.0279 0716 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 10:07:40.0294 0716 adpu160m - ok 10:07:40.0310 0716 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 10:07:40.0310 0716 adpu320 - ok 10:07:40.0341 0716 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 10:07:40.0341 0716 AeLookupSvc - ok 10:07:40.0404 0716 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 10:07:40.0419 0716 AFD - ok 10:07:40.0450 0716 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 10:07:40.0450 0716 agp440 - ok 10:07:40.0466 0716 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:07:40.0466 0716 aic78xx - ok 10:07:40.0513 0716 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 10:07:40.0513 0716 ALG - ok 10:07:40.0528 0716 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys 10:07:40.0528 0716 aliide - ok 10:07:40.0544 0716 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 10:07:40.0544 0716 amdagp - ok 10:07:40.0560 0716 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys 10:07:40.0560 0716 amdide - ok 10:07:40.0591 0716 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 10:07:40.0591 0716 AmdK7 - ok 10:07:40.0606 0716 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 10:07:40.0606 0716 AmdK8 - ok 10:07:40.0653 0716 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 10:07:40.0653 0716 Appinfo - ok 10:07:40.0716 0716 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:07:40.0731 0716 Apple Mobile Device - ok 10:07:40.0747 0716 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 10:07:40.0747 0716 arc - ok 10:07:40.0762 0716 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 10:07:40.0778 0716 arcsas - ok 10:07:40.0809 0716 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:07:40.0809 0716 AsyncMac - ok 10:07:40.0856 0716 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:07:40.0856 0716 atapi - ok 10:07:40.0918 0716 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 10:07:40.0918 0716 AudioEndpointBuilder - ok 10:07:40.0934 0716 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 10:07:40.0934 0716 Audiosrv - ok 10:07:40.0981 0716 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:07:40.0981 0716 Beep - ok 10:07:40.0996 0716 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 10:07:41.0012 0716 BFE - ok 10:07:41.0106 0716 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 10:07:41.0152 0716 BITS - ok 10:07:41.0168 0716 blbdrive - ok 10:07:41.0246 0716 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 10:07:41.0246 0716 Bonjour Service - ok 10:07:41.0308 0716 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 10:07:41.0308 0716 bowser - ok 10:07:41.0340 0716 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:07:41.0340 0716 BrFiltLo - ok 10:07:41.0371 0716 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:07:41.0371 0716 BrFiltUp - ok 10:07:41.0402 0716 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 10:07:41.0418 0716 Browser - ok 10:07:41.0433 0716 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:07:41.0433 0716 Brserid - ok 10:07:41.0449 0716 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:07:41.0449 0716 BrSerWdm - ok 10:07:41.0464 0716 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:07:41.0464 0716 BrUsbMdm - ok 10:07:41.0480 0716 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:07:41.0480 0716 BrUsbSer - ok 10:07:41.0496 0716 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:07:41.0496 0716 BTHMODEM - ok 10:07:41.0542 0716 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:07:41.0542 0716 cdfs - ok 10:07:41.0605 0716 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:07:41.0605 0716 cdrom - ok 10:07:41.0652 0716 CD_Proxy (f67ff14ae3505bd29cc17bd0efd97dcc) C:\Windows\CDProxyServ.exe 10:07:41.0667 0716 CD_Proxy - ok 10:07:41.0714 0716 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 10:07:41.0714 0716 CertPropSvc - ok 10:07:41.0745 0716 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 10:07:41.0745 0716 circlass - ok 10:07:41.0808 0716 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:07:41.0823 0716 CLFS - ok 10:07:41.0901 0716 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:07:41.0901 0716 clr_optimization_v2.0.50727_32 - ok 10:07:41.0917 0716 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys 10:07:41.0917 0716 cmdide - ok 10:07:41.0932 0716 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 10:07:41.0932 0716 Compbatt - ok 10:07:41.0948 0716 COMSysApp - ok 10:07:41.0964 0716 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 10:07:41.0964 0716 crcdisk - ok 10:07:41.0979 0716 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 10:07:41.0979 0716 Crusoe - ok 10:07:42.0042 0716 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 10:07:42.0042 0716 CryptSvc - ok 10:07:42.0120 0716 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 10:07:42.0166 0716 DcomLaunch - ok 10:07:42.0198 0716 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 10:07:42.0198 0716 DfsC - ok 10:07:42.0307 0716 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 10:07:42.0369 0716 DFSR - ok 10:07:42.0494 0716 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 10:07:42.0510 0716 Dhcp - ok 10:07:42.0541 0716 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:07:42.0556 0716 disk - ok 10:07:42.0588 0716 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll 10:07:42.0603 0716 Dnscache - ok 10:07:42.0650 0716 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 10:07:42.0666 0716 dot3svc - ok 10:07:42.0712 0716 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 10:07:42.0712 0716 DPS - ok 10:07:42.0728 0716 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:07:42.0728 0716 drmkaud - ok 10:07:42.0775 0716 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe 10:07:42.0775 0716 DSBrokerService - ok 10:07:42.0837 0716 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 10:07:42.0837 0716 DSproct - ok 10:07:42.0853 0716 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys 10:07:42.0868 0716 dsunidrv - ok 10:07:42.0931 0716 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:07:42.0946 0716 DXGKrnl - ok 10:07:42.0978 0716 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 10:07:42.0993 0716 e1express - ok 10:07:43.0009 0716 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:07:43.0024 0716 E1G60 - ok 10:07:43.0071 0716 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 10:07:43.0071 0716 EapHost - ok 10:07:43.0134 0716 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:07:43.0134 0716 Ecache - ok 10:07:43.0227 0716 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 10:07:43.0227 0716 ehRecvr - ok 10:07:43.0290 0716 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 10:07:43.0290 0716 ehSched - ok 10:07:43.0305 0716 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 10:07:43.0305 0716 ehstart - ok 10:07:43.0336 0716 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 10:07:43.0352 0716 elxstor - ok 10:07:43.0430 0716 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 10:07:43.0461 0716 EMDMgmt - ok 10:07:43.0524 0716 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 10:07:43.0539 0716 EventSystem - ok 10:07:43.0602 0716 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:07:43.0602 0716 exfat - ok 10:07:43.0633 0716 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:07:43.0633 0716 fastfat - ok 10:07:43.0680 0716 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:07:43.0680 0716 fdc - ok 10:07:43.0726 0716 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 10:07:43.0726 0716 fdPHost - ok 10:07:43.0742 0716 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 10:07:43.0758 0716 FDResPub - ok 10:07:43.0804 0716 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:07:43.0804 0716 FileInfo - ok 10:07:43.0851 0716 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:07:43.0851 0716 Filetrace - ok 10:07:43.0945 0716 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 10:07:43.0976 0716 FLEXnet Licensing Service - ok 10:07:44.0023 0716 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 10:07:44.0023 0716 flpydisk - ok 10:07:44.0070 0716 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:07:44.0085 0716 FltMgr - ok 10:07:44.0179 0716 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll 10:07:44.0226 0716 FontCache - ok 10:07:44.0319 0716 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:07:44.0319 0716 FontCache3.0.0.0 - ok 10:07:44.0350 0716 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:07:44.0366 0716 Fs_Rec - ok 10:07:44.0382 0716 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 10:07:44.0382 0716 gagp30kx - ok 10:07:44.0413 0716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:07:44.0413 0716 GEARAspiWDM - ok 10:07:44.0491 0716 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 10:07:44.0522 0716 gpsvc - ok 10:07:44.0631 0716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:07:44.0631 0716 gupdate - ok 10:07:44.0647 0716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 10:07:44.0647 0716 gupdatem - ok 10:07:44.0709 0716 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:07:44.0725 0716 HDAudBus - ok 10:07:44.0756 0716 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:07:44.0756 0716 HidBth - ok 10:07:44.0772 0716 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:07:44.0772 0716 HidIr - ok 10:07:44.0850 0716 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 10:07:44.0865 0716 hidserv - ok 10:07:44.0912 0716 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:07:44.0912 0716 HidUsb - ok 10:07:44.0959 0716 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 10:07:44.0959 0716 hkmsvc - ok 10:07:44.0974 0716 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 10:07:44.0974 0716 HpCISSs - ok 10:07:45.0037 0716 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 10:07:45.0099 0716 HSF_DPV - ok 10:07:45.0130 0716 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 10:07:45.0146 0716 HSXHWBS2 - ok 10:07:45.0208 0716 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:07:45.0240 0716 HTTP - ok 10:07:45.0255 0716 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 10:07:45.0255 0716 i2omp - ok 10:07:45.0286 0716 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:07:45.0286 0716 i8042prt - ok 10:07:45.0349 0716 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 10:07:45.0364 0716 iaStor - ok 10:07:45.0396 0716 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 10:07:45.0396 0716 iaStorV - ok 10:07:45.0505 0716 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 10:07:45.0505 0716 IDriverT - ok 10:07:45.0661 0716 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:07:45.0692 0716 idsvc - ok 10:07:45.0786 0716 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 10:07:45.0832 0716 igfx - ok 10:07:45.0973 0716 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:07:45.0973 0716 iirsp - ok 10:07:46.0035 0716 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 10:07:46.0051 0716 IKEEXT - ok 10:07:46.0144 0716 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys 10:07:46.0207 0716 IntcAzAudAddService - ok 10:07:46.0269 0716 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys 10:07:46.0269 0716 intelide - ok 10:07:46.0316 0716 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:07:46.0316 0716 intelppm - ok 10:07:46.0347 0716 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 10:07:46.0363 0716 IPBusEnum - ok 10:07:46.0410 0716 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:07:46.0425 0716 IpFilterDriver - ok 10:07:46.0472 0716 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll 10:07:46.0488 0716 iphlpsvc - ok 10:07:46.0519 0716 IpInIp - ok 10:07:46.0550 0716 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 10:07:46.0550 0716 IPMIDRV - ok 10:07:46.0597 0716 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:07:46.0597 0716 IPNAT - ok 10:07:46.0706 0716 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe 10:07:46.0753 0716 iPod Service - ok 10:07:46.0800 0716 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:07:46.0800 0716 IRENUM - ok 10:07:46.0815 0716 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 10:07:46.0815 0716 isapnp - ok 10:07:46.0878 0716 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:07:46.0893 0716 iScsiPrt - ok 10:07:46.0893 0716 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:07:46.0909 0716 iteatapi - ok 10:07:46.0924 0716 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:07:46.0924 0716 iteraid - ok 10:07:46.0971 0716 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:07:46.0971 0716 kbdclass - ok 10:07:47.0002 0716 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 10:07:47.0018 0716 kbdhid - ok 10:07:47.0034 0716 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 10:07:47.0034 0716 KeyIso - ok 10:07:47.0080 0716 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:07:47.0112 0716 KSecDD - ok 10:07:47.0158 0716 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 10:07:47.0174 0716 KtmRm - ok 10:07:47.0221 0716 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll 10:07:47.0236 0716 LanmanServer - ok 10:07:47.0283 0716 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 10:07:47.0299 0716 LanmanWorkstation - ok 10:07:47.0361 0716 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:07:47.0361 0716 lltdio - ok 10:07:47.0408 0716 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 10:07:47.0424 0716 lltdsvc - ok 10:07:47.0455 0716 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 10:07:47.0470 0716 lmhosts - ok 10:07:47.0517 0716 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 10:07:47.0517 0716 LSI_FC - ok 10:07:47.0533 0716 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 10:07:47.0548 0716 LSI_SAS - ok 10:07:47.0580 0716 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 10:07:47.0580 0716 LSI_SCSI - ok 10:07:47.0626 0716 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:07:47.0626 0716 luafv - ok 10:07:47.0736 0716 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe 10:07:47.0751 0716 McciCMService - ok 10:07:47.0782 0716 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 10:07:47.0782 0716 Mcx2Svc - ok 10:07:47.0814 0716 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 10:07:47.0814 0716 mdmxsdk - ok 10:07:47.0860 0716 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 10:07:47.0860 0716 megasas - ok 10:07:47.0876 0716 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 10:07:47.0876 0716 MMCSS - ok 10:07:47.0923 0716 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:07:47.0923 0716 Modem - ok 10:07:47.0938 0716 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:07:47.0938 0716 monitor - ok 10:07:47.0985 0716 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:07:47.0985 0716 mouclass - ok 10:07:48.0001 0716 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:07:48.0016 0716 mouhid - ok 10:07:48.0048 0716 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:07:48.0063 0716 MountMgr - ok 10:07:48.0079 0716 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 10:07:48.0079 0716 mpio - ok 10:07:48.0126 0716 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:07:48.0141 0716 mpsdrv - ok 10:07:48.0204 0716 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 10:07:48.0235 0716 MpsSvc - ok 10:07:48.0282 0716 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:07:48.0282 0716 Mraid35x - ok 10:07:48.0328 0716 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 10:07:48.0328 0716 MREMP50 - ok 10:07:48.0328 0716 MREMP50a64 - ok 10:07:48.0344 0716 MREMPR5 - ok 10:07:48.0344 0716 MRENDIS5 - ok 10:07:48.0391 0716 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 10:07:48.0391 0716 MRESP50 - ok 10:07:48.0391 0716 MRESP50a64 - ok 10:07:48.0453 0716 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:07:48.0453 0716 MRxDAV - ok 10:07:48.0516 0716 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:07:48.0516 0716 mrxsmb - ok 10:07:48.0562 0716 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:07:48.0578 0716 mrxsmb10 - ok 10:07:48.0594 0716 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:07:48.0594 0716 mrxsmb20 - ok 10:07:48.0609 0716 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys 10:07:48.0609 0716 msahci - ok 10:07:48.0640 0716 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 10:07:48.0640 0716 msdsm - ok 10:07:48.0703 0716 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 10:07:48.0718 0716 MSDTC - ok 10:07:48.0765 0716 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:07:48.0765 0716 Msfs - ok 10:07:48.0796 0716 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:07:48.0796 0716 msisadrv - ok 10:07:48.0828 0716 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 10:07:48.0843 0716 MSiSCSI - ok 10:07:48.0843 0716 msiserver - ok 10:07:48.0890 0716 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:07:48.0890 0716 MSKSSRV - ok 10:07:48.0921 0716 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:07:48.0921 0716 MSPCLOCK - ok 10:07:48.0937 0716 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:07:48.0937 0716 MSPQM - ok 10:07:48.0999 0716 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:07:48.0999 0716 MsRPC - ok 10:07:49.0030 0716 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:07:49.0030 0716 mssmbios - ok 10:07:49.0030 0716 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:07:49.0030 0716 MSTEE - ok 10:07:49.0077 0716 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:07:49.0077 0716 Mup - ok 10:07:49.0108 0716 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 10:07:49.0124 0716 napagent - ok 10:07:49.0186 0716 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:07:49.0202 0716 NativeWifiP - ok 10:07:49.0233 0716 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:07:49.0249 0716 NDIS - ok 10:07:49.0296 0716 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:07:49.0296 0716 NdisTapi - ok 10:07:49.0358 0716 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:07:49.0358 0716 Ndisuio - ok 10:07:49.0405 0716 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:07:49.0405 0716 NdisWan - ok 10:07:49.0452 0716 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:07:49.0467 0716 NDProxy - ok 10:07:49.0483 0716 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:07:49.0483 0716 NetBIOS - ok 10:07:49.0530 0716 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:07:49.0545 0716 netbt - ok 10:07:49.0592 0716 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 10:07:49.0592 0716 Netlogon - ok 10:07:49.0654 0716 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 10:07:49.0670 0716 Netman - ok 10:07:49.0717 0716 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 10:07:49.0732 0716 netprofm - ok 10:07:49.0842 0716 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:07:49.0842 0716 NetTcpPortSharing - ok 10:07:49.0873 0716 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:07:49.0873 0716 nfrd960 - ok 10:07:49.0888 0716 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 10:07:49.0904 0716 NlaSvc - ok 10:07:49.0935 0716 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:07:49.0951 0716 Npfs - ok 10:07:49.0982 0716 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 10:07:49.0998 0716 nsi - ok 10:07:50.0013 0716 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:07:50.0013 0716 nsiproxy - ok 10:07:50.0122 0716 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:07:50.0169 0716 Ntfs - ok 10:07:50.0185 0716 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:07:50.0185 0716 ntrigdigi - ok 10:07:50.0185 0716 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:07:50.0185 0716 Null - ok 10:07:50.0216 0716 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 10:07:50.0216 0716 nvraid - ok 10:07:50.0232 0716 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 10:07:50.0232 0716 nvstor - ok 10:07:50.0247 0716 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 10:07:50.0263 0716 nv_agp - ok 10:07:50.0263 0716 NwlnkFlt - ok 10:07:50.0278 0716 NwlnkFwd - ok 10:07:50.0310 0716 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 10:07:50.0325 0716 ohci1394 - ok 10:07:50.0403 0716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:07:50.0403 0716 ose - ok 10:07:50.0497 0716 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:07:50.0528 0716 p2pimsvc - ok 10:07:50.0559 0716 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:07:50.0575 0716 p2psvc - ok 10:07:50.0606 0716 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:07:50.0606 0716 Parport - ok 10:07:50.0668 0716 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:07:50.0668 0716 partmgr - ok 10:07:50.0684 0716 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:07:50.0684 0716 Parvdm - ok 10:07:50.0731 0716 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 10:07:50.0731 0716 PcaSvc - ok 10:07:50.0793 0716 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:07:50.0793 0716 pci - ok 10:07:50.0809 0716 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 10:07:50.0809 0716 pciide - ok 10:07:50.0824 0716 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 10:07:50.0840 0716 pcmcia - ok 10:07:50.0887 0716 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:07:50.0918 0716 PEAUTH - ok 10:07:51.0043 0716 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 10:07:51.0090 0716 pla - ok 10:07:51.0214 0716 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 10:07:51.0230 0716 PlugPlay - ok 10:07:51.0308 0716 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:07:51.0308 0716 PNRPAutoReg - ok 10:07:51.0324 0716 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:07:51.0339 0716 PNRPsvc - ok 10:07:51.0370 0716 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 10:07:51.0386 0716 PolicyAgent - ok 10:07:51.0417 0716 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:07:51.0433 0716 PptpMiniport - ok 10:07:51.0448 0716 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 10:07:51.0464 0716 Processor - ok 10:07:51.0480 0716 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 10:07:51.0495 0716 ProfSvc - ok 10:07:51.0511 0716 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 10:07:51.0526 0716 ProtectedStorage - ok 10:07:51.0573 0716 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:07:51.0573 0716 PSched - ok 10:07:51.0620 0716 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 10:07:51.0620 0716 PxHelp20 - ok 10:07:51.0667 0716 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 10:07:51.0698 0716 ql2300 - ok 10:07:51.0714 0716 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:07:51.0714 0716 ql40xx - ok 10:07:51.0760 0716 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 10:07:51.0776 0716 QWAVE - ok 10:07:51.0823 0716 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:07:51.0823 0716 QWAVEdrv - ok 10:07:51.0932 0716 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 10:07:51.0994 0716 R300 - ok 10:07:52.0119 0716 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:07:52.0119 0716 RasAcd - ok 10:07:52.0166 0716 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 10:07:52.0166 0716 RasAuto - ok 10:07:52.0213 0716 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:07:52.0213 0716 Rasl2tp - ok 10:07:52.0291 0716 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 10:07:52.0291 0716 RasMan - ok 10:07:52.0353 0716 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:07:52.0353 0716 RasPppoe - ok 10:07:52.0384 0716 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:07:52.0384 0716 RasSstp - ok 10:07:52.0431 0716 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:07:52.0447 0716 rdbss - ok 10:07:52.0494 0716 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:07:52.0494 0716 RDPCDD - ok 10:07:52.0556 0716 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys 10:07:52.0572 0716 rdpdr - ok 10:07:52.0603 0716 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:07:52.0603 0716 RDPENCDD - ok 10:07:52.0634 0716 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:07:52.0650 0716 RDPWD - ok 10:07:52.0681 0716 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 10:07:52.0681 0716 RemoteAccess - ok 10:07:52.0712 0716 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 10:07:52.0728 0716 RemoteRegistry - ok 10:07:52.0837 0716 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 10:07:52.0868 0716 RoxMediaDB9 - ok 10:07:52.0899 0716 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 10:07:52.0915 0716 RoxWatch9 - ok 10:07:52.0930 0716 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 10:07:52.0946 0716 RpcLocator - ok 10:07:53.0008 0716 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 10:07:53.0024 0716 RpcSs - ok 10:07:53.0086 0716 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:07:53.0086 0716 rspndr - ok 10:07:53.0102 0716 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 10:07:53.0102 0716 SamSs - ok 10:07:53.0118 0716 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 10:07:53.0133 0716 SASDIFSV - ok 10:07:53.0180 0716 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 10:07:53.0180 0716 SASENUM - ok 10:07:53.0196 0716 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 10:07:53.0196 0716 SASKUTIL - ok 10:07:53.0227 0716 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:07:53.0227 0716 sbp2port - ok 10:07:53.0274 0716 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 10:07:53.0289 0716 SCardSvr - ok 10:07:53.0367 0716 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll 10:07:53.0430 0716 Schedule - ok 10:07:53.0476 0716 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 10:07:53.0476 0716 SCPolicySvc - ok 10:07:53.0523 0716 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 10:07:53.0539 0716 SDRSVC - ok 10:07:53.0554 0716 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:07:53.0554 0716 secdrv - ok 10:07:53.0586 0716 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 10:07:53.0601 0716 seclogon - ok 10:07:53.0632 0716 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 10:07:53.0632 0716 SENS - ok 10:07:53.0648 0716 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:07:53.0648 0716 Serenum - ok 10:07:53.0695 0716 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:07:53.0710 0716 Serial - ok 10:07:53.0726 0716 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:07:53.0742 0716 sermouse - ok 10:07:53.0804 0716 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 10:07:53.0804 0716 SessionEnv - ok 10:07:53.0820 0716 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 10:07:53.0835 0716 sffdisk - ok 10:07:53.0835 0716 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 10:07:53.0835 0716 sffp_mmc - ok 10:07:53.0851 0716 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 10:07:53.0851 0716 sffp_sd - ok 10:07:53.0866 0716 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 10:07:53.0866 0716 sfloppy - ok 10:07:53.0882 0716 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 10:07:53.0898 0716 SharedAccess - ok 10:07:54.0007 0716 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll 10:07:54.0022 0716 ShellHWDetection - ok 10:07:54.0038 0716 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 10:07:54.0038 0716 sisagp - ok 10:07:54.0054 0716 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 10:07:54.0054 0716 SiSRaid2 - ok 10:07:54.0069 0716 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 10:07:54.0069 0716 SiSRaid4 - ok 10:07:54.0241 0716 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 10:07:54.0381 0716 slsvc - ok 10:07:54.0506 0716 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 10:07:54.0522 0716 SLUINotify - ok 10:07:54.0615 0716 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:07:54.0615 0716 Smb - ok 10:07:54.0662 0716 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 10:07:54.0662 0716 SNMPTRAP - ok 10:07:54.0724 0716 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:07:54.0724 0716 spldr - ok 10:07:54.0771 0716 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe 10:07:54.0787 0716 Spooler - ok 10:07:54.0818 0716 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 10:07:54.0834 0716 srv - ok 10:07:54.0849 0716 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 10:07:54.0865 0716 srv2 - ok 10:07:54.0896 0716 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 10:07:54.0912 0716 srvnet - ok 10:07:54.0974 0716 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 10:07:54.0990 0716 SSDPSRV - ok 10:07:55.0021 0716 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 10:07:55.0036 0716 SstpSvc - ok 10:07:55.0099 0716 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 10:07:55.0114 0716 stisvc - ok 10:07:55.0177 0716 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 10:07:55.0177 0716 stllssvr - ok 10:07:55.0239 0716 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:07:55.0239 0716 swenum - ok 10:07:55.0302 0716 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 10:07:55.0348 0716 swprv - ok 10:07:55.0380 0716 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:07:55.0380 0716 Symc8xx - ok 10:07:55.0395 0716 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:07:55.0411 0716 Sym_hi - ok 10:07:55.0411 0716 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:07:55.0411 0716 Sym_u3 - ok 10:07:55.0489 0716 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 10:07:55.0504 0716 SysMain - ok 10:07:55.0536 0716 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 10:07:55.0536 0716 TabletInputService - ok 10:07:55.0582 0716 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 10:07:55.0629 0716 TapiSrv - ok 10:07:55.0676 0716 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 10:07:55.0676 0716 TBS - ok 10:07:55.0738 0716 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 10:07:55.0770 0716 Tcpip - ok 10:07:55.0785 0716 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 10:07:55.0785 0716 Tcpip6 - ok 10:07:55.0801 0716 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:07:55.0816 0716 tcpipreg - ok 10:07:55.0848 0716 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:07:55.0863 0716 TDPIPE - ok 10:07:55.0910 0716 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:07:55.0910 0716 TDTCP - ok 10:07:55.0957 0716 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:07:55.0957 0716 tdx - ok 10:07:56.0004 0716 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:07:56.0004 0716 TermDD - ok 10:07:56.0066 0716 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 10:07:56.0082 0716 TermService - ok 10:07:56.0144 0716 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll 10:07:56.0144 0716 Themes - ok 10:07:56.0191 0716 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 10:07:56.0191 0716 THREADORDER - ok 10:07:56.0206 0716 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 10:07:56.0206 0716 TrkWks - ok 10:07:56.0284 0716 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 10:07:56.0284 0716 TrustedInstaller - ok 10:07:56.0331 0716 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:07:56.0331 0716 tssecsrv - ok 10:07:56.0378 0716 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:07:56.0378 0716 tunmp - ok 10:07:56.0425 0716 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 10:07:56.0425 0716 tunnel - ok 10:07:56.0472 0716 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 10:07:56.0472 0716 uagp35 - ok 10:07:56.0503 0716 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:07:56.0518 0716 udfs - ok 10:07:56.0565 0716 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 10:07:56.0581 0716 UI0Detect - ok 10:07:56.0612 0716 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 10:07:56.0612 0716 uliagpkx - ok 10:07:56.0643 0716 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 10:07:56.0659 0716 uliahci - ok 10:07:56.0674 0716 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:07:56.0674 0716 UlSata - ok 10:07:56.0690 0716 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:07:56.0706 0716 ulsata2 - ok 10:07:56.0752 0716 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:07:56.0752 0716 umbus - ok 10:07:56.0799 0716 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 10:07:56.0815 0716 upnphost - ok 10:07:56.0877 0716 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 10:07:56.0877 0716 USBAAPL - ok 10:07:56.0924 0716 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:07:56.0924 0716 usbccgp - ok 10:07:56.0940 0716 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:07:56.0940 0716 usbcir - ok 10:07:57.0002 0716 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:07:57.0002 0716 usbehci - ok 10:07:57.0033 0716 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:07:57.0049 0716 usbhub - ok 10:07:57.0064 0716 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:07:57.0064 0716 usbohci - ok 10:07:57.0096 0716 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:07:57.0096 0716 usbprint - ok 10:07:57.0158 0716 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:07:57.0158 0716 usbscan - ok 10:07:57.0174 0716 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:07:57.0174 0716 USBSTOR - ok 10:07:57.0205 0716 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:07:57.0205 0716 usbuhci - ok 10:07:57.0252 0716 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 10:07:57.0252 0716 UxSms - ok 10:07:57.0298 0716 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 10:07:57.0330 0716 vds - ok 10:07:57.0376 0716 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 10:07:57.0376 0716 vga - ok 10:07:57.0423 0716 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:07:57.0423 0716 VgaSave - ok 10:07:57.0439 0716 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 10:07:57.0439 0716 viaagp - ok 10:07:57.0454 0716 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 10:07:57.0454 0716 ViaC7 - ok 10:07:57.0470 0716 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys 10:07:57.0470 0716 viaide - ok 10:07:57.0517 0716 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:07:57.0532 0716 volmgr - ok 10:07:57.0579 0716 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:07:57.0595 0716 volmgrx - ok 10:07:57.0657 0716 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:07:57.0673 0716 volsnap - ok 10:07:57.0720 0716 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 10:07:57.0735 0716 vsmraid - ok 10:07:57.0813 0716 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 10:07:57.0860 0716 VSS - ok 10:07:57.0922 0716 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 10:07:57.0938 0716 W32Time - ok 10:07:57.0985 0716 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:07:57.0985 0716 WacomPen - ok 10:07:58.0032 0716 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:07:58.0032 0716 Wanarp - ok 10:07:58.0032 0716 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:07:58.0047 0716 Wanarpv6 - ok 10:07:58.0078 0716 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 10:07:58.0094 0716 wcncsvc - ok 10:07:58.0110 0716 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 10:07:58.0125 0716 WcsPlugInService - ok 10:07:58.0141 0716 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 10:07:58.0141 0716 Wd - ok 10:07:58.0203 0716 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 10:07:58.0250 0716 Wdf01000 - ok 10:07:58.0281 0716 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 10:07:58.0297 0716 WdiServiceHost - ok 10:07:58.0297 0716 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 10:07:58.0312 0716 WdiSystemHost - ok 10:07:58.0359 0716 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 10:07:58.0406 0716 WebClient - ok 10:07:58.0437 0716 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll 10:07:58.0453 0716 Wecsvc - ok 10:07:58.0500 0716 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 10:07:58.0500 0716 wercplsupport - ok 10:07:58.0546 0716 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 10:07:58.0562 0716 WerSvc - ok 10:07:58.0640 0716 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 10:07:58.0687 0716 winachsf - ok 10:07:58.0749 0716 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 10:07:58.0765 0716 WinDefend - ok 10:07:58.0780 0716 WinHttpAutoProxySvc - ok 10:07:58.0874 0716 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 10:07:58.0874 0716 Winmgmt - ok 10:07:58.0952 0716 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll 10:07:58.0983 0716 WinRM - ok 10:07:59.0061 0716 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 10:07:59.0077 0716 Wlansvc - ok 10:07:59.0170 0716 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:07:59.0217 0716 wlidsvc - ok 10:07:59.0280 0716 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe 10:07:59.0295 0716 WLSetupSvc - ok 10:07:59.0404 0716 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 10:07:59.0404 0716 WmiAcpi - ok 10:07:59.0498 0716 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 10:07:59.0498 0716 wmiApSrv - ok 10:07:59.0607 0716 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 10:07:59.0623 0716 WMPNetworkSvc - ok 10:07:59.0685 0716 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 10:07:59.0701 0716 WPCSvc - ok 10:07:59.0748 0716 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 10:07:59.0748 0716 WPDBusEnum - ok 10:07:59.0794 0716 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:07:59.0794 0716 WpdUsb - ok 10:07:59.0841 0716 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:07:59.0841 0716 ws2ifsl - ok 10:07:59.0872 0716 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 10:07:59.0888 0716 wscsvc - ok 10:07:59.0888 0716 WSearch - ok 10:08:00.0028 0716 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 10:08:00.0075 0716 wuauserv - ok 10:08:00.0200 0716 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:08:00.0200 0716 WUDFRd - ok 10:08:00.0247 0716 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 10:08:00.0247 0716 wudfsvc - ok 10:08:00.0262 0716 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 10:08:00.0278 0716 XAudio - ok 10:08:00.0309 0716 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe 10:08:00.0325 0716 XAudioService - ok 10:08:00.0340 0716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:08:00.0543 0716 \Device\Harddisk0\DR0 - ok 10:08:00.0559 0716 Boot (0x1200) (b6e05c0220271804e78713efb08b4b66) \Device\Harddisk0\DR0\Partition0 10:08:00.0559 0716 \Device\Harddisk0\DR0\Partition0 - ok 10:08:00.0574 0716 Boot (0x1200) (e10ca2dd63b029878d0323fdcdd9983a) \Device\Harddisk0\DR0\Partition1 10:08:00.0574 0716 \Device\Harddisk0\DR0\Partition1 - ok 10:08:00.0574 0716 ============================================================ 10:08:00.0574 0716 Scan finished 10:08:00.0574 0716 ============================================================ 10:08:00.0590 2680 Detected object count: 0 10:08:00.0590 2680 Actual detected object count: 0

#6 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 29 April 2012 - 10:02 AM

Hello michael81

Thank you for the log.

Can you please confirm to me that you cleared your Java Cache?

Please post a new aswMBR log for me to review.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#7 michael81

Authentic Member

Authentic Member
51 posts

Posted 29 April 2012 - 06:11 PM

Hello again. Yes, I can confirm that I cleared the Java cache. I cleared it again before running MBR this time as well. Here's the new log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-29 19:37:49 ----------------------------- 19:37:49.627 OS Version: Windows 6.0.6002 Service Pack 2 19:37:49.627 Number of processors: 2 586 0xF0D 19:37:49.643 ComputerName: MIKE-PC UserName: Mike 19:37:50.703 Initialize success 19:37:56.335 AVAST engine defs: 12042801 19:37:59.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:37:59.346 Disk 0 Vendor: ST3500630AS 3.ADG Size: 476940MB BusType: 3 19:37:59.377 Disk 0 MBR read successfully 19:37:59.377 Disk 0 MBR scan 19:37:59.424 Disk 0 Windows VISTA default MBR code 19:37:59.424 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63 19:37:59.455 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304 19:37:59.471 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466651 MB offset 21069824 19:37:59.471 Disk 0 scanning sectors +976771072 19:37:59.689 Disk 0 scanning C:\Windows\system32\drivers 19:38:19.113 Service scanning 19:38:20.174 Service $sys$DRMServer C:\Windows\system32\$sys$filesystem\$sys$DRMServer.exe **INFECTED** Win32:Rootkit-gen [Rtk] 19:38:23.746 Service CD_Proxy C:\Windows\CDProxyServ.exe **INFECTED** Win32:Rootkit-gen [Rtk] 19:38:50.797 Modules scanning 19:38:59.673 Disk 0 trace - called modules: 19:38:59.720 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys 19:38:59.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83eed278] 19:38:59.735 3 CLASSPNP.SYS[85bac8b3] -> nt!IofCallDriver -> [0x83cee918] 19:38:59.751 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8334ab98] 19:39:00.593 AVAST engine scan C:\Windows 19:39:01.155 File: C:\Windows\CDProxyServ.exe **INFECTED** Win32:Rootkit-gen [Rtk] 19:39:10.827 AVAST engine scan C:\Windows\system32 19:39:11.014 File: C:\Windows\system32\$sys$caj.dll **INFECTED** Win32:Rootkit-gen [Rtk] 19:39:11.077 File: C:\Windows\system32\$sys$upgtool.exe **INFECTED** Win32:Rootkit-gen [Rtk] 19:42:47.228 AVAST engine scan C:\Windows\system32\drivers 19:43:12.703 AVAST engine scan C:\Users\Mike 20:08:16.130 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat" 20:08:16.145 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR2.txt"

#8 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 30 April 2012 - 12:54 AM

Hello michael81

Yes, I can confirm that I cleared the Java cache

Thank you for letting me know.

If you use this machine for any kind of financial transactions please go to an uninfected machine and change all of your passwords.

Combofix
Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:

In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the Combofix log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#9 michael81

Authentic Member

Authentic Member
51 posts

Posted 01 May 2012 - 09:16 PM

Sorry to take so long to respond. Here's the ComboFix log: ComboFix 12-05-01.03 - Mike 05/01/2012 22:37:34.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.386 [GMT -4:00] Running from: c:\users\Mike\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mike\Documents\~WRL2770.tmp c:\users\Mike\Documents\~WRL3633.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_$SYS$ARIES -------\Service_$sys$DRMServer -------\Service_CD_Proxy . . ((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 ))))))))))))))))))))))))))))))) . . 2012-05-02 02:50 . 2012-05-02 02:50 -------- d-----w- c:\users\wooten\AppData\Local\temp 2012-04-27 23:58 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CECB1496-6BDF-4E99-B2E8-EE7D24F48B57}\mpengine.dll 2012-04-10 11:50 . 2012-04-10 11:49 472808 ----a-w- c:\windows\system32\deployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-17 23:08 . 2012-03-17 23:08 161792 ----a-w- c:\windows\system32\msls31.dll 2012-03-17 23:08 . 2012-03-17 23:08 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-03-17 23:08 . 2012-03-17 23:08 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-17 23:08 . 2012-03-17 23:08 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-17 23:08 . 2012-03-17 23:08 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-17 23:08 . 2012-03-17 23:08 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-03-17 23:08 . 2012-03-17 23:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-17 23:08 . 2012-03-17 23:08 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-03-17 23:08 . 2012-03-17 23:08 367104 ----a-w- c:\windows\system32\html.iec 2012-03-17 23:08 . 2012-03-17 23:08 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-17 23:08 . 2012-03-17 23:08 152064 ----a-w- c:\windows\system32\wextract.exe 2012-03-17 23:08 . 2012-03-17 23:08 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-03-17 23:08 . 2012-03-17 23:08 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-03-17 23:08 . 2012-03-17 23:08 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-03-17 23:08 . 2012-03-17 23:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-03-17 23:08 . 2012-03-17 23:08 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-03-17 23:08 . 2012-03-17 23:08 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-03-17 23:08 . 2012-03-17 23:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-17 23:08 . 2012-03-17 23:08 11776 ----a-w- c:\windows\system32\mshta.exe 2012-03-17 23:08 . 2012-03-17 23:08 101888 ----a-w- c:\windows\system32\admparse.dll 2012-03-17 23:08 . 2012-03-17 23:08 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-17 23:07 . 2012-03-17 23:07 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-03-17 23:07 . 2012-03-17 23:07 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2012-03-17 23:07 . 2012-03-17 23:07 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2012-03-17 23:07 . 2012-03-17 23:07 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-03-17 23:07 . 2012-03-17 23:07 2873344 ----a-w- c:\windows\system32\mf.dll 2012-03-17 23:07 . 2012-03-17 23:07 98816 ----a-w- c:\windows\system32\mfps.dll 2012-03-17 23:07 . 2012-03-17 23:07 586240 ----a-w- c:\windows\system32\stobject.dll 2012-03-17 23:07 . 2012-03-17 23:07 209920 ----a-w- c:\windows\system32\mfplat.dll 2012-03-17 23:07 . 2012-03-17 23:07 797184 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 23:07 . 2012-03-17 23:07 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-17 23:07 . 2012-03-17 23:07 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-03-17 23:07 . 2012-03-17 23:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-03-17 23:07 . 2012-03-17 23:07 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-17 23:07 . 2012-03-17 23:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2012-03-17 23:07 . 2012-03-17 23:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-17 23:07 . 2012-03-17 23:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-17 23:07 . 2012-03-17 23:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-17 23:07 . 2012-03-17 23:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-03-17 23:07 . 2012-03-17 23:07 478720 ----a-w- c:\windows\system32\dxgi.dll 2012-03-17 23:07 . 2012-03-17 23:07 189952 ----a-w- c:\windows\system32\d3d10core.dll 2012-03-17 23:07 . 2012-03-17 23:07 1029120 ----a-w- c:\windows\system32\d3d10.dll 2012-03-17 23:07 . 2012-03-17 23:07 37376 ----a-w- c:\windows\system32\cdd.dll 2012-03-17 23:07 . 2012-03-17 23:07 847360 ----a-w- c:\windows\system32\OpcServices.dll 2012-03-17 23:07 . 2012-03-17 23:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-03-17 23:07 . 2012-03-17 23:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-03-17 23:07 . 2012-03-17 23:07 258048 ----a-w- c:\windows\system32\winspool.drv 2012-03-17 23:07 . 2012-03-17 23:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2012-03-17 23:07 . 2012-03-17 23:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2012-02-23 14:18 . 2009-10-04 15:36 237072 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-16 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3526811434-3959650205-2272629206-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3526811434-3959650205-2272629206-1001] "EnableNotificationsRef"=dword:00000001 . S0 $sys$cor;$sys$cor;c:\windows\System32\Drivers\$sys$cor.sys [2005-07-04 18432] S1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [2005-07-04 11904] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 03:13] . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 03:13] . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3526811434-3959650205-2272629206-1000Core.job - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 14:35] . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3526811434-3959650205-2272629206-1000UA.job - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 14:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://att.my.yahoo.com/ uInternet Settings,ProxyServer = http= uInternet Settings,ProxyOverride = localhost;*.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) AddRemove-AT&T Yahoo! Browser Configuration - c:\program files\SBC Yahoo!\Connection Manager\uninstATTConfig.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Windows Calendar\WinCal.exe c:\windows\RtHDVCpl.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\igfxsrvc.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-05-01 23:11:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-02 03:10 . Pre-Run: 329,486,913,536 bytes free Post-Run: 330,266,501,120 bytes free . - - End Of File - - 46D023821CD45495F9F1B74A85F6D334

#10 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 02 May 2012 - 11:56 AM

Hello michael81

Thank you for the log.

Sorry to take so long to respond

No problem

Please scan the following files
- Please go to VirusTotal
- On the page you'll find a "Choose File" button.
- Click on the Choose File button.
- In the File Upload window which opens, copy and paste this into the File Name box.
c:\windows\System32\Drivers\$sys$cor.sys
- Next, click the Open button.
- Then click the "Send File" button just below.
- This will scan the file. Please be patient.
- If you get a message saying File has already been analyzed: click Reanalyze file now.
- If you are notified that any of the files cannot be found let me know.
- Once scanned, copy and paste the link to the results page in your next reply.
- Repeat for the following files:
c:\windows\system32\$sys$filesystem\crater.sys

C:\Windows\system32\$sys$caj.dll

C:\Windows\system32\$sys$upgtool.exe
Please download SystemLook by JPShortstuff
- Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
- Right click on SystemLook.exe and select "Run as Administrator" to run the program.
- Copy the content of the following codebox into the main textfield:
```
:dir
c:\windows\system32\$sys$filesystem /s
```
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt
Post the links to the Virus Total results pages and the SystemLook log in your next reply.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

Advertisements

Register to Remove

#11 michael81

Authentic Member

Authentic Member
51 posts

Posted 02 May 2012 - 01:42 PM

JonTom, Here's the results of the scans. I hope I provided correct information regarding the totalvirus links. If not, I can re-run the scan. Thanks so much for your help! SHA256: e7e2d71ddacd4afd7fb07cd096c8c3ad02f37cfb2b0f94cdbbbecafd0b4749f7 SHA256: 5db9fc7c00e1d59fc28bb993fcbc42e0826ab42647219d731e814c9ba1c95442 SHA256: f2b98cc7e1ff15be623a37a992b6bb70bc5553b8cc368df453cd539749e502f7 SHA256: 1845ec49e67c0a8f4bb8ec8885856343bc3ee38e7544eb8fb39076a0418e2fe3 SystemLook 30.07.11 by jpshortstuff Log created at 15:39 on 02/05/2012 by Mike Administrator - Elevation successful ========== dir ========== c:\windows\system32\$sys$filesystem - Parameters: "/s" ---Files--- $sys$DRMServer.exe --a---- 307200 bytes [09:00 22/06/2004] [09:49 14/12/2004] $sys$parking --a---- 2317 bytes [18:30 15/12/2007] [18:31 15/12/2007] crater.sys --a---- 11904 bytes [07:57 07/10/2004] [10:51 04/07/2005] DbgHelp.dll --a---- 765440 bytes [08:34 22/06/2004] [14:43 07/10/2004] lim.sys --a---- 17920 bytes [10:08 14/07/2005] [09:51 14/07/2005] oct.sys --a---- 12032 bytes [16:28 31/03/2005] [14:13 04/07/2005] Unicows.dll --a---- 246424 bytes [08:34 22/06/2004] [14:43 07/10/2004] No folders found. -= EOF =-

#12 michael81

Authentic Member

Authentic Member
51 posts

Posted 02 May 2012 - 01:47 PM

JonTom, I just realized that I was running Windows Defender at the time I ran the most recent scans. Do I need to disable Defender and re-run the scans?

#13 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 02 May 2012 - 02:00 PM

Hello michael81

Do I need to disable Defender and re-run the scans?

I do not think it will interfere.

I hope I provided correct information regarding the totalvirus links

Almost...

Please re-scan each of the files again. When the scan for a particular file has completed and the results are displayed on your screen, Right click anywhere in the address bar of your web browser and select "Copy".

Open notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").

Once notepad is open, Right click in the open notepad window and select "Paste".

The copied link will be pasted into notepad.

Once the link to the results page is pasted into notepad, rescan the remaining files and copy the links to their respective results pages as you did before, then post all of the links in your next reply.

If you encounter any problems just let me know

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

#14 michael81

Authentic Member

Authentic Member
51 posts

Posted 02 May 2012 - 02:32 PM

Here we go:

https://www.virustot...sis/1335990136/

https://www.virustot...sis/1335990263/

https://www.virustot...sis/1335990422/

https://www.virustot...sis/1335990535/

#15 JonTom

Teacher Emeritus

Malware Team
5,496 posts

Posted 02 May 2012 - 05:02 PM

Hello michael81

Good job getting those links

If you use this machine for any kind of financial transactions it would be wise to use an uninfected machine to change all of your passwords.

We need to use Combofix again but this time we will be running it in a slightly different way.

Please work through the following steps
Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

Copy and Paste the text in the codebox below (including the link) into the open Notepad window (do not include the word "code"):

http://forums.whatthetech.com/index.php?showtopic=123034

Collect::
C:\Windows\System32\$sys$caj.dll
C:\Windows\System32\$sys$upgtool.exe

Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
Close any open browsers.
Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Refering to the picture below, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Once the log is produced, re-engage your resident anti virus.
Note: When ComboFix finishes running, the ComboFix log will open along with a message box - do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

Please post the Combofix log in your next reply along with a new aswMBR log.

Would you like to help others? Join the Classroom and learn how.

Member of UNITE
Proud Graduate of the WTT Classroom

Body Background

skin color theme