Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to Remove TrojanDownloader:Win32/Adload.DA


  • This topic is locked This topic is locked
14 replies to this topic

#1 BABU1994

BABU1994

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 24 July 2012 - 06:07 AM

Windows action center gave me the following warning:

Remove the TrojanDownloader:Win32/Adload.DA virus from your computer
Windows has detected TrojanDownloader:Win32/Adload.DA, a known computer virus, on your computer.

To remove the virus from your computer, follow these instructions:

Go to the following website:
Microsoft Safety Scanner
Click Download Now, and then follow the instructions on the screen.

I downloaded Microsoft Safety Scanner and ran a full system scan and it found nothing infected.

I then ran a full system scan using Microsoft security essentials and found nothing again.

Does this mean that malware is gone?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by at 22:15:32 on 2012-07-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3838.1522 [GMT 12:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.xtra.co.nz/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [FAStartup]
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\BHAVIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CB1EB85E-9FB9-4DC1-A2CF-DBF58C6B7084} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CB1EB85E-9FB9-4DC1-A2CF-DBF58C6B7084}\84F4D454 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EB36A299-2DC1-4BDD-B2E7-CC85CC63C3EF} : DhcpNameServer = 192.168.222.251
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2012-2-7 89600]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-4-23 2412728]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NetLogin Helper;NetLogin Helper;C:\Program Files (x86)\NetLogin\NetLoginService.exe [2008-2-18 69632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-24 08:17:50 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{166AA005-B8E7-425C-9F9B-ACE91F18F0F2}\offreg.dll
2012-07-24 05:43:13 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-24 05:34:56 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-24 05:34:01 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-24 05:28:42 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{166AA005-B8E7-425C-9F9B-ACE91F18F0F2}\mpengine.dll
2012-07-24 04:54:17 -------- d-----w- C:\Users\AppData\Local\{36775749-DEE1-4C72-843C-C00A9DEB558E}
2012-07-24 04:54:06 -------- d-----w- C:\Users\AppData\Local\{05840721-86A6-4B68-855F-442D055ACAD0}
2012-07-23 05:14:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 05:09:21 -------- d-----w- C:\Users\AppData\Local\{C4017BF1-836A-4AB2-B61C-FB3BC090AC3E}
2012-07-23 05:09:09 -------- d-----w- C:\Users\AppData\Local\{FE398526-6AB7-40E3-B952-9EDF7BE6C168}
2012-07-22 12:11:15 -------- d-----w- C:\Users\AppData\Local\{4C62D2F6-219B-461C-A5B3-2CB90ED674BA}
2012-07-22 12:11:04 -------- d-----w- C:\Users\AppData\Local\{C9A59A81-B23D-4BF6-A6BF-EC4EFD280722}
2012-07-22 00:10:52 -------- d-----w- C:\Users\AppData\Local\{B17B6171-603B-4B59-A4F3-F05F5D3B4BCF}
2012-07-22 00:10:41 -------- d-----w- C:\Users\AppData\Local\{A5C2490C-F2BD-4AF2-8065-3D6FEFBE675E}
2012-07-21 11:04:03 -------- d-----w- C:\Users\AppData\Local\{67255771-105D-47FE-9533-907353411B2C}
2012-07-21 11:02:57 -------- d-----w- C:\Users\AppData\Local\{7D8B36FC-DCCB-4C8E-800B-344D8844C66F}
2012-07-20 21:53:55 -------- d-----w- C:\Users\AppData\Local\{4C72620D-5DA7-4BCA-8285-B73CC47076A4}
2012-07-20 21:53:38 -------- d-----w- C:\Users\AppData\Local\{8F8C1638-C216-44CA-8347-BAB9731854DE}
2012-07-20 06:02:20 -------- d-----w- C:\Users\AppData\Local\{1B0D8976-871D-4997-9EE6-6A7ADCE75CD3}
2012-07-20 06:02:08 -------- d-----w- C:\Users\AppData\Local\{939FC512-2F13-4F7A-96CC-CDB7268565C7}
2012-07-19 05:18:48 -------- d-----w- C:\Users\AppData\Local\{4F24AA34-9E7E-4D21-9C81-EBC62B933F6E}
2012-07-19 05:18:36 -------- d-----w- C:\Users\AppData\Local\{874B5AF8-7F31-4785-B1F3-56DEC7CDD948}
2012-07-18 06:58:11 -------- d-----w- C:\Users\AppData\Local\{580EDEB3-101E-4B75-ACEE-738DBF9034B4}
2012-07-18 06:57:55 -------- d-----w- C:\Users\AppData\Local\{6081F24D-8B03-4747-B46E-21BE5B060DFB}
2012-07-17 04:39:16 -------- d-----w- C:\Users\AppData\Local\{6B21085B-652C-44ED-B83B-314D27B482ED}
2012-07-17 04:39:06 -------- d-----w- C:\Users\AppData\Local\{8D8C4C48-9341-4C0A-96E0-2EE6C2CBE23C}
2012-07-16 04:14:24 -------- d-----w- C:\Users\AppData\Local\{E3774062-E74F-4B73-9457-0F3F1CE616DE}
2012-07-16 04:14:13 -------- d-----w- C:\Users\AppData\Local\{C3B81022-CC50-4FBF-B933-D56F6C93805C}
2012-07-15 01:33:59 -------- d-----w- C:\Users\AppData\Local\{C37E7D16-3203-4C06-9107-D8E54DA4818D}
2012-07-15 01:33:48 -------- d-----w- C:\Users\AppData\Local\{E7822E2B-55FF-40F9-B842-91A1ED8A4BC4}
2012-07-13 04:18:59 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-12 22:21:54 -------- d-----w- C:\Users\AppData\Local\{DADA1FCF-DC67-4909-A135-7B6C763C5178}
2012-07-12 22:21:49 -------- d-----w- C:\Users\AppData\Local\{77A0A129-A3D0-4580-874A-B3C56BAA687D}
2012-07-12 10:19:03 -------- d-----w- C:\Users\AppData\Local\{96E23002-B869-4C02-98FF-19D9ECBF9715}
2012-07-12 10:17:18 -------- d-----w- C:\Users\AppData\Local\{A3D587E2-E531-42A2-8CB3-3BEB41B4CBD8}
2012-07-11 22:23:23 -------- d-----w- C:\Program Files\Pharos
2012-07-11 22:23:21 -------- d-----w- C:\ProgramData\Ricoh
2012-07-11 22:22:36 716800 ----atw- C:\Windows\System32\PSR6D105.DLL
2012-07-11 22:22:35 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2012-07-11 22:22:31 -------- d-----w- C:\Program Files (x86)\PharosSystems
2012-07-11 22:22:22 -------- d-----w- C:\Program Files (x86)\Pharos
2012-07-11 22:16:59 -------- d-----w- C:\Users\AppData\Local\{6A0B981C-E891-4A5F-9B6F-FE2143467B40}
2012-07-11 22:16:57 -------- d-----w- C:\Users\AppData\Local\{8E5D6C35-CCE4-42EB-ACEE-01D3B1FEC96C}
2012-07-11 04:39:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:59:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 00:36:56 -------- d-----w- C:\Users\AppData\Local\{BD811741-F443-45C9-A286-F21600A22E95}
2012-07-11 00:36:53 -------- d-----w- C:\Users\AppData\Local\{97344E5E-3587-40FD-9FDD-EA625FEABB0B}
2012-07-10 12:36:28 -------- d-----w- C:\Users\AppData\Local\{3764493C-8B0B-40BC-A206-7BA5AFAF8927}
2012-07-10 12:36:17 -------- d-----w- C:\Users\AppData\Local\{12CC3B2A-E1D9-49D7-A020-A4AE0EE633D1}
2012-07-10 00:36:01 -------- d-----w- C:\Users\AppData\Local\{59EB9165-D0A3-4D2F-8574-411D4AA869A6}
2012-07-10 00:35:59 -------- d-----w- C:\Users\AppData\Local\{A62A93C2-2739-4D45-A45D-2DC378A2E402}
2012-07-09 12:35:34 -------- d-----w- C:\Users\AppData\Local\{FBEF997E-A3B3-491D-9CEC-49F130DBC883}
2012-07-09 12:35:22 -------- d-----w- C:\Users\AppData\Local\{8B3E65A9-C514-48B8-81CC-76300B2E549E}
2012-07-09 00:35:06 -------- d-----w- C:\Users\AppData\Local\{C1F7D643-D38D-4409-B1A5-BFBFABAD73A9}
2012-07-09 00:35:04 -------- d-----w- C:\Users\AppData\Local\{657BCE57-B951-4534-9288-3C4D00EC89AA}
2012-07-08 12:34:39 -------- d-----w- C:\Users\AppData\Local\{5CC8B1EA-4EAD-4FA7-9C9F-8381195DA7C0}
2012-07-08 12:34:28 -------- d-----w- C:\Users\AppData\Local\{1DD0636B-E7BD-4925-B881-91F72B4A0EDD}
2012-07-08 00:34:16 -------- d-----w- C:\Users\AppData\Local\{F16623B5-58C4-43F8-8D29-43B2583452BD}
2012-07-08 00:34:05 -------- d-----w- C:\Users\AppData\Local\{53E59054-4516-4559-9379-92EBD2DD6B76}
2012-07-07 12:33:40 -------- d-----w- C:\Users\AppData\Local\{3E078BF3-FA87-4822-B17F-C461C3AE92E2}
2012-07-07 12:33:28 -------- d-----w- C:\Users\AppData\Local\{ECC386D1-C805-471E-B8F2-161DA19ACE8B}
2012-07-07 00:33:16 -------- d-----w- C:\Users\AppData\Local\{E2A67537-CA29-4DD2-BBA2-BF22CCF009EE}
2012-07-07 00:33:04 -------- d-----w- C:\Users\AppData\Local\{0A0EC1FD-094C-4D47-BC0D-933EE6F6CD3E}
2012-07-06 10:04:59 -------- d-----w- C:\Users\AppData\Local\{09C7678E-8860-492E-986C-AA84367714CC}
2012-07-06 10:04:48 -------- d-----w- C:\Users\AppData\Local\{45FF6E9A-4593-4CD5-9E31-897ACF54583B}
2012-07-05 22:04:28 -------- d-----w- C:\Users\AppData\Local\{E7485CE8-19F8-449D-B1E5-EC9738D3EB5B}
2012-07-05 22:04:23 -------- d-----w- C:\Users\AppData\Local\{6D7D90AB-E133-4436-9D60-1F99BA3DCAF3}
2012-07-05 00:00:07 -------- d-----w- C:\Users\AppData\Local\{2E67E848-3678-4E2D-80CB-69F4A19ABB14}
2012-07-04 23:58:21 -------- d-----w- C:\Users\AppData\Local\{800B2DE0-87F3-449F-B914-4B38079F960E}
2012-07-04 12:05:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25F43044-C360-4C52-9B95-2A9C62EB5E05}\gapaengine.dll
2012-07-04 11:56:22 -------- d-----w- C:\Users\AppData\Local\{2A314897-D0EF-4E17-9BC1-60F639B19919}
2012-07-04 11:54:38 -------- d-----w- C:\Users\AppData\Local\{494D4BF5-C01D-451D-846E-4B6C01D25591}
2012-07-03 22:43:05 -------- d-----w- C:\Program Files (x86)\NetLogin
2012-07-03 22:06:39 -------- d-----w- C:\Users\AppData\Local\{E4BB8796-8F61-4FB9-9618-B2B898BB57F8}
2012-07-03 22:05:03 -------- d-----w- C:\Users\AppData\Local\{C9170ACA-AE76-4062-927B-7514302469A1}
2012-07-03 08:05:18 -------- d-----w- C:\Users\AppData\Local\{AD540725-8DF3-4CAD-8B8A-8F21A57E38EC}
2012-07-03 08:05:08 -------- d-----w- C:\Users\AppData\Local\{118250A7-6487-418A-853E-FABD13B94DDA}
2012-07-02 22:12:49 -------- d-----w- C:\Users\AppData\Local\{8E35724C-F7FB-4A4E-9A6D-BDB442B10645}
2012-07-02 05:19:10 -------- d-----w- C:\Users\AppData\Local\{88D42262-371E-4780-9E96-2AD8D47F93CF}
2012-07-02 05:18:59 -------- d-----w- C:\Users\AppData\Local\{E176054A-E8E4-4C67-A7F1-E9392C0E9962}
2012-07-01 22:27:36 -------- d-----w- C:\Users\AppData\Local\{714FE6C5-18E1-42C7-91F4-E365E9A5FA71}
2012-07-01 00:52:36 -------- d-----w- C:\Users\AppData\Local\{50CB4371-0FFD-4FC9-A54C-788C57EBBC15}
2012-07-01 00:52:25 -------- d-----w- C:\Users\AppData\Local\{3780A9F1-90AD-4975-B26F-3468FAA02341}
2012-06-30 00:12:58 -------- d-----w- C:\Users\AppData\Local\{A3C8EC9E-6B75-4514-9685-F0B456D5B74D}
2012-06-30 00:12:46 -------- d-----w- C:\Users\AppData\Local\{98B46A0E-2298-4888-8BBC-CA105E665644}
2012-06-29 11:13:56 -------- d-----w- C:\Users\AppData\Local\{51663657-21F9-4F49-890F-D4FFCE07D2BE}
2012-06-29 11:13:41 -------- d-----w- C:\Users\AppData\Local\{207952F7-268F-4441-8496-01B3BCB368E7}
2012-06-28 21:28:16 -------- d-----w- C:\Users\AppData\Local\{899C937C-7A4A-4A64-8907-00B5921DB06E}
2012-06-28 21:28:02 -------- d-----w- C:\Users\AppData\Local\{BE96704D-73E9-4E95-85E6-A535BF10DD6D}
2012-06-27 22:20:31 -------- d-----w- C:\Users\AppData\Local\{8B65E01E-1318-4379-B88B-39A5F52379CD}
2012-06-27 22:19:59 -------- d-----w- C:\Users\AppData\Local\{493F6422-DCC3-4651-B37D-D8FA59331553}
2012-06-27 00:03:32 -------- d-----w- C:\Users\AppData\Local\{5CF43FDF-0129-45A1-BE79-A5634EC19BA2}
2012-06-27 00:03:29 -------- d-----w- C:\Users\AppData\Local\{973BC8E7-B930-4FBD-AE7B-7EC97A629593}
2012-06-26 12:03:04 -------- d-----w- C:\Users\AppData\Local\{AC4B6A6F-061A-47E5-89D7-724A246B9813}
2012-06-26 00:02:39 -------- d-----w- C:\Users\AppData\Local\{1E00DF8F-DF14-478A-8F0C-33D44061B8D5}
2012-06-26 00:02:25 -------- d-----w- C:\Users\AppData\Local\{2A7FB4FD-D512-4F42-85D9-F5AD7C5127BE}
2012-06-25 02:08:13 -------- d-----w- C:\Users\AppData\Local\{5D7E612C-F752-4726-B2F2-5C2C9619288C}
2012-06-25 02:08:03 -------- d-----w- C:\Users\AppData\Local\{509A349E-41C0-4CC0-9DDB-4FBC5F6ECC04}
2012-06-24 14:07:38 -------- d-----w- C:\Users\AppData\Local\{0C8AC597-1BA5-458F-B95A-D512EED247AC}
.
==================== Find3M ====================
.
2012-07-24 05:16:39 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-07-24 05:16:36 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-07-05 10:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-02 03:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 03:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:16:11.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 26 July 2012 - 01:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 26 July 2012 - 02:07 AM

Hi gringo_pr, thank you for the prompt reply. I've conducted the tests asked for. My computer is running fine, it's not lagging and I have not had any pop ups. I have not experienced any more problems. Below are the logs requested from Security Check and Combofix.

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


ComboFix 12-07-26.04 - B 26/07/2012 18:42:21.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3838.2439 [GMT 12:00]
Running from: c:\users\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Netlogin
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 06:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDBD097C-C14B-4A5C-AA4B-0DA53EEFD129}\mpengine.dll
2012-07-24 05:43 . 2012-07-24 05:43 -------- d-----w- c:\program files (x86)\ESET
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 05:34 . 2012-07-24 05:34 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 05:34 . 2012-07-05 10:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-24 05:28 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 04:18 . 2012-07-13 04:18 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-11 22:23 . 2012-07-11 22:23 -------- d-----w- c:\program files\Pharos
2012-07-11 22:23 . 2012-07-11 22:23 -------- d-----w- c:\programdata\Ricoh
2012-07-11 22:22 . 2010-01-14 07:15 716800 ----atw- c:\windows\system32\PSR6D105.DLL
2012-07-11 22:22 . 2010-01-14 07:15 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2012-07-11 22:22 . 2012-07-11 22:22 -------- d-----w- c:\program files (x86)\Pharos
2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 12:05 . 2012-02-14 01:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25F43044-C360-4C52-9B95-2A9C62EB5E05}\gapaengine.dll
2012-07-03 22:43 . 2012-07-03 22:43 -------- d-----w- c:\program files (x86)\NetLogin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 06:47 . 2012-02-15 21:52 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-26 06:47 . 2012-02-15 21:59 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-11 04:35 . 2012-02-06 08:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 10:06 . 2012-03-17 03:27 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 03:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 03:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-19 02:51 . 2012-05-19 02:51 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-12 23:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:16 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 23:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]
.
c:\users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-23 09:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NetLogin Helper;NetLogin Helper;c:\program files (x86)\NetLogin\NetLoginService.exe [2008-02-18 69632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-12 69736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 168864]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-18 315840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240974498-3979212728-187219531-1000Core.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 08:23]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240974498-3979212728-187219531-1000UA.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 08:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-08 3216544]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-28 444416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-04 16328736]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF16515.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.xtra.co.nz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2012-07-26 18:52:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 06:52
.
Pre-Run: 20,155,817,984 bytes free
Post-Run: 20,415,143,936 bytes free
.
- - End Of File - - 26F96482B5B173024036EEF4E9586C65

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 26 July 2012 - 02:31 AM

Greetings BABU1994

lets run these to make sure nothing comes up

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 26 July 2012 - 03:55 AM

Hi gringo_pr,

Conducted the tests required without any problem. Below are the logs requested from TDSSKILLER and aswMBR:


20:02:03.0894 4652 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:02:04.0923 4652 ============================================================
20:02:04.0923 4652 Current date / time: 2012/07/26 20:02:04.0923
20:02:04.0923 4652 SystemInfo:
20:02:04.0923 4652
20:02:04.0923 4652 OS Version: 6.1.7601 ServicePack: 1.0
20:02:04.0923 4652 Product type: Workstation
20:02:04.0923 4652 ComputerName: -PC
20:02:04.0923 4652 UserName:
20:02:04.0923 4652 Windows directory: C:\Windows
20:02:04.0923 4652 System windows directory: C:\Windows
20:02:04.0923 4652 Running under WOW64
20:02:04.0923 4652 Processor architecture: Intel x64
20:02:04.0923 4652 Number of processors: 2
20:02:04.0923 4652 Page size: 0x1000
20:02:04.0923 4652 Boot type: Normal boot
20:02:04.0923 4652 ============================================================
20:02:07.0061 4652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:02:07.0066 4652 ============================================================
20:02:07.0066 4652 \Device\Harddisk0\DR0:
20:02:07.0067 4652 MBR partitions:
20:02:07.0067 4652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:02:07.0067 4652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
20:02:07.0067 4652 ============================================================
20:02:07.0099 4652 C: <-> \Device\Harddisk0\DR0\Partition1
20:02:07.0099 4652 ============================================================
20:02:07.0099 4652 Initialize success
20:02:07.0099 4652 ============================================================
20:02:20.0492 5008 ============================================================
20:02:20.0492 5008 Scan started
20:02:20.0492 5008 Mode: Manual;
20:02:20.0492 5008 ============================================================
20:02:22.0682 5008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
20:02:22.0742 5008 1394ohci - ok
20:02:23.0119 5008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:02:23.0122 5008 ACPI - ok
20:02:23.0271 5008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:02:23.0272 5008 AcpiPmi - ok
20:02:23.0573 5008 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:02:23.0575 5008 AdobeARMservice - ok
20:02:24.0124 5008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:02:24.0129 5008 adp94xx - ok
20:02:24.0505 5008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:02:24.0509 5008 adpahci - ok
20:02:24.0902 5008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:02:24.0950 5008 adpu320 - ok
20:02:25.0142 5008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:02:25.0143 5008 AeLookupSvc - ok
20:02:25.0689 5008 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
20:02:25.0691 5008 AESTFilters - ok
20:02:26.0249 5008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:02:26.0253 5008 AFD - ok
20:02:26.0431 5008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:02:26.0432 5008 agp440 - ok
20:02:26.0608 5008 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:02:26.0610 5008 ALG - ok
20:02:26.0780 5008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:02:26.0781 5008 aliide - ok
20:02:26.0839 5008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:02:26.0840 5008 amdide - ok
20:02:26.0976 5008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:02:26.0977 5008 AmdK8 - ok
20:02:27.0153 5008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:02:27.0154 5008 AmdPPM - ok
20:02:27.0451 5008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:02:27.0453 5008 amdsata - ok
20:02:27.0770 5008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:02:27.0774 5008 amdsbs - ok
20:02:27.0841 5008 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:02:27.0842 5008 amdxata - ok
20:02:28.0050 5008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:02:28.0052 5008 AppID - ok
20:02:28.0127 5008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:02:28.0128 5008 AppIDSvc - ok
20:02:28.0350 5008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:02:28.0352 5008 Appinfo - ok
20:02:28.0684 5008 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:02:28.0686 5008 Apple Mobile Device - ok
20:02:29.0026 5008 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:02:29.0028 5008 AppMgmt - ok
20:02:29.0213 5008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:02:29.0215 5008 arc - ok
20:02:29.0369 5008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:02:29.0370 5008 arcsas - ok
20:02:29.0448 5008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:02:29.0449 5008 AsyncMac - ok
20:02:29.0548 5008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:02:29.0549 5008 atapi - ok
20:02:30.0669 5008 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
20:02:30.0703 5008 athr - ok
20:02:31.0305 5008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:02:31.0312 5008 AudioEndpointBuilder - ok
20:02:31.0318 5008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:02:31.0321 5008 AudioSrv - ok
20:02:31.0391 5008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:02:31.0392 5008 AxInstSV - ok
20:02:31.0826 5008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:02:31.0831 5008 b06bdrv - ok
20:02:31.0968 5008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:02:31.0972 5008 b57nd60a - ok
20:02:32.0108 5008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:02:32.0110 5008 BDESVC - ok
20:02:32.0175 5008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:02:32.0176 5008 Beep - ok
20:02:32.0875 5008 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:02:32.0935 5008 BFE - ok
20:02:33.0490 5008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:02:33.0513 5008 BITS - ok
20:02:33.0735 5008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:02:33.0736 5008 blbdrive - ok
20:02:34.0094 5008 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:02:34.0099 5008 Bonjour Service - ok
20:02:34.0226 5008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:02:34.0227 5008 bowser - ok
20:02:34.0264 5008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:02:34.0265 5008 BrFiltLo - ok
20:02:34.0297 5008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:02:34.0298 5008 BrFiltUp - ok
20:02:34.0341 5008 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:02:34.0343 5008 BridgeMP - ok
20:02:34.0483 5008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:02:34.0486 5008 Browser - ok
20:02:34.0623 5008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:02:34.0626 5008 Brserid - ok
20:02:34.0691 5008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:02:34.0692 5008 BrSerWdm - ok
20:02:34.0735 5008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:02:34.0736 5008 BrUsbMdm - ok
20:02:34.0757 5008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:02:34.0757 5008 BrUsbSer - ok
20:02:34.0852 5008 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:02:34.0853 5008 BthEnum - ok
20:02:34.0974 5008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:02:34.0975 5008 BTHMODEM - ok
20:02:35.0140 5008 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:02:35.0142 5008 BthPan - ok
20:02:35.0701 5008 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
20:02:35.0707 5008 BTHPORT - ok
20:02:35.0785 5008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:02:35.0786 5008 bthserv - ok
20:02:35.0884 5008 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
20:02:35.0885 5008 BTHUSB - ok
20:02:35.0968 5008 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:02:35.0969 5008 btwaudio - ok
20:02:36.0102 5008 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
20:02:36.0104 5008 btwavdt - ok
20:02:36.0866 5008 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:02:36.0923 5008 btwdins - ok
20:02:36.0994 5008 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:02:36.0996 5008 btwl2cap - ok
20:02:37.0062 5008 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:02:37.0063 5008 btwrchid - ok
20:02:37.0175 5008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:02:37.0177 5008 cdfs - ok
20:02:37.0285 5008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:02:37.0288 5008 cdrom - ok
20:02:37.0428 5008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:02:37.0430 5008 CertPropSvc - ok
20:02:37.0584 5008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:02:37.0586 5008 circlass - ok
20:02:37.0915 5008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:02:37.0964 5008 CLFS - ok
20:02:38.0260 5008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:38.0262 5008 clr_optimization_v2.0.50727_32 - ok
20:02:38.0535 5008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:02:38.0537 5008 clr_optimization_v2.0.50727_64 - ok
20:02:38.0756 5008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:02:38.0758 5008 clr_optimization_v4.0.30319_32 - ok
20:02:38.0980 5008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:02:38.0982 5008 clr_optimization_v4.0.30319_64 - ok
20:02:39.0114 5008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:02:39.0115 5008 CmBatt - ok
20:02:39.0162 5008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:02:39.0163 5008 cmdide - ok
20:02:39.0515 5008 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:02:39.0520 5008 CNG - ok
20:02:39.0623 5008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:02:39.0624 5008 Compbatt - ok
20:02:39.0811 5008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:02:39.0813 5008 CompositeBus - ok
20:02:39.0852 5008 COMSysApp - ok
20:02:39.0907 5008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:02:39.0908 5008 crcdisk - ok
20:02:40.0153 5008 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:02:40.0155 5008 CryptSvc - ok
20:02:40.0643 5008 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:02:40.0683 5008 CSC - ok
20:02:41.0344 5008 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:02:41.0374 5008 CscService - ok
20:02:41.0706 5008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:02:41.0759 5008 DcomLaunch - ok
20:02:42.0046 5008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:02:42.0049 5008 defragsvc - ok
20:02:42.0271 5008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:02:42.0272 5008 DfsC - ok
20:02:42.0415 5008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:02:42.0423 5008 Dhcp - ok
20:02:42.0445 5008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:02:42.0445 5008 discache - ok
20:02:42.0540 5008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:02:42.0541 5008 Disk - ok
20:02:42.0568 5008 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:02:42.0569 5008 dmvsc - ok
20:02:42.0597 5008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:02:42.0600 5008 Dnscache - ok
20:02:42.0762 5008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:02:42.0766 5008 dot3svc - ok
20:02:42.0868 5008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:02:42.0871 5008 DPS - ok
20:02:42.0939 5008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:02:42.0940 5008 drmkaud - ok
20:02:43.0148 5008 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:02:43.0151 5008 dtsoftbus01 - ok
20:02:43.0323 5008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:02:43.0332 5008 DXGKrnl - ok
20:02:43.0367 5008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:02:43.0369 5008 EapHost - ok
20:02:43.0555 5008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:02:43.0586 5008 ebdrv - ok
20:02:45.0070 5008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:02:45.0071 5008 EFS - ok
20:02:46.0198 5008 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:02:46.0248 5008 ehRecvr - ok
20:02:46.0261 5008 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:02:46.0263 5008 ehSched - ok
20:02:46.0599 5008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:02:46.0605 5008 elxstor - ok
20:02:46.0614 5008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:02:46.0615 5008 ErrDev - ok
20:02:46.0652 5008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:02:46.0657 5008 EventSystem - ok
20:02:46.0677 5008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:02:46.0679 5008 exfat - ok
20:02:46.0762 5008 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
20:02:46.0764 5008 FACAP - ok
20:02:47.0482 5008 FAService (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
20:02:47.0494 5008 FAService - ok
20:02:47.0814 5008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:02:47.0816 5008 fastfat - ok
20:02:47.0902 5008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:02:47.0909 5008 Fax - ok
20:02:47.0919 5008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:02:47.0921 5008 fdc - ok
20:02:47.0979 5008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:02:47.0981 5008 fdPHost - ok
20:02:47.0989 5008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:02:47.0991 5008 FDResPub - ok
20:02:48.0003 5008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:02:48.0004 5008 FileInfo - ok
20:02:48.0016 5008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:02:48.0017 5008 Filetrace - ok
20:02:48.0021 5008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:02:48.0022 5008 flpydisk - ok
20:02:48.0045 5008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:02:48.0048 5008 FltMgr - ok
20:02:48.0259 5008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:02:48.0270 5008 FontCache - ok
20:02:48.0352 5008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:02:48.0353 5008 FontCache3.0.0.0 - ok
20:02:48.0394 5008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:02:48.0396 5008 FsDepends - ok
20:02:48.0461 5008 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:02:48.0462 5008 Fs_Rec - ok
20:02:48.0534 5008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:02:48.0536 5008 fvevol - ok
20:02:48.0586 5008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:02:48.0587 5008 gagp30kx - ok
20:02:48.0655 5008 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:02:48.0656 5008 GEARAspiWDM - ok
20:02:48.0700 5008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:02:48.0708 5008 gpsvc - ok
20:02:48.0723 5008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:02:48.0724 5008 hcw85cir - ok
20:02:48.0855 5008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:02:48.0858 5008 HdAudAddService - ok
20:02:48.0935 5008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:02:48.0937 5008 HDAudBus - ok
20:02:48.0949 5008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:02:48.0950 5008 HidBatt - ok
20:02:49.0006 5008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:02:49.0008 5008 HidBth - ok
20:02:49.0067 5008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:02:49.0068 5008 HidIr - ok
20:02:49.0092 5008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:02:49.0093 5008 hidserv - ok
20:02:49.0139 5008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:02:49.0141 5008 HidUsb - ok
20:02:49.0166 5008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:02:49.0168 5008 hkmsvc - ok
20:02:49.0193 5008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:02:49.0196 5008 HomeGroupListener - ok
20:02:49.0239 5008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:02:49.0242 5008 HomeGroupProvider - ok
20:02:49.0297 5008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:02:49.0298 5008 HpSAMD - ok
20:02:49.0380 5008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:02:49.0387 5008 HTTP - ok
20:02:49.0402 5008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:02:49.0403 5008 hwpolicy - ok
20:02:49.0457 5008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:02:49.0459 5008 i8042prt - ok
20:02:49.0516 5008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:02:49.0520 5008 iaStorV - ok
20:02:49.0679 5008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:02:49.0689 5008 idsvc - ok
20:02:49.0739 5008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:02:49.0741 5008 iirsp - ok
20:02:49.0793 5008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:02:49.0802 5008 IKEEXT - ok
20:02:49.0823 5008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:02:49.0824 5008 intelide - ok
20:02:49.0897 5008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:02:49.0898 5008 intelppm - ok
20:02:49.0924 5008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:02:49.0926 5008 IPBusEnum - ok
20:02:49.0947 5008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:02:49.0948 5008 IpFilterDriver - ok
20:02:49.0981 5008 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:02:49.0986 5008 iphlpsvc - ok
20:02:49.0992 5008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:02:49.0994 5008 IPMIDRV - ok
20:02:50.0001 5008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:02:50.0003 5008 IPNAT - ok
20:02:50.0118 5008 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:02:50.0127 5008 iPod Service - ok
20:02:50.0178 5008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:02:50.0179 5008 IRENUM - ok
20:02:50.0201 5008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:02:50.0202 5008 isapnp - ok
20:02:50.0223 5008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:02:50.0226 5008 iScsiPrt - ok
20:02:50.0367 5008 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
20:02:50.0368 5008 itecir - ok
20:02:50.0443 5008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:50.0444 5008 kbdclass - ok
20:02:50.0494 5008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:50.0495 5008 kbdhid - ok
20:02:50.0513 5008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:02:50.0514 5008 KeyIso - ok
20:02:50.0584 5008 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:02:50.0585 5008 KSecDD - ok
20:02:50.0604 5008 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:02:50.0606 5008 KSecPkg - ok
20:02:50.0624 5008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:02:50.0625 5008 ksthunk - ok
20:02:50.0663 5008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:02:50.0668 5008 KtmRm - ok
20:02:50.0701 5008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:02:50.0704 5008 LanmanServer - ok
20:02:50.0720 5008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:02:50.0724 5008 LanmanWorkstation - ok
20:02:50.0782 5008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:02:50.0784 5008 lltdio - ok
20:02:50.0834 5008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:02:50.0838 5008 lltdsvc - ok
20:02:50.0847 5008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:02:50.0848 5008 lmhosts - ok
20:02:50.0920 5008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:02:50.0921 5008 LSI_FC - ok
20:02:50.0938 5008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:02:50.0940 5008 LSI_SAS - ok
20:02:50.0958 5008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:02:50.0959 5008 LSI_SAS2 - ok
20:02:50.0981 5008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:02:50.0982 5008 LSI_SCSI - ok
20:02:51.0017 5008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:02:51.0018 5008 luafv - ok
20:02:51.0055 5008 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:02:51.0057 5008 Mcx2Svc - ok
20:02:51.0066 5008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:02:51.0068 5008 megasas - ok
20:02:51.0092 5008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:02:51.0095 5008 MegaSR - ok
20:02:51.0377 5008 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:02:51.0378 5008 Microsoft Office Groove Audit Service - ok
20:02:51.0674 5008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:02:51.0677 5008 MMCSS - ok
20:02:51.0689 5008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:02:51.0691 5008 Modem - ok
20:02:51.0781 5008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:02:51.0781 5008 monitor - ok
20:02:51.0852 5008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:02:51.0853 5008 mouclass - ok
20:02:51.0913 5008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:02:51.0915 5008 mouhid - ok
20:02:51.0955 5008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:02:51.0956 5008 mountmgr - ok
20:02:52.0085 5008 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:02:52.0088 5008 MpFilter - ok
20:02:52.0126 5008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:02:52.0128 5008 mpio - ok
20:02:52.0137 5008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:02:52.0138 5008 mpsdrv - ok
20:02:52.0269 5008 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:02:52.0291 5008 MpsSvc - ok
20:02:52.0319 5008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:02:52.0321 5008 MRxDAV - ok
20:02:52.0460 5008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:52.0462 5008 mrxsmb - ok
20:02:52.0547 5008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:52.0549 5008 mrxsmb10 - ok
20:02:52.0612 5008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:52.0613 5008 mrxsmb20 - ok
20:02:52.0651 5008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:02:52.0652 5008 msahci - ok
20:02:52.0692 5008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:02:52.0694 5008 msdsm - ok
20:02:52.0751 5008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:02:52.0755 5008 MSDTC - ok
20:02:52.0770 5008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:02:52.0771 5008 Msfs - ok
20:02:52.0813 5008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:02:52.0816 5008 mshidkmdf - ok
20:02:52.0835 5008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:02:52.0835 5008 msisadrv - ok
20:02:52.0964 5008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:02:52.0967 5008 MSiSCSI - ok
20:02:52.0970 5008 msiserver - ok
20:02:53.0161 5008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:02:53.0162 5008 MSKSSRV - ok
20:02:53.0339 5008 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:02:53.0339 5008 MsMpSvc - ok
20:02:53.0356 5008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:53.0357 5008 MSPCLOCK - ok
20:02:53.0370 5008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:02:53.0371 5008 MSPQM - ok
20:02:53.0482 5008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:02:53.0486 5008 MsRPC - ok
20:02:53.0502 5008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:02:53.0503 5008 mssmbios - ok
20:02:53.0581 5008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:02:53.0582 5008 MSTEE - ok
20:02:53.0589 5008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:02:53.0590 5008 MTConfig - ok
20:02:53.0609 5008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:02:53.0610 5008 Mup - ok
20:02:53.0660 5008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:02:53.0668 5008 napagent - ok
20:02:53.0766 5008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:02:53.0769 5008 NativeWifiP - ok
20:02:53.0815 5008 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:02:53.0823 5008 NDIS - ok
20:02:53.0837 5008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:02:53.0838 5008 NdisCap - ok
20:02:53.0882 5008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:53.0883 5008 NdisTapi - ok
20:02:53.0936 5008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:53.0937 5008 Ndisuio - ok
20:02:53.0950 5008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:53.0952 5008 NdisWan - ok
20:02:53.0965 5008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:02:53.0966 5008 NDProxy - ok
20:02:53.0993 5008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:02:53.0993 5008 NetBIOS - ok
20:02:54.0016 5008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:02:54.0018 5008 NetBT - ok
20:02:54.0240 5008 NetLogin Helper (001f311339b76a0b2907a7926805d88e) C:\Program Files (x86)\NetLogin\NetLoginService.exe
20:02:54.0240 5008 NetLogin Helper - ok
20:02:54.0286 5008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:02:54.0287 5008 Netlogon - ok
20:02:54.0356 5008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:02:54.0361 5008 Netman - ok
20:02:54.0413 5008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:02:54.0418 5008 netprofm - ok
20:02:54.0472 5008 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:54.0474 5008 NetTcpPortSharing - ok
20:02:54.0578 5008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:02:54.0580 5008 nfrd960 - ok
20:02:54.0751 5008 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:02:54.0753 5008 NisDrv - ok
20:02:54.0801 5008 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:02:54.0804 5008 NisSrv - ok
20:02:54.0881 5008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:02:54.0885 5008 NlaSvc - ok
20:02:54.0902 5008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:02:54.0902 5008 Npfs - ok
20:02:54.0911 5008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:02:54.0913 5008 nsi - ok
20:02:54.0922 5008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:02:54.0923 5008 nsiproxy - ok
20:02:55.0136 5008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:02:55.0162 5008 Ntfs - ok
20:02:55.0460 5008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:02:55.0462 5008 Null - ok
20:02:55.0678 5008 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:02:55.0683 5008 NVENETFD - ok
20:02:57.0215 5008 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
20:02:57.0217 5008 NVHDA - ok
20:03:00.0143 5008 nvlddmkm (782db4086fc3b58df54598ea19cf5be2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:03:00.0328 5008 nvlddmkm - ok
20:03:00.0776 5008 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:03:00.0779 5008 NVNET - ok
20:03:00.0898 5008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:03:00.0900 5008 nvraid - ok
20:03:00.0984 5008 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
20:03:00.0984 5008 nvsmu - ok
20:03:01.0012 5008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:03:01.0014 5008 nvstor - ok
20:03:01.0154 5008 nvstor64 (5b3f39342934b79841fa888d6957aa14) C:\Windows\system32\DRIVERS\nvstor64.sys
20:03:01.0156 5008 nvstor64 - ok
20:03:01.0258 5008 nvsvc (ec22ae4f072a03e0f9d9e8f9def33b68) C:\Windows\system32\nvvsvc.exe
20:03:01.0269 5008 nvsvc - ok
20:03:01.0339 5008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:03:01.0340 5008 nv_agp - ok
20:03:01.0424 5008 OA001Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA001Ufd.sys
20:03:01.0426 5008 OA001Ufd - ok
20:03:01.0568 5008 OA001Vid (f39a394bdb20217db5d6d91d54e83bf5) C:\Windows\system32\DRIVERS\OA001Vid.sys
20:03:01.0571 5008 OA001Vid - ok
20:03:01.0935 5008 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:03:01.0957 5008 odserv - ok
20:03:01.0973 5008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:03:01.0974 5008 ohci1394 - ok
20:03:02.0089 5008 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:03:02.0091 5008 ose - ok
20:03:03.0580 5008 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:03:03.0696 5008 osppsvc - ok
20:03:04.0207 5008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:03:04.0221 5008 p2pimsvc - ok
20:03:04.0260 5008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:03:04.0265 5008 p2psvc - ok
20:03:04.0375 5008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:03:04.0376 5008 Parport - ok
20:03:04.0465 5008 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:03:04.0466 5008 partmgr - ok
20:03:04.0504 5008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:03:04.0507 5008 PcaSvc - ok
20:03:04.0527 5008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:03:04.0529 5008 pci - ok
20:03:04.0546 5008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:03:04.0547 5008 pciide - ok
20:03:04.0601 5008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:03:04.0603 5008 pcmcia - ok
20:03:04.0608 5008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:03:04.0609 5008 pcw - ok
20:03:04.0641 5008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:03:04.0648 5008 PEAUTH - ok
20:03:05.0011 5008 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:03:05.0025 5008 PeerDistSvc - ok
20:03:05.0101 5008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:03:05.0103 5008 PerfHost - ok
20:03:05.0355 5008 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
20:03:05.0457 5008 Pharos Systems ComTaskMaster - ok
20:03:06.0283 5008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:03:06.0323 5008 pla - ok
20:03:06.0433 5008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:03:06.0440 5008 PlugPlay - ok
20:03:06.0469 5008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:03:06.0472 5008 PNRPAutoReg - ok
20:03:06.0520 5008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:03:06.0523 5008 PNRPsvc - ok
20:03:06.0708 5008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:03:06.0714 5008 PolicyAgent - ok
20:03:06.0751 5008 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:03:06.0755 5008 Power - ok
20:03:06.0889 5008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:03:06.0896 5008 PptpMiniport - ok
20:03:07.0033 5008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:03:07.0034 5008 Processor - ok
20:03:07.0143 5008 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:03:07.0154 5008 ProfSvc - ok
20:03:07.0201 5008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:03:07.0203 5008 ProtectedStorage - ok
20:03:07.0273 5008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:03:07.0275 5008 Psched - ok
20:03:07.0539 5008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:03:07.0561 5008 ql2300 - ok
20:03:07.0987 5008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:03:07.0989 5008 ql40xx - ok
20:03:08.0026 5008 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:03:08.0030 5008 QWAVE - ok
20:03:08.0048 5008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:03:08.0055 5008 QWAVEdrv - ok
20:03:08.0071 5008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:03:08.0072 5008 RasAcd - ok
20:03:08.0133 5008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:03:08.0134 5008 RasAgileVpn - ok
20:03:08.0153 5008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:03:08.0156 5008 RasAuto - ok
20:03:08.0189 5008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:03:08.0191 5008 Rasl2tp - ok
20:03:08.0293 5008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:03:08.0298 5008 RasMan - ok
20:03:08.0320 5008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:03:08.0321 5008 RasPppoe - ok
20:03:08.0335 5008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:03:08.0337 5008 RasSstp - ok
20:03:08.0356 5008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:03:08.0359 5008 rdbss - ok
20:03:08.0392 5008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:03:08.0394 5008 rdpbus - ok
20:03:08.0405 5008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:03:08.0406 5008 RDPCDD - ok
20:03:08.0449 5008 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:03:08.0451 5008 RDPDR - ok
20:03:08.0513 5008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:03:08.0513 5008 RDPENCDD - ok
20:03:08.0529 5008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:03:08.0529 5008 RDPREFMP - ok
20:03:08.0660 5008 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:03:08.0662 5008 RDPWD - ok
20:03:08.0925 5008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:03:08.0927 5008 rdyboost - ok
20:03:08.0956 5008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:03:08.0959 5008 RemoteAccess - ok
20:03:08.0987 5008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:03:08.0990 5008 RemoteRegistry - ok
20:03:09.0023 5008 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:03:09.0025 5008 RFCOMM - ok
20:03:09.0090 5008 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:03:09.0091 5008 rimmptsk - ok
20:03:09.0102 5008 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
20:03:09.0103 5008 rimsptsk - ok
20:03:09.0118 5008 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:03:09.0120 5008 rismxdp - ok
20:03:09.0128 5008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:03:09.0130 5008 RpcEptMapper - ok
20:03:09.0155 5008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:03:09.0157 5008 RpcLocator - ok
20:03:09.0368 5008 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\SysWOW64\rpcnet.exe
20:03:09.0369 5008 rpcnet - ok
20:03:09.0417 5008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:03:09.0421 5008 RpcSs - ok
20:03:09.0477 5008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:03:09.0479 5008 rspndr - ok
20:03:09.0501 5008 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:03:09.0502 5008 s3cap - ok
20:03:09.0524 5008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:03:09.0525 5008 SamSs - ok
20:03:09.0543 5008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:03:09.0545 5008 sbp2port - ok
20:03:09.0567 5008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:03:09.0570 5008 SCardSvr - ok
20:03:09.0582 5008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:03:09.0584 5008 scfilter - ok
20:03:09.0638 5008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:03:09.0649 5008 Schedule - ok
20:03:09.0676 5008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:03:09.0676 5008 SCPolicySvc - ok
20:03:09.0739 5008 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:03:09.0741 5008 sdbus - ok
20:03:09.0774 5008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:03:09.0777 5008 SDRSVC - ok
20:03:09.0833 5008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:03:09.0834 5008 secdrv - ok
20:03:09.0850 5008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:03:09.0852 5008 seclogon - ok
20:03:09.0870 5008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:03:09.0873 5008 SENS - ok
20:03:09.0887 5008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:03:09.0889 5008 SensrSvc - ok
20:03:09.0909 5008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:03:09.0910 5008 Serenum - ok
20:03:09.0977 5008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:03:09.0979 5008 Serial - ok
20:03:09.0983 5008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:03:09.0984 5008 sermouse - ok
20:03:10.0010 5008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:03:10.0013 5008 SessionEnv - ok
20:03:10.0031 5008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:03:10.0032 5008 sffdisk - ok
20:03:10.0037 5008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:03:10.0038 5008 sffp_mmc - ok
20:03:10.0049 5008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:03:10.0050 5008 sffp_sd - ok
20:03:10.0064 5008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:03:10.0065 5008 sfloppy - ok
20:03:10.0147 5008 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:03:10.0152 5008 SharedAccess - ok
20:03:10.0184 5008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:03:10.0190 5008 ShellHWDetection - ok
20:03:10.0239 5008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:03:10.0240 5008 SiSRaid2 - ok
20:03:10.0263 5008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:03:10.0265 5008 SiSRaid4 - ok
20:03:10.0372 5008 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:03:10.0374 5008 SkypeUpdate - ok
20:03:10.0428 5008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:03:10.0430 5008 Smb - ok
20:03:10.0501 5008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:03:10.0503 5008 SNMPTRAP - ok
20:03:10.0517 5008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:03:10.0517 5008 spldr - ok
20:03:10.0584 5008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:03:10.0592 5008 Spooler - ok
20:03:10.0864 5008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:03:10.0903 5008 sppsvc - ok
20:03:11.0177 5008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:03:11.0180 5008 sppuinotify - ok
20:03:11.0230 5008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:03:11.0235 5008 srv - ok
20:03:11.0259 5008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:03:11.0263 5008 srv2 - ok
20:03:11.0277 5008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:03:11.0279 5008 srvnet - ok
20:03:11.0335 5008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:03:11.0339 5008 SSDPSRV - ok
20:03:11.0349 5008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:03:11.0352 5008 SstpSvc - ok
20:03:11.0666 5008 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
20:03:11.0688 5008 STacSV - ok
20:03:11.0707 5008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:03:11.0708 5008 stexstor - ok
20:03:11.0772 5008 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
20:03:11.0777 5008 STHDA - ok
20:03:11.0896 5008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:03:11.0903 5008 stisvc - ok
20:03:11.0928 5008 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:03:11.0929 5008 storflt - ok
20:03:11.0945 5008 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:03:11.0947 5008 StorSvc - ok
20:03:12.0000 5008 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:03:12.0002 5008 storvsc - ok
20:03:12.0018 5008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:03:12.0020 5008 swenum - ok
20:03:12.0063 5008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:03:12.0069 5008 swprv - ok
20:03:12.0155 5008 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
20:03:12.0158 5008 SynTP - ok
20:03:12.0263 5008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:03:12.0281 5008 SysMain - ok
20:03:12.0500 5008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:03:12.0503 5008 TabletInputService - ok
20:03:12.0556 5008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:03:12.0561 5008 TapiSrv - ok
20:03:12.0579 5008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:03:12.0582 5008 TBS - ok
20:03:13.0070 5008 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:03:13.0107 5008 Tcpip - ok
20:03:13.0434 5008 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:03:13.0444 5008 TCPIP6 - ok
20:03:13.0597 5008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:03:13.0599 5008 tcpipreg - ok
20:03:13.0614 5008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:03:13.0615 5008 TDPIPE - ok
20:03:13.0664 5008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:03:13.0665 5008 TDTCP - ok
20:03:13.0682 5008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:03:13.0686 5008 tdx - ok
20:03:13.0701 5008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:03:13.0706 5008 TermDD - ok
20:03:13.0771 5008 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:03:13.0781 5008 TermService - ok
20:03:13.0803 5008 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:03:13.0805 5008 Themes - ok
20:03:13.0830 5008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:03:13.0831 5008 THREADORDER - ok
20:03:13.0880 5008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:03:13.0883 5008 TrkWks - ok
20:03:14.0061 5008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:03:14.0063 5008 TrustedInstaller - ok
20:03:14.0081 5008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:03:14.0082 5008 tssecsrv - ok
20:03:14.0162 5008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:03:14.0163 5008 TsUsbFlt - ok
20:03:14.0169 5008 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:03:14.0170 5008 TsUsbGD - ok
20:03:14.0234 5008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:03:14.0235 5008 tunnel - ok
20:03:14.0241 5008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:03:14.0242 5008 uagp35 - ok
20:03:14.0278 5008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:03:14.0282 5008 udfs - ok
20:03:14.0328 5008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:03:14.0330 5008 UI0Detect - ok
20:03:14.0340 5008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:03:14.0341 5008 uliagpkx - ok
20:03:14.0411 5008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:03:14.0412 5008 umbus - ok
20:03:14.0415 5008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:03:14.0419 5008 UmPass - ok
20:03:14.0472 5008 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:03:14.0476 5008 UmRdpService - ok
20:03:14.0532 5008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:03:14.0538 5008 upnphost - ok
20:03:14.0570 5008 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:03:14.0572 5008 usbccgp - ok
20:03:14.0595 5008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:03:14.0597 5008 usbcir - ok
20:03:14.0617 5008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:03:14.0619 5008 usbehci - ok
20:03:14.0662 5008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:03:14.0669 5008 usbhub - ok
20:03:14.0684 5008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:03:14.0686 5008 usbohci - ok
20:03:14.0794 5008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:03:14.0795 5008 usbprint - ok
20:03:14.0833 5008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:03:14.0835 5008 USBSTOR - ok
20:03:14.0860 5008 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:03:14.0862 5008 usbuhci - ok
20:03:14.0915 5008 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:03:14.0918 5008 usbvideo - ok
20:03:14.0952 5008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:03:14.0955 5008 UxSms - ok
20:03:14.0992 5008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:03:14.0993 5008 VaultSvc - ok
20:03:15.0069 5008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:03:15.0070 5008 vdrvroot - ok
20:03:15.0278 5008 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:03:15.0286 5008 vds - ok
20:03:15.0352 5008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:03:15.0353 5008 vga - ok
20:03:15.0366 5008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:03:15.0376 5008 VgaSave - ok
20:03:15.0399 5008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:03:15.0402 5008 vhdmp - ok
20:03:15.0418 5008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:03:15.0420 5008 viaide - ok
20:03:15.0458 5008 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:03:15.0460 5008 vmbus - ok
20:03:15.0478 5008 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:03:15.0479 5008 VMBusHID - ok
20:03:15.0493 5008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:03:15.0494 5008 volmgr - ok
20:03:15.0519 5008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:03:15.0524 5008 volmgrx - ok
20:03:15.0545 5008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:03:15.0548 5008 volsnap - ok
20:03:15.0607 5008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:03:15.0609 5008 vsmraid - ok
20:03:16.0257 5008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:03:16.0320 5008 VSS - ok
20:03:16.0603 5008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:03:16.0604 5008 vwifibus - ok
20:03:16.0653 5008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:03:16.0655 5008 vwififlt - ok
20:03:16.0706 5008 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:03:16.0707 5008 vwifimp - ok
20:03:16.0765 5008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:03:16.0770 5008 W32Time - ok
20:03:16.0789 5008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:03:16.0790 5008 WacomPen - ok
20:03:16.0859 5008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:03:16.0861 5008 WANARP - ok
20:03:16.0864 5008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:03:16.0864 5008 Wanarpv6 - ok
20:03:17.0453 5008 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:03:17.0485 5008 WatAdminSvc - ok
20:03:19.0166 5008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:03:19.0223 5008 wbengine - ok
20:03:19.0820 5008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:03:19.0825 5008 WbioSrvc - ok
20:03:19.0857 5008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:03:19.0862 5008 wcncsvc - ok
20:03:19.0900 5008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:03:19.0903 5008 WcsPlugInService - ok
20:03:19.0950 5008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:03:19.0951 5008 Wd - ok
20:03:20.0024 5008 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
20:03:20.0025 5008 WDC_SAM - ok
20:03:20.0058 5008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:03:20.0065 5008 Wdf01000 - ok
20:03:20.0079 5008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:03:20.0082 5008 WdiServiceHost - ok
20:03:20.0085 5008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:03:20.0087 5008 WdiSystemHost - ok
20:03:20.0119 5008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:03:20.0123 5008 WebClient - ok
20:03:20.0139 5008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:03:20.0143 5008 Wecsvc - ok
20:03:20.0158 5008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:03:20.0161 5008 wercplsupport - ok
20:03:20.0216 5008 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:03:20.0219 5008 WerSvc - ok
20:03:20.0273 5008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:03:20.0274 5008 WfpLwf - ok
20:03:20.0288 5008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:03:20.0289 5008 WIMMount - ok
20:03:20.0314 5008 WinDefend - ok
20:03:20.0319 5008 WinHttpAutoProxySvc - ok
20:03:20.0532 5008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:03:20.0535 5008 Winmgmt - ok
20:03:21.0511 5008 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:03:21.0587 5008 WinRM - ok
20:03:21.0988 5008 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:03:21.0989 5008 WinUsb - ok
20:03:22.0264 5008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:03:22.0275 5008 Wlansvc - ok
20:03:23.0226 5008 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:03:23.0266 5008 wlidsvc - ok
20:03:23.0691 5008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:03:23.0692 5008 WmiAcpi - ok
20:03:23.0781 5008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:03:23.0784 5008 wmiApSrv - ok
20:03:23.0861 5008 WMPNetworkSvc - ok
20:03:23.0888 5008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:03:23.0890 5008 WPCSvc - ok
20:03:23.0914 5008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:03:23.0917 5008 WPDBusEnum - ok
20:03:23.0932 5008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:03:23.0932 5008 ws2ifsl - ok
20:03:24.0005 5008 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:03:24.0008 5008 wscsvc - ok
20:03:24.0011 5008 WSearch - ok
20:03:25.0061 5008 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:03:25.0126 5008 wuauserv - ok
20:03:25.0370 5008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:03:25.0373 5008 WudfPf - ok
20:03:25.0436 5008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:03:25.0439 5008 WUDFRd - ok
20:03:25.0467 5008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:03:25.0470 5008 wudfsvc - ok
20:03:25.0490 5008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:03:25.0494 5008 WwanSvc - ok
20:03:25.0555 5008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:03:26.0061 5008 \Device\Harddisk0\DR0 - ok
20:03:26.0082 5008 Boot (0x1200) (8d72feaddfe76b0591370beda6980298) \Device\Harddisk0\DR0\Partition0
20:03:26.0083 5008 \Device\Harddisk0\DR0\Partition0 - ok
20:03:26.0095 5008 Boot (0x1200) (e249473af8e7e7a08ecb6a11bd994810) \Device\Harddisk0\DR0\Partition1
20:03:26.0096 5008 \Device\Harddisk0\DR0\Partition1 - ok
20:03:26.0099 5008 ============================================================
20:03:26.0099 5008 Scan finished
20:03:26.0099 5008 ============================================================
20:03:26.0106 1020 Detected object count: 0
20:03:26.0107 1020 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 20:04:37
-----------------------------
20:04:37.665 OS Version: Windows x64 6.1.7601 Service Pack 1
20:04:37.665 Number of processors: 2 586 0x1706
20:04:37.666 ComputerName: -PC UserName:
20:04:38.729 Initialize success
20:09:09.734 AVAST engine defs: 12072600
20:09:54.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
20:09:54.048 Disk 0 Vendor: TOSHIBA_ LJ01 Size: 305245MB BusType: 11
20:09:54.056 Disk 0 MBR read successfully
20:09:54.058 Disk 0 MBR scan
20:09:54.062 Disk 0 Windows 7 default MBR code
20:09:54.066 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:09:54.096 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
20:09:54.165 Disk 0 scanning C:\Windows\system32\drivers
20:10:05.391 Service scanning
20:10:33.621 Modules scanning
20:10:33.627 Disk 0 trace - called modules:
20:10:33.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
20:10:33.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e2b060]
20:10:33.993 3 CLASSPNP.SYS[fffff88001bb843f] -> nt!IofCallDriver -> [0xfffffa8004c99d30]
20:10:33.997 5 ACPI.sys[fffff88000f657a1] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8004ce4060]
20:10:35.060 AVAST engine scan C:\Windows
20:10:38.480 AVAST engine scan C:\Windows\system32
20:14:31.500 AVAST engine scan C:\Windows\system32\drivers
20:14:51.677 AVAST engine scan C:\Users\
20:37:14.212 AVAST engine scan C:\ProgramData
20:38:29.555 Scan finished successfully
20:50:58.517 Disk 0 MBR has been saved successfully to "C:\Users\Desktop\MBR.dat"
20:50:58.573 The log file has been saved successfully to "C:\Users\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 26 July 2012 - 12:57 PM

Greetings BABU1994

Good those are looking very good!!

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 27 July 2012 - 02:08 AM

Hi gringo_pr,

Thanks so much for the help so far :). I haven't had any problems so far and my computer has been running fine. Requested log below:


ComboFix 12-07-27.02 - 27/07/2012 18:35:26.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3838.2505 [GMT 12:00]
Running from: c:\users\Desktop\ComboFix.exe
Command switches used :: c:\users\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 06:40 . 2012-07-27 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 06:32 . 2012-07-27 06:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF67ECE4-3E64-4EB7-B476-13EA559A8E35}\offreg.dll
2012-07-27 06:20 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF67ECE4-3E64-4EB7-B476-13EA559A8E35}\mpengine.dll
2012-07-26 06:57 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 05:43 . 2012-07-24 05:43 -------- d-----w- c:\program files (x86)\ESET
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 05:34 . 2012-07-24 05:34 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 05:34 . 2012-07-05 10:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-13 04:18 . 2012-07-13 04:18 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-11 22:23 . 2012-07-11 22:23 -------- d-----w- c:\program files\Pharos
2012-07-11 22:23 . 2012-07-11 22:23 -------- d-----w- c:\programdata\Ricoh
2012-07-11 22:22 . 2010-01-14 07:15 716800 ----atw- c:\windows\system32\PSR6D105.DLL
2012-07-11 22:22 . 2010-01-14 07:15 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2012-07-11 22:22 . 2012-07-11 22:22 -------- d-----w- c:\program files (x86)\Pharos
2012-07-11 04:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 12:05 . 2012-02-14 01:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25F43044-C360-4C52-9B95-2A9C62EB5E05}\gapaengine.dll
2012-07-03 22:43 . 2012-07-03 22:43 -------- d-----w- c:\program files (x86)\NetLogin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 06:09 . 2012-02-15 21:52 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-27 06:09 . 2012-02-15 21:59 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-11 04:35 . 2012-02-06 08:44 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 10:06 . 2012-03-17 03:27 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 03:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 03:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-19 02:51 . 2012-05-19 02:51 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-12 23:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:16 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_06.48.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-27 06:27 37118 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-26 06:58 47564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-06 08:02 . 2012-07-19 05:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-06 08:02 . 2012-07-26 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-06 08:02 . 2012-07-19 05:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-06 08:02 . 2012-07-26 07:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 05:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-06 17:01 . 2012-07-26 06:58 9702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2240974498-3979212728-187219531-1000_UserData.bin
- 2012-02-07 03:59 . 2012-07-26 06:46 5239 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-02-07 03:59 . 2012-07-26 14:44 5239 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-26 06:47 . 2012-07-26 06:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 06:09 . 2012-07-27 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 06:09 . 2012-07-27 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-26 06:47 . 2012-07-26 06:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-26 06:00 630974 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-27 06:15 630974 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-26 06:00 112026 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-27 06:15 112026 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-26 06:46 397904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-26 14:44 397904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-06 10:02 . 2012-07-26 06:46 3917278 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2240974498-3979212728-187219531-1000-8192.dat
+ 2012-02-06 10:02 . 2012-07-26 14:44 3917278 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2240974498-3979212728-187219531-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]
"FAStartup"="" [BU]
.
c:\users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-23 09:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NetLogin Helper;NetLogin Helper;c:\program files (x86)\NetLogin\NetLoginService.exe [2008-02-18 69632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-12 69736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 168864]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-18 315840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240974498-3979212728-187219531-1000Core.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 08:23]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240974498-3979212728-187219531-1000UA.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 08:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-28 444416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-04 16328736]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.xtra.co.nz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 18:42:17
ComboFix-quarantined-files.txt 2012-07-27 06:42
ComboFix2.txt 2012-07-26 06:52
.
Pre-Run: 20,937,576,448 bytes free
Post-Run: 20,629,442,560 bytes free
.
- - End Of File - - 92B3E671367235CF046B589F721BCFBE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 July 2012 - 02:10 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 27 July 2012 - 02:32 AM

Hi gringo_pr,

I've had no problems so far, my computer has being running without a problem. Requested logs:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
:: -PC [administrator]

Protection: Enabled

27/07/2012 7:20:02 p.m.
mbam-log-2012-07-27 (19-20-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192033
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:27:59 p.m., on 27/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Startup: Dropbox.lnk = \AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetLogin Helper - Unknown owner - C:\Program Files (x86)\NetLogin\NetLoginService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10071 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 July 2012 - 02:30 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = \AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 28 July 2012 - 08:16 PM

Hi gringo_pr,

I've run the tesst, no threats were found using the ESET online scanner. Thanks so much for your help :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 28 July 2012 - 08:48 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BABU1994

BABU1994
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 29 July 2012 - 06:18 AM

Hi gringo_pr,

Performed all the tasks. Thanks again for your help :). Such an awesome website!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 29 July 2012 - 02:15 PM

you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 01 August 2012 - 05:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users