Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-directs to mevio whenever doing a search


  • This topic is locked This topic is locked
44 replies to this topic

#1 djny2k

djny2k

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 April 2012 - 04:33 PM

Below is DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Saad at 17:25:00 on 2012-04-02
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.4094.2078 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\agent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Users\Saad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Saad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Saad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\Users\Saad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\Saad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Saad\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2011\spy.htm
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2011\spy.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://email.carefirst.com/ondemand/SodaAgent.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3275F1BC-B5EA-44A5-9F59-696C473150D1} : NameServer = 129.166.9.101,129.166.32.150
TCP: Interfaces\{5FF20B45-11AC-4878-944C-D92FFA2DD407} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\2375942554936303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\242796474716E6973702E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\242796474716E697723702E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\43B4A47523 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C25C7A89-92BB-45C8-A2B6-A5992588D786}\D4F656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D33F150B-DB8E-4AF5-8391-B4A72657F27F} : DhcpNameServer = 172.26.38.1 172.26.38.2
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
IE-X64: {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2011\spy.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\n4yh5u2v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Saad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Saad\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Saad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Saad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R2 6077757b;6077757b;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Agent;Agent;C:\Windows\agent_x64.exe [2012-3-10 102912]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-1 652360]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-21 239648]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwLv64.sys --> C:\Windows\system32\DRIVERS\NETwLv64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 pedracwq;pedracwq;\??\C:\Windows\system32\drivers\pedracwq.sys --> C:\Windows\system32\drivers\pedracwq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.2.0.0;C:\Windows\system32\drivers\libusb0.sys --> C:\Windows\system32\drivers\libusb0.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 R5U870FLamd64;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLamd64.sys --> C:\Windows\system32\Drivers\R5U870FLamd64.sys [?]
S3 R5U870FUamd64;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUamd64.sys --> C:\Windows\system32\Drivers\R5U870FUamd64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rvd;TIB/Rendezvous Communications Daemon;C:\Windows\rvntsctl.exe "rvd" --> C:\Windows\rvntsctl.exe rvd [?]
S3 TIBCOAdmin-MGM;TIBCO Administrator 5.7 (MGM);C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice "TIBCOAdmin-MGM" --> C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice TIBCOAdmin-MGM [?]
S3 tibemsd;TIBCO EMS Server (PID: 672);C:\Windows\emsntsct.exe "tibemsd" --> C:\Windows\emsntsct.exe tibemsd [?]
S3 tibemsmcd;TIBCO EMS Multicast Daemon;C:\Windows\emsntsct.exe "tibemsmcd" --> C:\Windows\emsntsct.exe tibemsmcd [?]
S3 TIBHawkAgent-MGM-SONY-VAIO;TIBCO Hawk Agent (MGM);C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice "TIBHawkAgent-MGM-SONY-VAIO" --> C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice TIBHawkAgent-MGM-SONY-VAIO [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 367456]
.
=============== Created Last 30 ================
.
2012-04-02 19:02:43 50000 ----a-w- C:\Windows\System32\drivers\pedracwq.sys
2012-04-02 16:54:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23582453-34F1-43D4-AC73-173598AD5A9C}\offreg.dll
2012-04-02 00:58:21 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2012-04-01 02:12:34 -------- d-----we C:\Windows\system64
2012-03-31 23:30:43 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23582453-34F1-43D4-AC73-173598AD5A9C}\mpengine.dll
2012-03-31 17:07:01 98816 ----a-w- C:\Windows\sed.exe
2012-03-31 17:07:01 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-31 17:07:01 256000 ----a-w- C:\Windows\PEV.exe
2012-03-31 17:07:01 208896 ----a-w- C:\Windows\MBR.exe
2012-03-31 17:06:52 -------- d-s---w- C:\ComboFix
2012-03-31 07:46:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-31 07:36:49 -------- d-----w- C:\Users\Saad\AppData\Roaming\IDM
2012-03-31 07:36:49 -------- d-----w- C:\Users\Saad\AppData\Roaming\DMCache
2012-03-31 07:36:45 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2012-03-31 05:55:45 -------- d-----w- C:\Users\Saad\AppData\Local\{F48A3F68-790C-4B2D-8E61-88AE465C65CC}
2012-03-29 06:18:31 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-27 16:09:41 -------- d-----w- C:\Users\Saad\AppData\Local\{FC4DA388-406E-4F14-8331-C6DE93031D34}
2012-03-27 16:09:29 -------- d-----w- C:\Users\Saad\AppData\Local\{1D47D428-BDA2-4E72-A8F9-5EA2DB1256AD}
2012-03-26 15:55:48 -------- d-----w- C:\Users\Saad\AppData\Local\{2804F50D-605D-4C64-A8F9-141249270024}
2012-03-26 15:55:36 -------- d-----w- C:\Users\Saad\AppData\Local\{28F580CB-AA96-426F-A068-9F8CBD2E4D1F}
2012-03-25 04:46:22 -------- d-----w- C:\SL
2012-03-25 04:44:27 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-03-25 03:14:35 -------- d-----w- C:\Users\Saad\AppData\Local\{1B1BDD08-E444-4291-85D8-5C00039CE73A}
2012-03-25 03:14:00 -------- d-----w- C:\Users\Saad\AppData\Local\{95B406A8-7A43-4E9B-9821-665AC240E273}
2012-03-24 04:15:26 -------- d-----w- C:\Users\Saad\AppData\Local\{7213036E-9A47-41FA-B024-F656676D5DFC}
2012-03-24 04:15:02 -------- d-----w- C:\Users\Saad\AppData\Local\{76EFCE9F-175A-4D2D-8955-AD4E693CA58F}
2012-03-24 03:14:53 -------- d-----w- C:\ProgramData\GetRight
2012-03-24 03:14:22 -------- d-----w- C:\Users\Saad\AppData\Roaming\GetRight
2012-03-21 05:15:46 -------- d-----w- C:\Users\Saad\AppData\Local\{E0F81D45-EE04-4636-980F-436898401A2F}
2012-03-20 14:52:00 -------- d-----w- C:\Users\Saad\AppData\Local\{DCFA73C7-7FBB-4736-A511-5519394E5CA4}
2012-03-20 14:51:46 -------- d-----w- C:\Users\Saad\AppData\Local\{BB5FC2FD-3C7A-49DC-8FA4-4F2B84B2D1BF}
2012-03-19 15:52:00 -------- d-----w- C:\Program Files (x86)\MSECache
2012-03-19 15:45:57 -------- d-----w- C:\Users\Saad\AppData\Roaming\Softplicity
2012-03-18 20:08:31 -------- d-----w- C:\Users\Saad\AppData\Local\{A2A564AC-529F-4027-AB94-E5AF9F36E510}
2012-03-18 20:08:19 -------- d-----w- C:\Users\Saad\AppData\Local\{C173D582-BE75-4A06-B096-6DE318BB2D90}
2012-03-17 16:39:45 -------- d-----w- C:\Users\Saad\AppData\Local\{9EF5E130-EBE8-4BCD-A05E-EABA73692EDC}
2012-03-17 16:39:21 -------- d-----w- C:\Users\Saad\AppData\Local\{4915280F-C0E1-47F3-9679-F74C87E14472}
2012-03-17 02:30:48 -------- d-----w- C:\Users\Saad\AppData\Local\{838D73D1-E7FB-47FB-8250-C69413622F65}
2012-03-17 02:30:33 -------- d-----w- C:\Users\Saad\AppData\Local\{F30A37C7-E417-450B-87C7-FEE0F12869F7}
2012-03-16 11:08:36 149640 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-03-14 19:12:22 -------- d-----w- C:\Users\Saad\AppData\Local\{EA0F6631-6F18-4EDE-B61B-731C9F49389C}
2012-03-14 19:12:10 -------- d-----w- C:\Users\Saad\AppData\Local\{A8A15C49-7939-45B2-BE30-B3FC3582EC12}
2012-03-14 02:16:41 -------- d-----w- C:\Users\Saad\AppData\Local\{AA4A3F2A-A344-4621-80A9-285EDDD9C138}
2012-03-14 02:16:30 -------- d-----w- C:\Users\Saad\AppData\Local\{C1B7C043-EFE3-4FBE-BF23-D01F3313FF50}
2012-03-13 18:54:36 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-13 18:54:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:54:34 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 18:53:11 -------- d-----w- C:\Users\Saad\AppData\Local\{8BE45DE2-B72D-4962-AE61-091265DAAE79}
2012-03-13 18:30:24 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 18:30:22 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 18:30:22 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 18:29:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 18:29:42 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-13 18:29:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 18:29:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 18:29:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 18:29:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 18:29:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 18:29:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-12 17:25:16 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-03-12 15:32:57 -------- d-----w- C:\Users\Saad\AppData\Local\{A8E82BAC-2C6E-4564-AFF3-0298930F24C2}
2012-03-12 15:32:45 -------- d-----w- C:\Users\Saad\AppData\Local\{3B5205AA-68B4-4653-868E-48FE76F0C8E8}
2012-03-12 06:17:07 -------- d-----w- C:\Users\Saad\AppData\Local\{E7825AB9-75F1-40C6-AABF-9FA3623188B6}
2012-03-11 16:37:22 -------- d-----w- C:\ProgramData\SpeedBit
2012-03-11 16:37:18 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2012-03-11 16:37:18 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2012-03-11 16:37:18 -------- d-----w- C:\Program Files (x86)\DAP
2012-03-11 16:37:18 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2012-03-11 16:32:47 29184 ----a-r- C:\Users\Saad\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-03-11 16:32:46 -------- d-----w- C:\Program Files (x86)\mkv2vob
2012-03-10 21:47:57 -------- d-----w- C:\Users\Saad\AppData\Local\The Neat Company
2012-03-10 21:43:45 102912 ----a-w- C:\Windows\agent_x64.exe
2012-03-10 21:43:45 -------- d-----w- C:\Program Files\Send To Neat
2012-03-10 21:39:23 52224 ----a-w- C:\Windows\System32\sdtnpm.dll
2012-03-10 21:31:56 -------- d-----w- C:\Program Files (x86)\Common Files\Comscan
2012-03-10 21:31:16 -------- d-----w- C:\Program Files (x86)\Common Files\NeatReceipts
2012-03-10 21:30:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-03-10 21:29:27 -------- d-----w- C:\Program Files\Common Files\The Neat Company
2012-03-10 21:18:09 -------- d-----w- C:\Program Files (x86)\Neat
2012-03-10 14:59:13 -------- d-----w- C:\Users\Saad\AppData\Local\{F443EE2C-A1AD-4F6C-B2D6-47A9F207290B}
2012-03-10 14:58:51 -------- d-----w- C:\Users\Saad\AppData\Local\{C1B8C90A-4CF4-4983-97BC-00156DF94DCE}
2012-03-09 20:42:27 -------- d-----w- C:\Users\Saad\AppData\Local\{BF46F78A-3F77-4A9A-9104-3EE9177F88CB}
2012-03-09 20:42:03 -------- d-----w- C:\Users\Saad\AppData\Local\{A99E76B5-D13F-4913-892E-698F9E89A58C}
2012-03-09 18:13:07 -------- d-----w- C:\Program Files\iPod
2012-03-09 18:13:06 -------- d-----w- C:\Program Files\iTunes
2012-03-09 18:13:06 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-06 20:55:39 -------- d-----w- C:\Users\Saad\AppData\Local\{A1D53CA5-2EF1-4791-9585-3A300884F7CB}
2012-03-06 20:55:20 -------- d-----w- C:\Users\Saad\AppData\Local\{46F8FAC7-D7EC-4CE1-ACF3-1D1952183415}
2012-03-05 23:33:47 -------- d-----w- C:\StoredProc
2012-03-05 03:09:33 -------- d-----w- C:\Users\Saad\AppData\Local\{83650B5A-8829-4512-A563-B4D3B942CFF6}
2012-03-05 03:09:10 -------- d-----w- C:\Users\Saad\AppData\Local\{D08A85AE-B536-4888-9BA2-7BD9A48A7E78}
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-18 01:09:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-17 08:26:52 13844000 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 17:25:51.75 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 02 April 2012 - 05:21 PM

Hello djny2k,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need to get a little more information before we begin.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 April 2012 - 07:36 PM

aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 20:27:50
-----------------------------
20:27:50.773 OS Version: Windows x64 6.1.7601 Service Pack 1
20:27:50.773 Number of processors: 2 586 0x1706
20:27:50.773 ComputerName: SONY-VAIO UserName: Saad
20:27:51.896 Initialize success
20:28:02.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:28:02.731 Disk 0 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 11
20:28:02.747 Disk 0 MBR read successfully
20:28:02.763 Disk 0 MBR scan
20:28:02.763 Disk 0 Windows 7 default MBR code
20:28:02.809 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9049 MB offset 2048
20:28:02.825 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 181730 MB offset 18534400
20:28:02.872 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
20:28:02.887 Disk 0 scanning C:\Windows\system32\drivers
20:28:18.161 Service scanning
20:29:06.478 Modules scanning
20:29:06.494 Disk 0 trace - called modules:
20:29:06.525 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:29:06.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c21360]
20:29:07.055 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800475c680]
20:29:07.071 Scan finished successfully
20:32:58.126 Disk 0 MBR has been saved successfully to "C:\Users\Saad\Desktop\MBR.dat"
20:32:58.142 The log file has been saved successfully to "C:\Users\Saad\Desktop\aswMBR.txt"








Results.txt Log:

ListParts by Farbar Version: 12-03-2012 03
Ran by Saad (administrator) on 02-04-2012 at 20:34:42
Windows 7 (X64)
Running From: C:\Users\Saad\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 4094.43 MB
Available physical RAM: 2696.03 MB
Total Pagefile: 8187.05 MB
Available Pagefile: 6675.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:177.47 GB) (Free:51.35 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 186 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 8 GB 1024 KB
Partition 2 Primary 177 GB 8 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Recovery NTFS Partition 8 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 177 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 02 April 2012 - 09:16 PM

Hello,


Please run the following.


1.
Please download and run unhide.exe.

2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 April 2012 - 10:36 PM

I don't see issues with the browser but the computer is still running a little slow.


Combofix Log:



ComboFix 12-04-01.03 - Saad 04/02/2012 22:57:20.3.2 - x64
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.4094.2662 [GMT -4:00]
Running from: c:\users\Saad\Desktop\ComboFix_2.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 03:10 . 2012-04-03 03:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-03 03:10 . 2012-04-03 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 03:10 . 2012-04-03 03:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-03 02:50 . 2012-04-03 02:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 00:58 . 2012-04-02 00:58 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-03-31 17:06 . 2012-04-03 02:55 -------- d-----w- C:\ComboFix
2012-03-31 07:36 . 2012-04-03 02:54 -------- d-----w- c:\users\Saad\AppData\Roaming\DMCache
2012-03-31 07:36 . 2012-04-01 18:36 -------- d-----w- c:\users\Saad\AppData\Roaming\IDM
2012-03-31 07:36 . 2012-04-01 18:36 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-03-27 16:56 . 2012-03-27 16:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-25 04:46 . 2012-03-25 04:46 -------- d-----w- C:\SL
2012-03-25 04:44 . 2012-03-31 06:25 -------- d-----w- c:\program files (x86)\MagicISO
2012-03-24 03:14 . 2012-03-31 06:24 -------- d-----w- c:\programdata\GetRight
2012-03-24 03:14 . 2012-03-31 06:24 -------- d-----w- c:\users\Saad\AppData\Roaming\GetRight
2012-03-19 15:52 . 2012-03-19 15:52 -------- d-----w- c:\program files (x86)\MSECache
2012-03-19 15:45 . 2012-03-19 15:48 -------- d-----w- c:\users\Saad\AppData\Roaming\Softplicity
2012-03-16 11:08 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-13 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:30 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:30 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:30 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:29 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 18:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 18:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-12 17:25 . 2012-03-12 17:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-03-11 16:37 . 2012-03-12 17:25 -------- d-----w- c:\programdata\SpeedBit
2012-03-11 16:37 . 2012-03-12 17:26 -------- d-----w- c:\program files (x86)\DAP
2012-03-11 16:37 . 2012-03-11 16:37 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2012-03-11 16:37 . 2012-03-11 16:36 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-03-11 16:37 . 2012-03-11 16:36 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-03-11 16:32 . 2012-03-11 16:32 29184 ----a-r- c:\users\Saad\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-03-11 16:32 . 2012-03-11 16:32 -------- d-----w- c:\program files (x86)\mkv2vob
2012-03-10 21:47 . 2012-03-10 21:47 -------- d-----w- c:\users\Saad\AppData\Local\The Neat Company
2012-03-10 21:43 . 2012-03-10 21:43 -------- d-----w- c:\program files\Send To Neat
2012-03-10 21:43 . 2011-08-24 17:59 102912 ----a-w- c:\windows\agent_x64.exe
2012-03-10 21:39 . 2011-08-24 18:01 52224 ----a-w- c:\windows\system32\sdtnpm.dll
2012-03-10 21:31 . 2012-03-10 21:31 -------- d-----w- c:\program files (x86)\Common Files\Comscan
2012-03-10 21:31 . 2012-03-10 21:31 -------- d-----w- c:\program files (x86)\Common Files\NeatReceipts
2012-03-10 21:30 . 2012-03-10 21:30 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-03-10 21:29 . 2012-03-10 21:39 -------- d-----w- c:\program files\Common Files\The Neat Company
2012-03-10 21:18 . 2012-03-10 21:43 -------- d-----w- c:\program files (x86)\Neat
2012-03-09 18:13 . 2012-03-09 18:13 -------- d-----w- c:\program files\iPod
2012-03-09 18:13 . 2012-03-09 18:13 -------- d-----w- c:\program files\iTunes
2012-03-09 18:13 . 2012-03-09 18:13 -------- d-----w- c:\program files (x86)\iTunes
2012-03-05 23:33 . 2012-03-05 23:35 -------- d-----w- C:\StoredProc
2012-03-04 19:50 . 2010-04-15 17:40 22188 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\STRINGS.JS
2012-03-04 19:50 . 2010-04-15 17:40 18866 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\PRELOAD.JS
2012-03-04 19:50 . 2010-04-15 17:40 18466 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\SETTEXT.JS
2012-03-04 19:50 . 2010-04-15 17:40 15579 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\_PRELOAD.JS
2012-03-04 19:50 . 2010-04-15 17:40 14643 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\FPLIB.JS
2012-03-04 19:50 . 2010-04-15 17:40 14008 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\DOM.JS
2012-03-04 19:50 . 2010-04-15 17:40 12235 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\GETOBJ.JS
2012-03-04 19:50 . 2010-04-15 17:40 11964 ----a-w- c:\users\Saad\AppData\Roaming\Microsoft\Expression\Web 4\Behaviors\Actions\_JMPMENU.JS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 07:51 . 2012-03-31 23:30 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23582453-34F1-43D4-AC73-173598AD5A9C}\mpengine.dll
2012-02-23 13:18 . 2010-03-14 21:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 01:09 . 2011-05-14 06:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-01-04 10:44 . 2012-02-16 02:59 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 02:59 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-17 08:26 . 2011-04-05 10:01 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-4-5 13844000]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-4-5 13844000]
.
c:\users\Saad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Saad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 16:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.2.0.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 R5U870FLamd64;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLamd64.sys [x]
R3 R5U870FUamd64;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUamd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rvd;TIB/Rendezvous Communications Daemon;c:\windows\rvntsctl.exe rvd [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TIBCOAdmin-MGM;TIBCO Administrator 5.7 (MGM);C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice TIBCOAdmin-MGM [x]
R3 tibemsd;TIBCO EMS Server (PID: 672);c:\windows\emsntsct.exe tibemsd [x]
R3 tibemsmcd;TIBCO EMS Multicast Daemon;c:\windows\emsntsct.exe tibemsmcd [x]
R3 TIBHawkAgent-MGM-SONY-VAIO;TIBCO Hawk Agent (MGM);C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice TIBHawkAgent-MGM-SONY-VAIO [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 367456]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-04-20 50688]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-04-20 950784]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-04-20 690688]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-21 239648]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613363240-3350486489-3168525673-1000Core.job
- c:\users\Saad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 18:52]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613363240-3350486489-3168525673-1000UA.job
- c:\users\Saad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 18:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-21 16561184]
"combofix"="c:\combofix_2\CF18649.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pcx1nd5
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2011\spy.htm
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3275F1BC-B5EA-44A5-9F59-696C473150D1}: NameServer = 129.166.9.101,129.166.32.150
FF - ProfilePath - c:\users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\n4yh5u2v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14984700.sys
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBCOAdmin-MGM]
"ImagePath"="C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice \"TIBCOAdmin-MGM\""
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBHawkAgent-MGM-SONY-VAIO]
"ImagePath"="C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice \"TIBHawkAgent-MGM-SONY-VAIO\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBCOAdmin-MGM]
"ImagePath"="C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice \"TIBCOAdmin-MGM\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBHawkAgent-MGM-SONY-VAIO]
"ImagePath"="C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice \"TIBHawkAgent-MGM-SONY-VAIO\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
.
**************************************************************************
.
Completion time: 2012-04-02 23:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 03:22
ComboFix2.txt 2012-04-01 01:51
ComboFix3.txt 2012-03-31 17:39
.
Pre-Run: 54,213,160,960 bytes free
Post-Run: 54,024,380,416 bytes free
.
- - End Of File - - 68D23C9D8B6CF45E766379AAAE51319A







TDSSKiller Log



22:48:51.0837 2908 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
22:48:51.0868 2908 ============================================================
22:48:51.0868 2908 Current date / time: 2012/04/02 22:48:51.0868
22:48:51.0868 2908 SystemInfo:
22:48:51.0868 2908
22:48:51.0868 2908 OS Version: 6.1.7601 ServicePack: 1.0
22:48:51.0868 2908 Product type: Workstation
22:48:51.0868 2908 ComputerName: SONY-VAIO
22:48:51.0868 2908 UserName: Saad
22:48:51.0868 2908 Windows directory: C:\Windows
22:48:51.0868 2908 System windows directory: C:\Windows
22:48:51.0868 2908 Running under WOW64
22:48:51.0868 2908 Processor architecture: Intel x64
22:48:51.0868 2908 Number of processors: 2
22:48:51.0868 2908 Page size: 0x1000
22:48:51.0868 2908 Boot type: Normal boot
22:48:51.0868 2908 ============================================================
22:48:53.0756 2908 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:48:53.0756 2908 \Device\Harddisk0\DR0:
22:48:53.0756 2908 MBR used
22:48:53.0756 2908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x11AD000, BlocksNum 0x162F17FC
22:48:53.0849 2908 Initialize success
22:48:53.0849 2908 ============================================================
22:49:05.0331 5620 ============================================================
22:49:05.0331 5620 Scan started
22:49:05.0331 5620 Mode: Manual;
22:49:05.0331 5620 ============================================================
22:49:06.0735 5620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:49:06.0751 5620 1394ohci - ok
22:49:06.0813 5620 6077757b (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
22:49:06.0813 5620 6077757b - ok
22:49:06.0891 5620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:49:06.0907 5620 ACPI - ok
22:49:06.0969 5620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:49:06.0969 5620 AcpiPmi - ok
22:49:07.0141 5620 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:49:07.0141 5620 AdobeARMservice - ok
22:49:07.0265 5620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:49:07.0281 5620 adp94xx - ok
22:49:07.0343 5620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:49:07.0343 5620 adpahci - ok
22:49:07.0406 5620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:49:07.0406 5620 adpu320 - ok
22:49:07.0468 5620 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:49:07.0468 5620 AeLookupSvc - ok
22:49:07.0718 5620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:49:07.0733 5620 AFD - ok
22:49:07.0796 5620 Agent (6953d8d79a275ead9da145982981236b) C:\Windows\agent_x64.exe
22:49:07.0811 5620 Agent - ok
22:49:07.0905 5620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:49:07.0905 5620 agp440 - ok
22:49:08.0045 5620 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:49:08.0045 5620 ALG - ok
22:49:08.0123 5620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:49:08.0123 5620 aliide - ok
22:49:08.0264 5620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:49:08.0279 5620 amdide - ok
22:49:08.0373 5620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:49:08.0373 5620 AmdK8 - ok
22:49:08.0545 5620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:49:08.0545 5620 AmdPPM - ok
22:49:08.0669 5620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:49:08.0669 5620 amdsata - ok
22:49:08.0747 5620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:49:08.0747 5620 amdsbs - ok
22:49:08.0841 5620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:49:08.0841 5620 amdxata - ok
22:49:09.0044 5620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:49:09.0044 5620 AppID - ok
22:49:09.0106 5620 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:49:09.0106 5620 AppIDSvc - ok
22:49:09.0200 5620 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:49:09.0200 5620 Appinfo - ok
22:49:09.0527 5620 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:09.0527 5620 Apple Mobile Device - ok
22:49:09.0621 5620 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:49:09.0621 5620 AppMgmt - ok
22:49:09.0715 5620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:49:09.0715 5620 arc - ok
22:49:09.0839 5620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:49:09.0855 5620 arcsas - ok
22:49:09.0995 5620 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:49:10.0011 5620 aspnet_state - ok
22:49:10.0136 5620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:10.0167 5620 AsyncMac - ok
22:49:10.0261 5620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:49:10.0261 5620 atapi - ok
22:49:10.0370 5620 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:49:10.0495 5620 AudioEndpointBuilder - ok
22:49:10.0557 5620 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:49:10.0557 5620 AudioSrv - ok
22:49:10.0713 5620 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:49:10.0729 5620 AxInstSV - ok
22:49:10.0838 5620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:49:10.0869 5620 b06bdrv - ok
22:49:10.0978 5620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:49:10.0978 5620 b57nd60a - ok
22:49:11.0103 5620 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:49:11.0103 5620 BDESVC - ok
22:49:11.0212 5620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:49:11.0212 5620 Beep - ok
22:49:11.0337 5620 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:49:11.0399 5620 BITS - ok
22:49:11.0587 5620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:11.0602 5620 blbdrive - ok
22:49:11.0930 5620 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:49:11.0961 5620 Bonjour Service - ok
22:49:12.0086 5620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:49:12.0086 5620 bowser - ok
22:49:12.0211 5620 bpczpqwn (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\bpczpqwn.sys
22:49:12.0211 5620 bpczpqwn - ok
22:49:12.0351 5620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:49:12.0351 5620 BrFiltLo - ok
22:49:12.0476 5620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:49:12.0476 5620 BrFiltUp - ok
22:49:12.0569 5620 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:49:12.0585 5620 BridgeMP - ok
22:49:12.0679 5620 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:49:12.0694 5620 Browser - ok
22:49:12.0850 5620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:49:12.0850 5620 Brserid - ok
22:49:12.0944 5620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:12.0944 5620 BrSerWdm - ok
22:49:12.0991 5620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:13.0006 5620 BrUsbMdm - ok
22:49:13.0069 5620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:13.0069 5620 BrUsbSer - ok
22:49:13.0115 5620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:13.0147 5620 BTHMODEM - ok
22:49:13.0225 5620 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:49:13.0240 5620 bthserv - ok
22:49:13.0334 5620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:13.0334 5620 cdfs - ok
22:49:13.0443 5620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:49:13.0443 5620 cdrom - ok
22:49:13.0552 5620 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:49:13.0583 5620 CertPropSvc - ok
22:49:13.0693 5620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:49:13.0693 5620 circlass - ok
22:49:13.0833 5620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:49:13.0895 5620 CLFS - ok
22:49:13.0942 5620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:13.0973 5620 clr_optimization_v2.0.50727_32 - ok
22:49:14.0067 5620 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:49:14.0098 5620 clr_optimization_v2.0.50727_64 - ok
22:49:14.0301 5620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:14.0301 5620 clr_optimization_v4.0.30319_32 - ok
22:49:14.0410 5620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:49:14.0410 5620 clr_optimization_v4.0.30319_64 - ok
22:49:14.0519 5620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:14.0519 5620 CmBatt - ok
22:49:14.0660 5620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:49:14.0660 5620 cmdide - ok
22:49:14.0847 5620 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:49:14.0878 5620 CNG - ok
22:49:15.0034 5620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:15.0050 5620 Compbatt - ok
22:49:15.0206 5620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:49:15.0221 5620 CompositeBus - ok
22:49:15.0253 5620 COMSysApp - ok
22:49:15.0331 5620 cpudrv64 - ok
22:49:15.0393 5620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:15.0393 5620 crcdisk - ok
22:49:15.0549 5620 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:49:15.0565 5620 CryptSvc - ok
22:49:15.0721 5620 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:49:15.0736 5620 CSC - ok
22:49:15.0877 5620 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:49:15.0923 5620 CscService - ok
22:49:16.0220 5620 ctxusbm (bf62ff663ae55e4ed99de76881c2c0f1) C:\Windows\system32\DRIVERS\ctxusbm.sys
22:49:16.0235 5620 ctxusbm - ok
22:49:16.0298 5620 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:49:16.0298 5620 CVirtA - ok
22:49:16.0391 5620 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:49:16.0438 5620 DcomLaunch - ok
22:49:16.0532 5620 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:49:16.0547 5620 defragsvc - ok
22:49:16.0657 5620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:49:16.0657 5620 DfsC - ok
22:49:16.0781 5620 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:49:16.0828 5620 Dhcp - ok
22:49:17.0031 5620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:49:17.0031 5620 discache - ok
22:49:17.0125 5620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:49:17.0125 5620 Disk - ok
22:49:17.0187 5620 DMICall - ok
22:49:17.0343 5620 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:49:17.0343 5620 DNE - ok
22:49:17.0452 5620 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:49:17.0452 5620 Dnscache - ok
22:49:17.0577 5620 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:49:17.0608 5620 dot3svc - ok
22:49:17.0920 5620 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:49:17.0967 5620 DPS - ok
22:49:18.0061 5620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:49:18.0061 5620 drmkaud - ok
22:49:18.0201 5620 dtpd - ok
22:49:18.0466 5620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:18.0497 5620 DXGKrnl - ok
22:49:18.0638 5620 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:49:18.0653 5620 EapHost - ok
22:49:18.0950 5620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:49:19.0075 5620 ebdrv - ok
22:49:19.0231 5620 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:49:19.0231 5620 EFS - ok
22:49:19.0449 5620 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:49:19.0480 5620 ehRecvr - ok
22:49:19.0543 5620 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:49:19.0558 5620 ehSched - ok
22:49:19.0683 5620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:49:19.0714 5620 elxstor - ok
22:49:19.0839 5620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:49:19.0839 5620 ErrDev - ok
22:49:19.0948 5620 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:49:19.0979 5620 EventSystem - ok
22:49:20.0354 5620 EvtEng (3777aec8cb30251e43bf0a2b4fec07d5) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:49:20.0416 5620 EvtEng - ok
22:49:20.0557 5620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:49:20.0557 5620 exfat - ok
22:49:20.0635 5620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:49:20.0666 5620 fastfat - ok
22:49:20.0947 5620 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:49:20.0978 5620 Fax - ok
22:49:21.0071 5620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:49:21.0071 5620 fdc - ok
22:49:21.0181 5620 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:49:21.0181 5620 fdPHost - ok
22:49:21.0212 5620 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:49:21.0212 5620 FDResPub - ok
22:49:21.0290 5620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:49:21.0290 5620 FileInfo - ok
22:49:21.0337 5620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:49:21.0337 5620 Filetrace - ok
22:49:21.0493 5620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:21.0493 5620 flpydisk - ok
22:49:21.0602 5620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:49:21.0602 5620 FltMgr - ok
22:49:21.0742 5620 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:49:21.0789 5620 FontCache - ok
22:49:21.0883 5620 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:21.0898 5620 FontCache3.0.0.0 - ok
22:49:22.0007 5620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:49:22.0007 5620 FsDepends - ok
22:49:22.0070 5620 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:22.0070 5620 Fs_Rec - ok
22:49:22.0195 5620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:49:22.0210 5620 fvevol - ok
22:49:22.0288 5620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:22.0288 5620 gagp30kx - ok
22:49:22.0397 5620 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:49:22.0397 5620 GEARAspiWDM - ok
22:49:22.0569 5620 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:49:22.0600 5620 gpsvc - ok
22:49:22.0725 5620 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
22:49:22.0725 5620 hcmon - ok
22:49:22.0819 5620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:49:22.0819 5620 hcw85cir - ok
22:49:22.0990 5620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:49:23.0006 5620 HdAudAddService - ok
22:49:23.0287 5620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:49:23.0287 5620 HDAudBus - ok
22:49:23.0349 5620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:23.0349 5620 HidBatt - ok
22:49:23.0411 5620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:23.0411 5620 HidBth - ok
22:49:23.0567 5620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:49:23.0567 5620 HidIr - ok
22:49:23.0630 5620 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:49:23.0630 5620 hidserv - ok
22:49:23.0739 5620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:23.0739 5620 HidUsb - ok
22:49:23.0833 5620 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:49:23.0848 5620 hkmsvc - ok
22:49:23.0926 5620 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:49:23.0926 5620 HomeGroupListener - ok
22:49:24.0020 5620 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:49:24.0020 5620 HomeGroupProvider - ok
22:49:24.0067 5620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:49:24.0082 5620 HpSAMD - ok
22:49:24.0223 5620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:49:24.0269 5620 HTTP - ok
22:49:24.0425 5620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:49:24.0425 5620 hwpolicy - ok
22:49:24.0519 5620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:49:24.0519 5620 i8042prt - ok
22:49:24.0722 5620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:49:24.0722 5620 iaStorV - ok
22:49:24.0956 5620 IDMWFP (5534e14ef27ebe8563cdbce6b88501a3) C:\Windows\system32\DRIVERS\idmwfp.sys
22:49:24.0956 5620 IDMWFP - ok
22:49:25.0127 5620 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:49:25.0190 5620 idsvc - ok
22:49:25.0346 5620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:49:25.0346 5620 iirsp - ok
22:49:25.0455 5620 iked - ok
22:49:25.0564 5620 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:49:25.0595 5620 IKEEXT - ok
22:49:25.0689 5620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:49:25.0689 5620 intelide - ok
22:49:25.0798 5620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:25.0798 5620 intelppm - ok
22:49:25.0907 5620 iPassPeriodicUpdateApp (5f22132c9153639762708909f156b33d) C:\Windows\system32\sskbfd.dll
22:49:25.0907 5620 iPassPeriodicUpdateApp ( Backdoor.Multi.ZAccess.gen ) - infected
22:49:25.0907 5620 iPassPeriodicUpdateApp - detected Backdoor.Multi.ZAccess.gen (0)
22:49:25.0985 5620 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:49:25.0985 5620 IPBusEnum - ok
22:49:26.0079 5620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:26.0079 5620 IpFilterDriver - ok
22:49:26.0297 5620 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:49:26.0313 5620 iphlpsvc - ok
22:49:26.0391 5620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:49:26.0407 5620 IPMIDRV - ok
22:49:26.0469 5620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:49:26.0469 5620 IPNAT - ok
22:49:26.0641 5620 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
22:49:26.0672 5620 iPod Service - ok
22:49:26.0734 5620 ipsecd - ok
22:49:26.0843 5620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:49:26.0843 5620 IRENUM - ok
22:49:26.0937 5620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:49:26.0937 5620 isapnp - ok
22:49:27.0031 5620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:49:27.0031 5620 iScsiPrt - ok
22:49:27.0077 5620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:27.0077 5620 kbdclass - ok
22:49:27.0140 5620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:27.0140 5620 kbdhid - ok
22:49:27.0249 5620 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:49:27.0249 5620 KeyIso - ok
22:49:27.0374 5620 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:49:27.0374 5620 KSecDD - ok
22:49:27.0436 5620 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:49:27.0436 5620 KSecPkg - ok
22:49:27.0514 5620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:49:27.0514 5620 ksthunk - ok
22:49:27.0623 5620 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:49:27.0623 5620 KtmRm - ok
22:49:27.0733 5620 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:49:27.0764 5620 LanmanServer - ok
22:49:27.0842 5620 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:49:27.0842 5620 LanmanWorkstation - ok
22:49:27.0982 5620 libusb0 (25bc5b5e9a4b9cf2323afa23b024ce96) C:\Windows\system32\drivers\libusb0.sys
22:49:27.0982 5620 libusb0 - ok
22:49:28.0029 5620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:28.0029 5620 lltdio - ok
22:49:28.0091 5620 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:49:28.0107 5620 lltdsvc - ok
22:49:28.0138 5620 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:49:28.0154 5620 lmhosts - ok
22:49:28.0216 5620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:49:28.0216 5620 LSI_FC - ok
22:49:28.0357 5620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:49:28.0357 5620 LSI_SAS - ok
22:49:28.0403 5620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:49:28.0403 5620 LSI_SAS2 - ok
22:49:28.0450 5620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:49:28.0450 5620 LSI_SCSI - ok
22:49:28.0513 5620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:49:28.0513 5620 luafv - ok
22:49:28.0637 5620 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
22:49:28.0637 5620 LVRS64 - ok
22:49:28.0825 5620 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
22:49:28.0965 5620 LVUVC64 - ok
22:49:29.0059 5620 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:49:29.0059 5620 MBAMProtector - ok
22:49:29.0199 5620 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:49:29.0230 5620 MBAMService - ok
22:49:29.0371 5620 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
22:49:29.0371 5620 mcdbus - ok
22:49:29.0480 5620 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:49:29.0495 5620 Mcx2Svc - ok
22:49:29.0558 5620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:49:29.0558 5620 megasas - ok
22:49:29.0605 5620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:49:29.0620 5620 MegaSR - ok
22:49:29.0729 5620 Microsoft SharePoint Workspace Audit Service - ok
22:49:29.0807 5620 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:49:29.0807 5620 MMCSS - ok
22:49:29.0854 5620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:49:29.0854 5620 Modem - ok
22:49:29.0948 5620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:49:29.0948 5620 monitor - ok
22:49:30.0041 5620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:49:30.0041 5620 mouclass - ok
22:49:30.0088 5620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:30.0088 5620 mouhid - ok
22:49:30.0182 5620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:49:30.0182 5620 mountmgr - ok
22:49:30.0260 5620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:49:30.0260 5620 mpio - ok
22:49:30.0307 5620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:49:30.0307 5620 mpsdrv - ok
22:49:30.0385 5620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:49:30.0400 5620 MRxDAV - ok
22:49:30.0478 5620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:30.0478 5620 mrxsmb - ok
22:49:30.0572 5620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:30.0572 5620 mrxsmb10 - ok
22:49:30.0619 5620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:30.0619 5620 mrxsmb20 - ok
22:49:30.0681 5620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:49:30.0681 5620 msahci - ok
22:49:30.0775 5620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:49:30.0775 5620 msdsm - ok
22:49:30.0853 5620 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:49:30.0868 5620 MSDTC - ok
22:49:30.0931 5620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:49:30.0931 5620 Msfs - ok
22:49:30.0977 5620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:49:30.0977 5620 mshidkmdf - ok
22:49:31.0055 5620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:49:31.0055 5620 msisadrv - ok
22:49:31.0118 5620 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:49:31.0133 5620 MSiSCSI - ok
22:49:31.0165 5620 msiserver - ok
22:49:31.0243 5620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:31.0243 5620 MSKSSRV - ok
22:49:31.0289 5620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:31.0289 5620 MSPCLOCK - ok
22:49:31.0367 5620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:49:31.0367 5620 MSPQM - ok
22:49:31.0445 5620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:49:31.0445 5620 MsRPC - ok
22:49:31.0555 5620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:49:31.0555 5620 mssmbios - ok
22:49:31.0757 5620 MSSQL$SQLEXPRESS - ok
22:49:31.0960 5620 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:49:31.0960 5620 MSSQLServerADHelper100 - ok
22:49:32.0069 5620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:49:32.0069 5620 MSTEE - ok
22:49:32.0147 5620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:49:32.0147 5620 MTConfig - ok
22:49:32.0335 5620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:49:32.0335 5620 Mup - ok
22:49:32.0522 5620 Mvc25U870_VID_1262&PID_25FD (5263f4d4f2680dac029cb95538d0f66f) C:\Windows\system32\Drivers\Mvc25U870.sys
22:49:32.0522 5620 Mvc25U870_VID_1262&PID_25FD - ok
22:49:32.0693 5620 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:49:32.0725 5620 napagent - ok
22:49:32.0865 5620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:32.0865 5620 NativeWifiP - ok
22:49:33.0177 5620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:49:33.0208 5620 NDIS - ok
22:49:33.0364 5620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:49:33.0364 5620 NdisCap - ok
22:49:33.0458 5620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:33.0458 5620 NdisTapi - ok
22:49:33.0551 5620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:33.0551 5620 Ndisuio - ok
22:49:33.0661 5620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:33.0661 5620 NdisWan - ok
22:49:33.0770 5620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:49:33.0770 5620 NDProxy - ok
22:49:33.0863 5620 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
22:49:33.0863 5620 Netaapl - ok
22:49:33.0988 5620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:49:33.0988 5620 NetBIOS - ok
22:49:34.0129 5620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:49:34.0144 5620 NetBT - ok
22:49:34.0269 5620 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:49:34.0269 5620 Netlogon - ok
22:49:34.0456 5620 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:49:34.0472 5620 Netman - ok
22:49:34.0768 5620 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:49:34.0784 5620 NetMsmqActivator - ok
22:49:34.0799 5620 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:49:34.0799 5620 NetPipeActivator - ok
22:49:35.0049 5620 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:49:35.0080 5620 netprofm - ok
22:49:35.0267 5620 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:49:35.0267 5620 NetTcpActivator - ok
22:49:35.0299 5620 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:49:35.0299 5620 NetTcpPortSharing - ok
22:49:35.0845 5620 netw5v64 (544a06d4dc9d57520b909b744b8481cb) C:\Windows\system32\DRIVERS\netw5v64.sys
22:49:36.0110 5620 netw5v64 - ok
22:49:36.0859 5620 NETwLv64 (54762e37f65c20652532dbdac53698f6) C:\Windows\system32\DRIVERS\NETwLv64.sys
22:49:37.0155 5620 NETwLv64 - ok
22:49:37.0280 5620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:49:37.0280 5620 nfrd960 - ok
22:49:37.0373 5620 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:49:37.0389 5620 NlaSvc - ok
22:49:37.0467 5620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:49:37.0467 5620 Npfs - ok
22:49:37.0498 5620 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:49:37.0498 5620 nsi - ok
22:49:37.0592 5620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:49:37.0592 5620 nsiproxy - ok
22:49:37.0763 5620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:49:37.0826 5620 Ntfs - ok
22:49:37.0904 5620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:49:37.0904 5620 Null - ok
22:49:38.0762 5620 nvlddmkm (0be5f75c5c51bf2bd6f76ab6ff680d14) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:49:39.0183 5620 nvlddmkm - ok
22:49:39.0370 5620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:49:39.0370 5620 nvraid - ok
22:49:39.0433 5620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:49:39.0448 5620 nvstor - ok
22:49:39.0542 5620 nvsvc (2df9ba9bab49e5c122741a6fa8474358) C:\Windows\system32\nvvsvc.exe
22:49:39.0573 5620 nvsvc - ok
22:49:39.0682 5620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:49:39.0682 5620 nv_agp - ok
22:49:39.0854 5620 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
22:49:39.0854 5620 NWADI - ok
22:49:39.0932 5620 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
22:49:39.0932 5620 NWUSBCDFIL64 - ok
22:49:40.0072 5620 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
22:49:40.0088 5620 NWUSBModem_000 - ok
22:49:40.0228 5620 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
22:49:40.0228 5620 NWUSBPort2_000 - ok
22:49:40.0322 5620 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
22:49:40.0322 5620 NWUSBPort_000 - ok
22:49:40.0493 5620 NWVZHelper (6f67805ebe1c879de008ed21bfcf2f02) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
22:49:40.0493 5620 NWVZHelper - ok
22:49:40.0634 5620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:49:40.0634 5620 ohci1394 - ok
22:49:40.0837 5620 OracleJobSchedulerXE - ok
22:49:40.0868 5620 OracleMTSRecoveryService - ok
22:49:40.0899 5620 OracleServiceXE - ok
22:49:40.0915 5620 OracleXEClrAgent - ok
22:49:41.0008 5620 OracleXETNSListener (788d4cd078e3d55d92c4b986c739da43) C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
22:49:41.0055 5620 OracleXETNSListener - ok
22:49:41.0180 5620 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:49:41.0180 5620 ose64 - ok
22:49:41.0788 5620 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:49:42.0022 5620 osppsvc - ok
22:49:42.0163 5620 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:49:42.0178 5620 p2pimsvc - ok
22:49:42.0225 5620 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:49:42.0256 5620 p2psvc - ok
22:49:42.0334 5620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:49:42.0334 5620 Parport - ok
22:49:42.0459 5620 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:49:42.0459 5620 partmgr - ok
22:49:42.0521 5620 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:49:42.0521 5620 PcaSvc - ok
22:49:42.0599 5620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:49:42.0615 5620 pci - ok
22:49:42.0677 5620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:49:42.0677 5620 pciide - ok
22:49:42.0802 5620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:49:42.0818 5620 pcmcia - ok
22:49:42.0880 5620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:49:42.0880 5620 pcw - ok
22:49:43.0083 5620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:49:43.0099 5620 PEAUTH - ok
22:49:43.0301 5620 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:49:43.0364 5620 PeerDistSvc - ok
22:49:43.0442 5620 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:49:43.0442 5620 PerfHost - ok
22:49:43.0629 5620 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:49:43.0691 5620 pla - ok
22:49:43.0832 5620 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:49:43.0847 5620 PlugPlay - ok
22:49:43.0910 5620 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:49:43.0910 5620 PNRPAutoReg - ok
22:49:43.0957 5620 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:49:43.0957 5620 PNRPsvc - ok
22:49:44.0128 5620 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:49:44.0144 5620 PolicyAgent - ok
22:49:44.0206 5620 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:49:44.0222 5620 Power - ok
22:49:44.0331 5620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:44.0347 5620 PptpMiniport - ok
22:49:44.0518 5620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:49:44.0518 5620 Processor - ok
22:49:44.0627 5620 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:49:44.0627 5620 ProfSvc - ok
22:49:44.0721 5620 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:49:44.0721 5620 ProtectedStorage - ok
22:49:44.0815 5620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:49:44.0815 5620 Psched - ok
22:49:44.0955 5620 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:49:44.0955 5620 PSI_SVC_2 - ok
22:49:45.0189 5620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:49:45.0251 5620 ql2300 - ok
22:49:45.0314 5620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:49:45.0314 5620 ql40xx - ok
22:49:45.0407 5620 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:49:45.0407 5620 QWAVE - ok
22:49:45.0501 5620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:49:45.0501 5620 QWAVEdrv - ok
22:49:45.0610 5620 R5U870FLamd64 (8584c617c5a0f4843602c76ea97b1a47) C:\Windows\system32\Drivers\R5U870FLamd64.sys
22:49:45.0610 5620 R5U870FLamd64 - ok
22:49:45.0673 5620 R5U870FUamd64 (9cf925d48d2e143b6590c513fb271a57) C:\Windows\system32\Drivers\R5U870FUamd64.sys
22:49:45.0673 5620 R5U870FUamd64 - ok
22:49:45.0735 5620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:45.0735 5620 RasAcd - ok
22:49:45.0875 5620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:49:45.0875 5620 RasAgileVpn - ok
22:49:46.0000 5620 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:49:46.0000 5620 RasAuto - ok
22:49:46.0187 5620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:46.0187 5620 Rasl2tp - ok
22:49:46.0312 5620 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:49:46.0406 5620 RasMan - ok
22:49:46.0515 5620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:46.0515 5620 RasPppoe - ok
22:49:46.0562 5620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:46.0562 5620 RasSstp - ok
22:49:46.0671 5620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:46.0671 5620 rdbss - ok
22:49:46.0733 5620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:49:46.0733 5620 rdpbus - ok
22:49:46.0811 5620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:46.0811 5620 RDPCDD - ok
22:49:46.0936 5620 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:49:46.0936 5620 RDPDR - ok
22:49:47.0045 5620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:49:47.0045 5620 RDPENCDD - ok
22:49:47.0061 5620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:49:47.0061 5620 RDPREFMP - ok
22:49:47.0201 5620 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:49:47.0201 5620 RdpVideoMiniport - ok
22:49:47.0311 5620 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:49:47.0311 5620 RDPWD - ok
22:49:47.0404 5620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:49:47.0404 5620 rdyboost - ok
22:49:47.0529 5620 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
22:49:47.0545 5620 regi - ok
22:49:47.0763 5620 RegSrvc (a60a9f1720f5da1431a3dec14d8833f4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:49:47.0810 5620 RegSrvc - ok
22:49:47.0903 5620 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:49:47.0903 5620 RemoteAccess - ok
22:49:47.0966 5620 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:49:47.0981 5620 RemoteRegistry - ok
22:49:48.0013 5620 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:49:48.0028 5620 RpcEptMapper - ok
22:49:48.0075 5620 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:49:48.0091 5620 RpcLocator - ok
22:49:48.0169 5620 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:49:48.0184 5620 RpcSs - ok
22:49:48.0262 5620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:48.0262 5620 rspndr - ok
22:49:48.0309 5620 rvd - ok
22:49:48.0371 5620 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:49:48.0387 5620 s3cap - ok
22:49:48.0449 5620 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:49:48.0449 5620 SamSs - ok
22:49:48.0496 5620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:49:48.0496 5620 sbp2port - ok
22:49:48.0574 5620 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:49:48.0590 5620 SCardSvr - ok
22:49:48.0699 5620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:49:48.0699 5620 scfilter - ok
22:49:48.0793 5620 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:49:48.0839 5620 Schedule - ok
22:49:48.0949 5620 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:49:48.0949 5620 SCPolicySvc - ok
22:49:49.0027 5620 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:49:49.0027 5620 SDRSVC - ok
22:49:49.0089 5620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:49:49.0089 5620 secdrv - ok
22:49:49.0167 5620 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:49:49.0167 5620 seclogon - ok
22:49:49.0229 5620 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:49:49.0245 5620 SENS - ok
22:49:49.0307 5620 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:49:49.0307 5620 SensrSvc - ok
22:49:49.0354 5620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:49:49.0354 5620 Serenum - ok
22:49:49.0417 5620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:49:49.0417 5620 Serial - ok
22:49:49.0495 5620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:49:49.0495 5620 sermouse - ok
22:49:49.0573 5620 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:49:49.0588 5620 SessionEnv - ok
22:49:49.0697 5620 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
22:49:49.0697 5620 SFEP - ok
22:49:49.0760 5620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:49:49.0760 5620 sffdisk - ok
22:49:49.0807 5620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:49.0807 5620 sffp_mmc - ok
22:49:49.0853 5620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:49:49.0853 5620 sffp_sd - ok
22:49:49.0916 5620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:49:49.0916 5620 sfloppy - ok
22:49:49.0994 5620 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:49:49.0994 5620 SharedAccess - ok
22:49:50.0087 5620 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:49:50.0103 5620 ShellHWDetection - ok
22:49:50.0165 5620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:49:50.0165 5620 SiSRaid2 - ok
22:49:50.0228 5620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:49:50.0228 5620 SiSRaid4 - ok
22:49:50.0337 5620 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:49:50.0337 5620 SkypeUpdate - ok
22:49:50.0415 5620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:49:50.0415 5620 Smb - ok
22:49:50.0477 5620 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:49:50.0477 5620 SNMPTRAP - ok
22:49:50.0540 5620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:49:50.0540 5620 spldr - ok
22:49:50.0697 5620 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:49:50.0759 5620 Spooler - ok
22:49:51.0118 5620 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:49:51.0258 5620 sppsvc - ok
22:49:51.0336 5620 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:49:51.0352 5620 sppuinotify - ok
22:49:51.0555 5620 SQLAgent$SQLEXPRESS (d39b8dee1566c30858216521998f382f) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:49:51.0570 5620 SQLAgent$SQLEXPRESS - ok
22:49:51.0680 5620 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:49:51.0695 5620 SQLBrowser - ok
22:49:51.0804 5620 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:49:51.0804 5620 SQLWriter - ok
22:49:51.0945 5620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:49:51.0976 5620 srv - ok
22:49:52.0038 5620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:49:52.0038 5620 srv2 - ok
22:49:52.0132 5620 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:49:52.0132 5620 SrvHsfHDA - ok
22:49:52.0304 5620 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:49:52.0382 5620 SrvHsfV92 - ok
22:49:52.0444 5620 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:49:52.0491 5620 SrvHsfWinac - ok
22:49:52.0709 5620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:49:52.0709 5620 srvnet - ok
22:49:52.0803 5620 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:49:52.0818 5620 SSDPSRV - ok
22:49:52.0881 5620 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:49:52.0881 5620 SstpSvc - ok
22:49:53.0021 5620 Stereo Service (8ea63d445ea756deff00dfbca07d74a1) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:49:53.0021 5620 Stereo Service - ok
22:49:53.0224 5620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:49:53.0240 5620 stexstor - ok
22:49:53.0349 5620 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:49:53.0411 5620 stisvc - ok
22:49:53.0520 5620 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:49:53.0552 5620 storflt - ok
22:49:53.0661 5620 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:49:53.0661 5620 storvsc - ok
22:49:53.0708 5620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:49:53.0708 5620 swenum - ok
22:49:53.0770 5620 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:49:53.0817 5620 swprv - ok
22:49:53.0926 5620 Synth3dVsc - ok
22:49:54.0066 5620 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:49:54.0176 5620 SysMain - ok
22:49:54.0238 5620 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:49:54.0254 5620 TabletInputService - ok
22:49:54.0300 5620 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:49:54.0332 5620 TapiSrv - ok
22:49:54.0410 5620 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:49:54.0410 5620 TBS - ok
22:49:54.0690 5620 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:49:54.0784 5620 Tcpip - ok
22:49:54.0956 5620 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:49:54.0971 5620 TCPIP6 - ok
22:49:55.0065 5620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:49:55.0065 5620 tcpipreg - ok
22:49:55.0174 5620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:49:55.0190 5620 TDPIPE - ok
22:49:55.0361 5620 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:49:55.0392 5620 TDTCP - ok
22:49:55.0486 5620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:49:55.0486 5620 tdx - ok
22:49:55.0814 5620 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:49:55.0938 5620 TeamViewer7 - ok
22:49:56.0063 5620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:49:56.0079 5620 TermDD - ok
22:49:56.0266 5620 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:49:56.0297 5620 TermService - ok
22:49:56.0391 5620 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:49:56.0391 5620 Themes - ok
22:49:56.0438 5620 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:49:56.0453 5620 THREADORDER - ok
22:49:56.0625 5620 TIBCOAdmin-MGM - ok
22:49:56.0718 5620 tibemsd - ok
22:49:56.0734 5620 tibemsmcd - ok
22:49:56.0796 5620 TIBHawkAgent-MGM-SONY-VAIO - ok
22:49:56.0890 5620 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:49:56.0890 5620 TrkWks - ok
22:49:56.0984 5620 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:49:56.0999 5620 TrustedInstaller - ok
22:49:57.0108 5620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:57.0108 5620 tssecsrv - ok
22:49:57.0218 5620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:49:57.0218 5620 TsUsbFlt - ok
22:49:57.0264 5620 tsusbhub - ok
22:49:57.0358 5620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:49:57.0374 5620 tunnel - ok
22:49:57.0436 5620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:49:57.0452 5620 uagp35 - ok
22:49:57.0561 5620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:49:57.0576 5620 udfs - ok
22:49:57.0686 5620 ufad-ws60 (3f2d08b07cf67cb37e669a93e59a508c) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
22:49:57.0686 5620 ufad-ws60 - ok
22:49:57.0764 5620 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:49:57.0764 5620 UI0Detect - ok
22:49:57.0842 5620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:49:57.0842 5620 uliagpkx - ok
22:49:57.0951 5620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:49:57.0951 5620 umbus - ok
22:49:58.0044 5620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:49:58.0044 5620 UmPass - ok
22:49:58.0122 5620 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:49:58.0122 5620 UmRdpService - ok
22:49:58.0185 5620 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:49:58.0200 5620 upnphost - ok
22:49:58.0325 5620 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:49:58.0325 5620 USBAAPL64 - ok
22:49:58.0419 5620 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:49:58.0419 5620 usbaudio - ok
22:49:58.0466 5620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:58.0466 5620 usbccgp - ok
22:49:58.0544 5620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:49:58.0544 5620 usbcir - ok
22:49:58.0622 5620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:49:58.0622 5620 usbehci - ok
22:49:58.0700 5620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:49:58.0700 5620 usbhub - ok
22:49:58.0778 5620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:49:58.0778 5620 usbohci - ok
22:49:58.0856 5620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:49:58.0856 5620 usbprint - ok
22:49:58.0965 5620 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:49:58.0965 5620 usbscan - ok
22:49:59.0012 5620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:59.0012 5620 USBSTOR - ok
22:49:59.0090 5620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:49:59.0090 5620 usbuhci - ok
22:49:59.0183 5620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:49:59.0183 5620 usbvideo - ok
22:49:59.0277 5620 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:49:59.0277 5620 UxSms - ok
22:49:59.0433 5620 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
22:49:59.0433 5620 VAIO Event Service - ok
22:49:59.0495 5620 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:49:59.0495 5620 VaultSvc - ok
22:49:59.0604 5620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:49:59.0604 5620 vdrvroot - ok
22:49:59.0682 5620 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:49:59.0698 5620 vds - ok
22:49:59.0792 5620 vflt (f9e83e1ba3c3b5b8a84dc066a7470ef5) C:\Windows\system32\DRIVERS\vfilter.sys
22:49:59.0792 5620 vflt - ok
22:49:59.0854 5620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:49:59.0854 5620 vga - ok
22:49:59.0932 5620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:49:59.0932 5620 VgaSave - ok
22:49:59.0994 5620 VGPU - ok
22:50:00.0072 5620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:50:00.0072 5620 vhdmp - ok
22:50:00.0119 5620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:50:00.0119 5620 viaide - ok
22:50:00.0260 5620 VMAuthdService (caa6f68bb4c1dbe554b4607ca1acaab5) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
22:50:00.0260 5620 VMAuthdService - ok
22:50:00.0384 5620 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:50:00.0384 5620 vmbus - ok
22:50:00.0416 5620 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:50:00.0416 5620 VMBusHID - ok
22:50:00.0494 5620 vmci (9bc38986a8f0e85f27cc18a196808f52) C:\Windows\system32\drivers\vmci.sys
22:50:00.0494 5620 vmci - ok
22:50:00.0540 5620 vmkbd (ac9dc0f511c56125483a5fb385d0bc80) C:\Windows\system32\drivers\VMkbd.sys
22:50:00.0540 5620 vmkbd - ok
22:50:00.0634 5620 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:50:00.0634 5620 VMnetAdapter - ok
22:50:00.0696 5620 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:50:00.0696 5620 VMnetBridge - ok
22:50:00.0728 5620 VMnetDHCP - ok
22:50:00.0759 5620 VMnetuserif (b4686ed49494a4264e867a7938fad24b) C:\Windows\system32\drivers\vmnetuserif.sys
22:50:00.0759 5620 VMnetuserif - ok
22:50:00.0837 5620 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
22:50:00.0837 5620 vmusb - ok
22:50:00.0946 5620 VMUSBArbService (f38f5e1d9dec6cd1955a91ab141a88fb) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
22:50:00.0962 5620 VMUSBArbService - ok
22:50:01.0040 5620 VMware NAT Service - ok
22:50:01.0118 5620 vmx86 (4b4987b8850de542f23621b881b10342) C:\Windows\system32\drivers\vmx86.sys
22:50:01.0118 5620 vmx86 - ok
22:50:01.0274 5620 vnet (f7c3dddf6f2234551591602956bfbad6) C:\Windows\system32\DRIVERS\virtualnet.sys
22:50:01.0274 5620 vnet - ok
22:50:01.0352 5620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:50:01.0367 5620 volmgr - ok
22:50:01.0476 5620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:50:01.0476 5620 volmgrx - ok
22:50:01.0586 5620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:50:01.0601 5620 volsnap - ok
22:50:01.0664 5620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:01.0664 5620 vsmraid - ok
22:50:01.0773 5620 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:50:01.0851 5620 VSS - ok
22:50:01.0944 5620 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
22:50:01.0944 5620 vstor2-ws60 - ok
22:50:02.0022 5620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:50:02.0022 5620 vwifibus - ok
22:50:02.0069 5620 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:50:02.0085 5620 W32Time - ok
22:50:02.0132 5620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:02.0132 5620 WacomPen - ok
22:50:02.0225 5620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0225 5620 WANARP - ok
22:50:02.0225 5620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0225 5620 Wanarpv6 - ok
22:50:02.0272 5620 wanatw - ok
22:50:02.0381 5620 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:02.0444 5620 WatAdminSvc - ok
22:50:02.0646 5620 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:50:02.0709 5620 wbengine - ok
22:50:02.0771 5620 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:50:02.0771 5620 WbioSrvc - ok
22:50:02.0849 5620 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:50:02.0849 5620 wcncsvc - ok
22:50:02.0896 5620 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:50:02.0896 5620 WcsPlugInService - ok
22:50:02.0990 5620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:50:02.0990 5620 Wd - ok
22:50:03.0068 5620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:50:03.0099 5620 Wdf01000 - ok
22:50:03.0146 5620 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:03.0146 5620 WdiServiceHost - ok
22:50:03.0161 5620 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:03.0161 5620 WdiSystemHost - ok
22:50:03.0224 5620 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:50:03.0239 5620 WebClient - ok
22:50:03.0286 5620 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:50:03.0286 5620 Wecsvc - ok
22:50:03.0364 5620 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:50:03.0364 5620 wercplsupport - ok
22:50:03.0411 5620 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:50:03.0426 5620 WerSvc - ok
22:50:03.0473 5620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:03.0473 5620 WfpLwf - ok
22:50:03.0520 5620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:50:03.0520 5620 WIMMount - ok
22:50:03.0598 5620 WinDefend - ok
22:50:03.0614 5620 WinHttpAutoProxySvc - ok
22:50:03.0738 5620 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:50:03.0754 5620 Winmgmt - ok
22:50:03.0863 5620 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:50:03.0926 5620 WinRM - ok
22:50:04.0050 5620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:04.0050 5620 WinUsb - ok
22:50:04.0160 5620 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:50:04.0191 5620 Wlansvc - ok
22:50:04.0362 5620 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:04.0425 5620 wlidsvc - ok
22:50:04.0472 5620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:50:04.0472 5620 WmiAcpi - ok
22:50:04.0659 5620 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:04.0674 5620 wmiApSrv - ok
22:50:04.0721 5620 WMPNetworkSvc - ok
22:50:04.0799 5620 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:50:04.0799 5620 WPCSvc - ok
22:50:04.0877 5620 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:50:04.0877 5620 WPDBusEnum - ok
22:50:04.0940 5620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:04.0940 5620 ws2ifsl - ok
22:50:05.0018 5620 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:50:05.0018 5620 wscsvc - ok
22:50:05.0127 5620 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:50:05.0127 5620 WSDPrintDevice - ok
22:50:05.0158 5620 WSearch - ok
22:50:05.0298 5620 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:50:05.0376 5620 wuauserv - ok
22:50:05.0470 5620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:50:05.0470 5620 WudfPf - ok
22:50:05.0564 5620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:05.0564 5620 WUDFRd - ok
22:50:05.0626 5620 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:50:05.0642 5620 wudfsvc - ok
22:50:05.0688 5620 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:50:05.0704 5620 WwanSvc - ok
22:50:05.0798 5620 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
22:50:05.0813 5620 yukonw7 - ok
22:50:05.0860 5620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:50:05.0922 5620 \Device\Harddisk0\DR0 - ok
22:50:05.0922 5620 Boot (0x1200) (d160e778545be265e7610563d025b694) \Device\Harddisk0\DR0\Partition0
22:50:05.0922 5620 \Device\Harddisk0\DR0\Partition0 - ok
22:50:05.0922 5620 ============================================================
22:50:05.0922 5620 Scan finished
22:50:05.0922 5620 ============================================================
22:50:05.0938 5200 Detected object count: 1
22:50:05.0938 5200 Actual detected object count: 1
22:50:44.0766 5200 C:\Windows\system32\sskbfd.dll - copied to quarantine
22:50:44.0766 5200 HKLM\SYSTEM\ControlSet001\services\iPassPeriodicUpdateApp - will be deleted on reboot
22:50:44.0798 5200 HKLM\SYSTEM\ControlSet002\services\iPassPeriodicUpdateApp - will be deleted on reboot
22:50:44.0954 5200 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
22:50:45.0094 5200 C:\Windows\system32\sskbfd.dll - will be deleted on reboot
22:50:45.0094 5200 iPassPeriodicUpdateApp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
22:51:08.0042 4588 Deinitialize success

#6 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 April 2012 - 10:56 PM

When I restarted the computer, Windows 7 went into Startup Repair because it could not load Windows. Its now attempting repairs going through Startup Repair??? Is this suppose to happen?

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 03 April 2012 - 04:51 PM

Hello.

Yes let it try at least 3 or 4 times to fix it. You may have to reboot several times.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 03 April 2012 - 07:35 PM

Yes, it took a while but it fixed it. I still see some automatic window tabs open up and go to random sites. For instance, when I opened this webpage in Firefox, another tab opened up and went to a random search engine. Do I still have malware/virus on my system?

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 04 April 2012 - 07:38 PM

Hello,

Please run TdssKiller and Combofix again and post their logs. They both have been updated. Once you have ran those scans then do the following.


Is you computer connected to the internet through a router? If so we need to reset that router.
How to reset your router.


Things to include in your next reply::
TdssKIller log
Combofix log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 05 April 2012 - 02:42 PM

ComboFix Log:

ComboFix 12-04-05.06 - Saad 04/05/2012 12:41:27.3.2 - x64
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.4094.2879 [GMT -4:00]
Running from: c:\users\Saad\Desktop\ComboFix_2.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 16:57 . 2012-04-05 16:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-04 02:28 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2348A320-C480-47FB-81BB-403037A7F5E4}\mpengine.dll
2012-04-03 02:50 . 2012-04-05 16:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 00:58 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-03-31 17:06 . 2012-04-05 16:40 -------- d-----w- C:\ComboFix
2012-03-31 07:36 . 2012-04-05 17:16 -------- d-----w- c:\users\Saad\AppData\Roaming\DMCache
2012-03-31 07:36 . 2012-04-03 08:56 -------- d-----w- c:\users\Saad\AppData\Roaming\IDM
2012-03-31 07:36 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-03-27 16:56 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-25 04:46 . 2012-03-25 04:46 -------- d-----w- C:\SL
2012-03-25 04:44 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\MagicISO
2012-03-24 03:14 . 2012-04-03 08:55 -------- d-----w- c:\programdata\GetRight
2012-03-24 03:14 . 2012-04-03 08:56 -------- d-----w- c:\users\Saad\AppData\Roaming\GetRight
2012-03-19 15:52 . 2012-04-03 08:05 -------- d-----w- c:\program files (x86)\MSECache
2012-03-19 15:45 . 2012-03-19 15:48 -------- d-----w- c:\users\Saad\AppData\Roaming\Softplicity
2012-03-16 11:08 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-13 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:30 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:30 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:30 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:29 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 18:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 18:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-12 17:25 . 2012-03-12 17:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-03-11 16:37 . 2012-03-12 17:25 -------- d-----w- c:\programdata\SpeedBit
2012-03-11 16:37 . 2012-03-12 17:26 -------- d-----w- c:\program files (x86)\DAP
2012-03-11 16:37 . 2012-03-11 16:37 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2012-03-11 16:37 . 2012-03-11 16:36 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-03-11 16:37 . 2012-03-11 16:36 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-03-11 16:32 . 2012-03-11 16:32 29184 ----a-r- c:\users\Saad\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-03-11 16:32 . 2012-04-03 08:54 -------- d-----w- c:\program files (x86)\mkv2vob
2012-03-10 21:47 . 2012-03-10 21:47 -------- d-----w- c:\users\Saad\AppData\Local\The Neat Company
2012-03-10 21:43 . 2012-04-03 08:55 -------- d-----w- c:\program files\Send To Neat
2012-03-10 21:43 . 2011-08-24 17:59 102912 ----a-w- c:\windows\agent_x64.exe
2012-03-10 21:39 . 2011-08-24 18:01 52224 ----a-w- c:\windows\system32\sdtnpm.dll
2012-03-10 21:31 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\Common Files\Comscan
2012-03-10 21:31 . 2012-04-03 08:01 -------- d-----w- c:\program files (x86)\Common Files\NeatReceipts
2012-03-10 21:30 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-03-10 21:29 . 2012-04-03 08:54 -------- d-----w- c:\program files\Common Files\The Neat Company
2012-03-10 21:18 . 2012-04-03 08:54 -------- d-----w- c:\program files (x86)\Neat
2012-03-09 18:13 . 2012-04-03 08:54 -------- d-----w- c:\program files\iPod
2012-03-09 18:13 . 2012-04-03 08:54 -------- d-----w- c:\program files\iTunes
2012-03-09 18:13 . 2012-04-03 08:53 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:31 . 2012-04-05 17:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-23 13:18 . 2010-03-14 21:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 01:09 . 2011-05-14 06:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-12-17 08:26 . 2011-04-05 10:01 13844000 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-4-5 13844000]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-4-5 13844000]
.
c:\users\Saad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Saad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 16:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.2.0.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rvd;TIB/Rendezvous Communications Daemon;c:\windows\rvntsctl.exe rvd [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TIBCOAdmin-MGM;TIBCO Administrator 5.7 (MGM);C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice TIBCOAdmin-MGM [x]
R3 tibemsd;TIBCO EMS Server (PID: 672);c:\windows\emsntsct.exe tibemsd [x]
R3 tibemsmcd;TIBCO EMS Multicast Daemon;c:\windows\emsntsct.exe tibemsmcd [x]
R3 TIBHawkAgent-MGM-SONY-VAIO;TIBCO Hawk Agent (MGM);C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice TIBHawkAgent-MGM-SONY-VAIO [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 367456]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-04-20 50688]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-04-20 950784]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-04-20 690688]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-21 239648]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [x]
S3 R5U870FLamd64;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLamd64.sys [x]
S3 R5U870FUamd64;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUamd64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613363240-3350486489-3168525673-1000Core.job
- c:\users\Saad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 18:52]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-613363240-3350486489-3168525673-1000UA.job
- c:\users\Saad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-22 18:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-21 16561184]
"combofix"="c:\combofix_2\CF23551.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
surveyor
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2011\spy.htm
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3275F1BC-B5EA-44A5-9F59-696C473150D1}: NameServer = 129.166.9.101,129.166.32.150
FF - ProfilePath - c:\users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\n4yh5u2v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-74773784.sys
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBCOAdmin-MGM]
"ImagePath"="C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice \"TIBCOAdmin-MGM\""
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBHawkAgent-MGM-SONY-VAIO]
"ImagePath"="C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice \"TIBHawkAgent-MGM-SONY-VAIO\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBCOAdmin-MGM]
"ImagePath"="C:/tibco/administrator/domain/MGM/bin/tibcoadmin_MGM.exe --ntservice \"TIBCOAdmin-MGM\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TIBHawkAgent-MGM-SONY-VAIO]
"ImagePath"="C:/tibco/tra/domain/MGM/hawkagent_MGM.exe --ntservice \"TIBHawkAgent-MGM-SONY-VAIO\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-613363240-3350486489-3168525673-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e7,e7,80,c6,cf,4e,21,d1,52,43,37,a4,24,d2,7a,cc,af,63,fb,60,97,
3a,f4,96,57,9d,f8,22,0e,d1,41,1e,10,8d,4d,76,70,b8,c7,9c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-613363240-3350486489-3168525673-1000_Classes\Wow6432Node\CLSID\{91983d59-9a63-496e-a54e-a64ff1f4104f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005f
"Therad"=dword:00000006
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-04-05 13:41:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 17:41
ComboFix2.txt 2012-04-03 03:22
ComboFix3.txt 2012-04-01 01:51
ComboFix4.txt 2012-03-31 17:39
.
Pre-Run: 47,092,310,016 bytes free
Post-Run: 46,845,444,096 bytes free
.
- - End Of File - - 816541090A6E6689666A1EC771FF671B






TDSS Logs

12:29:45.0011 4828 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:29:47.0025 4828 ============================================================
12:29:47.0025 4828 Current date / time: 2012/04/05 12:29:47.0025
12:29:47.0025 4828 SystemInfo:
12:29:47.0025 4828
12:29:47.0025 4828 OS Version: 6.1.7601 ServicePack: 1.0
12:29:47.0025 4828 Product type: Workstation
12:29:47.0025 4828 ComputerName: SONY-VAIO
12:29:47.0025 4828 UserName: Saad
12:29:47.0025 4828 Windows directory: C:\Windows
12:29:47.0025 4828 System windows directory: C:\Windows
12:29:47.0025 4828 Running under WOW64
12:29:47.0025 4828 Processor architecture: Intel x64
12:29:47.0025 4828 Number of processors: 2
12:29:47.0025 4828 Page size: 0x1000
12:29:47.0025 4828 Boot type: Normal boot
12:29:47.0025 4828 ============================================================
12:29:48.0226 4828 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:48.0226 4828 \Device\Harddisk0\DR0:
12:29:48.0226 4828 MBR used
12:29:48.0226 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x11AD000, BlocksNum 0x162F17FC
12:29:48.0313 4828 Initialize success
12:29:48.0313 4828 ============================================================
12:29:52.0087 5192 Deinitialize success

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 05 April 2012 - 03:04 PM

Hows the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 05 April 2012 - 04:20 PM

Same issue...I run TDSSKiller, it finds the malware, deletes it and reboots the computer. Then I run combofix and it does it's thing and reboots. Then, once I shut down the computer and restart it, Windows 7 goes into startup error and launches Startup Repair. Once that's completed, the computer state is back to where it was prior to the fix. I've repeated this procedure several times and the computer is going into Startup Repair everytime after running Tdss and Combofix.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 05 April 2012 - 06:31 PM

Please let start up repair run till it starts up normally then reset the router immediately if you have one.
then tell me if your still getting popups and redirects.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 djny2k

djny2k
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 06 April 2012 - 05:10 PM

I am still seeing redirects and popups after resetting the router.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 11,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:11:48 AM

Posted 06 April 2012 - 10:50 PM

Hello,

1.
Please follow the instructions below:
  • Download the yorkyt.exe disinfection tool (1,31 MB).
  • Save the file to your hard disk; to the Windows Desktop, for example.
  • Double click the yorkyt.exe file.
  • A reboot will be requested to install a driver.
  • Another reboot will be requested to complete the disinfection.
  • When the disinfection is completed, accept the message that will be displayed.

2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Things to include in your next reply::
yorkyt.exe log
MBAM log
RogueKiller log
Still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users