Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec-c virus - ads everywhere and hyperlinks on webpages


  • This topic is locked This topic is locked
21 replies to this topic

#1 adrian77

adrian77

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 27 March 2012 - 11:11 PM

Hey there,

I downloaded what I thought was a standard plugin called Codec-C but, like others have found, it is instead a pesky virus which places ads all over regular webpages that are "not by website" and hyperlinks certain words on webpages to redirect to more ads. Also, my Programs folder off the Start menu is gone, leaving only a few accessories. All the programs still exist, but I can't seem to get them back on the Start menu. Please let me know what I should do. Thank you!
- Adrian

Here is the DDS report and I've attached the GMER report:


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Osman at 22:57:06 on 2012-03-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1346 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Osman\AppData\Local\Akamai\netsession_win.exe
C:\Users\Osman\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Osman\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Osman\Documents\Desktop\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\users\osman\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04218445-1307-4965-A929-4F2E10DBD06C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FAA9A4A-66EF-4522-BF43-1BFA4B252212} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{35122F39-0C83-40F8-9332-0DB4D1EB5479} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6AB33EB7-649C-4231-AAD6-A079A93B610A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9CE426BB-EF38-4163-AFFB-E0F2AEB4E628} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\osman\appdata\roaming\mozilla\firefox\profiles\idic7jkd.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\osman\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\osman\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\osman\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKslc6ce4d5c;MpKslc6ce4d5c;c:\programdata\microsoft\microsoft antimalware\definition updates\{7100e986-b28c-49f4-9688-173054276288}\MpKslc6ce4d5c.sys [2012-3-27 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2008-11-20 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-3-26 66848]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-10-24 58736]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-30 112128]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-12-15 48192]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-19 29736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-8 30192]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2011-3-13 39048]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
.
=============== Created Last 30 ================
.
2012-03-28 02:45:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7100e986-b28c-49f4-9688-173054276288}\offreg.dll
2012-03-28 01:15:38 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7100e986-b28c-49f4-9688-173054276288}\MpKslc6ce4d5c.sys
2012-03-27 19:01:34 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7100e986-b28c-49f4-9688-173054276288}\mpengine.dll
2012-03-27 03:43:13 -------- d-----w- C:\$RECYCLE.BIN
2012-03-27 03:26:41 -------- d-----w- c:\users\osman\appdata\local\temp
2012-03-27 03:19:02 98816 ----a-w- c:\windows\sed.exe
2012-03-27 03:19:02 518144 ----a-w- c:\windows\SWREG.exe
2012-03-27 03:19:02 256000 ----a-w- c:\windows\PEV.exe
2012-03-27 03:19:02 208896 ----a-w- c:\windows\MBR.exe
2012-03-27 03:18:55 -------- d-----w- C:\ComboFix
2012-03-27 02:21:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 04:11:54 -------- d-----w- c:\programdata\Premium
2012-03-24 04:11:12 -------- d-----w- c:\programdata\InstallMate
2012-03-18 13:21:27 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 13:21:27 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 16:54:54 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:54:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 16:54:53 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 16:54:53 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:54:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 16:54:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 11:06:39 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:06:38 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-02 03:05:01 -------- d-----w- c:\program files\Refworks
.
==================== Find3M ====================
.
2012-02-23 16:14:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 15:48:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:57:44.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 12:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 11:57 AM

Hi Gringo,

Thanks for your response. I tried to copy/paste my Combofix log, but it said it was too big and it was too big to attach as well., I've tried to copy and paste it in parts or attach it in parts, but those were too big in size as well. Is that normal? How should I get the log to you? The ads are still all over the websites and my Programs menu is still missing, so no change there. In addition, something strange has happened to my desktop. There are ghost (transparent) files from all over my C drive. These files are mostly ghost Word documents and are each 162 bytes in size. Should I delete them? I've attached a screen shot to show what I'm talking about.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 12:54 PM

Hello


upload the file to mediafire.com and send me the link here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 02:17 PM

Hi Gringo.

Here is the link to the Combofix text file: http://www.mediafire.com/?4vid54b63k4lu6b. Thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 03:08 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 03:13 PM

Hi Gringo,

Here are the results of the scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:11 on 28/03/2012 by Osman
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2926592 bytes [17:20 11/01/2010] [03:25 04/04/2011] 36BDADED97C258F1FEFD10C735941148
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe ------- 2923520 bytes [06:30 11/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe ------- 2923520 bytes [06:30 11/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe ------- 2927104 bytes [02:34 21/01/2008] [02:34 21/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe ------- 2927104 bytes [06:30 11/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe ------- 2927616 bytes [06:30 11/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [17:20 11/01/2010] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

Searching for "svchost.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 182856 bytes [02:03 27/03/2012] [18:53 13/01/2012] 63EEC8A8B221AB79045E776E5F592868
C:\Windows\ERDNT\cache\svchost.exe --a---- 21504 bytes [03:48 27/03/2012] [02:33 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\System32\svchost.exe ------- 21504 bytes [02:33 21/01/2008] [02:33 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe ------- 21504 bytes [02:33 21/01/2008] [02:33 21/01/2008] 3794B461C45882E06856F282EEF025AF

Searching for "winlogon.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 182856 bytes [02:03 27/03/2012] [18:53 13/01/2012] 63EEC8A8B221AB79045E776E5F592868
C:\Windows\ERDNT\cache\winlogon.exe --a---- 314368 bytes [03:48 27/03/2012] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\System32\winlogon.exe --a---- 314368 bytes [17:20 11/01/2010] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a---- 314880 bytes [02:34 21/01/2008] [02:34 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a---- 314368 bytes [17:20 11/01/2010] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

-= EOF =-

#8 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 03:16 PM

Also, just to keep you up to date, I've noticed that certain folders are inaccessible through the regular channels. For example, I can't get to My Pictures or My Music from the User folder. Also, it seems to have made those same kind of transparent copies of other files in some of these folders. "Desktop.ini" shows up nearly everywhere.

Thanks,

Adrian.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 04:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe | C:\Windows\explorer.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 05:59 PM

Hi Gringo,

Thanks again for your help. Unfortunately, the ads "not by website" are still popping up. The Programs menu is still missing the Start menu and I still have phantom files all over the place. What should I do next? Below is the Combofix log. Thanks again!

ComboFix 12-03-26.02 - Osman 28/03/2012 18:12:00.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1712 [GMT -4:00]
Running from: c:\users\Osman\Documents\Desktop\ComboFix.exe
Command switches used :: c:\users\Osman\Documents\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 22:19 . 2012-03-28 22:23 -------- d-----w- c:\users\Osman\AppData\Local\temp
2012-03-28 22:19 . 2012-03-28 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 22:09 . 2012-03-28 22:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681FEC78-CEB4-456D-AE5A-E5022C06610C}\MpKsl790ce464.sys
2012-03-28 20:18 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681FEC78-CEB4-456D-AE5A-E5022C06610C}\mpengine.dll
2012-03-27 02:21 . 2012-03-27 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 04:11 . 2012-03-24 04:11 -------- d-----w- c:\programdata\Premium
2012-03-24 04:11 . 2012-03-24 04:11 -------- d-----w- c:\programdata\InstallMate
2012-03-18 13:21 . 2012-03-18 13:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 13:21 . 2012-03-18 13:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 01:45 . 2012-03-16 01:45 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 16:54 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:54 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 16:54 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 16:54 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:54 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 16:54 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 11:06 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:06 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-02 03:05 . 2012-03-02 03:05 -------- d-----w- c:\program files\Refworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-04-07 15:01 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 16:14 . 2011-05-17 00:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 15:48 . 2011-06-02 21:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 21:32 . 2012-02-10 21:32 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EB8785E-6085-47EC-BCCF-97F35C2B55CC}\gapaengine.dll
2012-01-31 12:44 . 2009-10-04 05:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-03-18 13:21 . 2011-05-09 19:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-25 03:20 . 2009-11-09 03:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-28_16.16.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-25 07:12 . 2012-03-28 22:22 22652 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2599493611-1266133161-1204128436-1003_UserData.bin
- 2012-03-28 13:10 . 2012-03-28 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 22:21 . 2012-03-28 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-28 13:10 . 2012-03-28 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-28 22:21 . 2012-03-28 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-28 22:21 . 2009-04-30 20:01 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2008-11-25 08:04 . 2012-03-28 22:07 613990 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-01-21 01:58 . 2012-03-28 22:22 111242 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2012-03-28 22:22 136514 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2011-04-06 12:52 . 2012-03-28 13:09 433168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-06 12:52 . 2012-03-28 22:20 433168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-06 12:52 . 2012-03-28 13:09 3408260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2599493611-1266133161-1204128436-1003-12288.dat
+ 2011-04-06 12:52 . 2012-03-28 22:20 3408260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2599493611-1266133161-1204128436-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Akamai NetSession Interface"="c:\users\Osman\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-31 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 145944]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1105920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2599493611-1266133161-1204128436-1003]
"EnableNotificationsRef"=dword:00000002
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599493611-1266133161-1204128436-1003Core.job
- c:\users\Osman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:26]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599493611-1266133161-1204128436-1003UA.job
- c:\users\Osman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Osman\AppData\Roaming\Mozilla\Firefox\Profiles\idic7jkd.default\

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 18:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\drivers\etc\hosts.ics 374 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ř*‘%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§*]%i%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§*]%i%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ±**]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ±**\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%E*µ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%E*µ*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%¤**]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%¤**\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“%˝*ő*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“%˝*ő*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6394A16B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCCB8240-DCE2-E75D-AC14FD41A6B697E0}\{CCBBBFAF-D782-4243-9A223EC5C9E9D74B}\{381F6F0A-6948-72AB-150979187EC28E60}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5700)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-03-28 18:36:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 22:35
ComboFix2.txt 2012-03-27 03:52
.
Pre-Run: 9,949,863,936 bytes free
Post-Run: 9,979,305,984 bytes free
.
- - End Of File - - ABB8F578EB66DCED853E6312D4284381

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 08:52 PM

Hello


The Programs menu is still missing the Start menu - there is no easy fix for this and you will have to go into the programs folder on the c:/ drive and make new shortcuts for the programs you want there

and I still have phantom files all over the place. - these are files that were hidden and during the last step should be hidden again



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 10:06 PM

Hi Gringo,

Thanks again for your reply. Those hidden files are still around, they haven't become hidden again. Below are the reports, I really appreciate your help.

TDSSKiller:

21:57:49.0267 6008 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:57:49.0513 6008 ============================================================
21:57:49.0513 6008 Current date / time: 2012/03/28 21:57:49.0513
21:57:49.0513 6008 SystemInfo:
21:57:49.0513 6008
21:57:49.0513 6008 OS Version: 6.0.6002 ServicePack: 2.0
21:57:49.0513 6008 Product type: Workstation
21:57:49.0513 6008 ComputerName: OSMAN-PC
21:57:49.0514 6008 UserName: Osman
21:57:49.0514 6008 Windows directory: C:\Windows
21:57:49.0514 6008 System windows directory: C:\Windows
21:57:49.0514 6008 Processor architecture: Intel x86
21:57:49.0514 6008 Number of processors: 2
21:57:49.0514 6008 Page size: 0x1000
21:57:49.0514 6008 Boot type: Normal boot
21:57:49.0514 6008 ============================================================
21:57:50.0182 6008 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:57:50.0185 6008 \Device\Harddisk0\DR0:
21:57:50.0185 6008 MBR used
21:57:50.0185 6008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:57:50.0185 6008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
21:57:50.0185 6008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
21:57:50.0303 6008 Initialize success
21:57:50.0303 6008 ============================================================
21:57:52.0305 4900 ============================================================
21:57:52.0305 4900 Scan started
21:57:52.0305 4900 Mode: Manual;
21:57:52.0305 4900 ============================================================
21:57:52.0817 4900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:57:52.0821 4900 ACPI - ok
21:57:52.0948 4900 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:57:52.0948 4900 AdobeARMservice - ok
21:57:53.0025 4900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:57:53.0048 4900 adp94xx - ok
21:57:53.0136 4900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:57:53.0142 4900 adpahci - ok
21:57:53.0185 4900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:57:53.0188 4900 adpu160m - ok
21:57:53.0251 4900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:57:53.0255 4900 adpu320 - ok
21:57:53.0326 4900 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:57:53.0327 4900 AeLookupSvc - ok
21:57:53.0383 4900 Afc - ok
21:57:53.0490 4900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:57:53.0495 4900 AFD - ok
21:57:53.0589 4900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:57:53.0590 4900 agp440 - ok
21:57:53.0661 4900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:57:53.0663 4900 aic78xx - ok
21:57:53.0723 4900 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:57:53.0724 4900 ALG - ok
21:57:53.0770 4900 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:57:53.0771 4900 aliide - ok
21:57:53.0855 4900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:57:53.0856 4900 amdagp - ok
21:57:53.0920 4900 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:57:53.0921 4900 amdide - ok
21:57:53.0960 4900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:57:53.0961 4900 AmdK7 - ok
21:57:54.0009 4900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:57:54.0010 4900 AmdK8 - ok
21:57:54.0094 4900 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:57:54.0095 4900 Appinfo - ok
21:57:54.0237 4900 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:57:54.0238 4900 Apple Mobile Device - ok
21:57:54.0336 4900 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:57:54.0338 4900 arc - ok
21:57:54.0403 4900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:57:54.0405 4900 arcsas - ok
21:57:54.0497 4900 ASLDRService (5a055a4777cbbc8845dd598cb2eebf69) C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
21:57:54.0533 4900 ASLDRService - ok
21:57:54.0546 4900 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
21:57:54.0547 4900 ASMMAP - ok
21:57:54.0635 4900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:57:54.0636 4900 AsyncMac - ok
21:57:54.0682 4900 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
21:57:54.0683 4900 atapi - ok
21:57:54.0770 4900 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
21:57:54.0792 4900 athr - ok
21:57:54.0888 4900 ATKGFNEXSrv (0110d75b791b0758e6c81ca8cace31f8) C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
21:57:55.0092 4900 ATKGFNEXSrv - ok
21:57:55.0215 4900 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:57:55.0221 4900 AudioEndpointBuilder - ok
21:57:55.0230 4900 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:57:55.0232 4900 Audiosrv - ok
21:57:55.0286 4900 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:57:55.0287 4900 BcmSqlStartupSvc - ok
21:57:55.0362 4900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:57:55.0363 4900 Beep - ok
21:57:55.0465 4900 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:57:55.0472 4900 BFE - ok
21:57:55.0537 4900 bfukxldy - ok
21:57:55.0645 4900 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:57:55.0652 4900 BITS - ok
21:57:55.0716 4900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:57:55.0718 4900 blbdrive - ok
21:57:55.0841 4900 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
21:57:55.0844 4900 Bonjour Service - ok
21:57:55.0947 4900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:57:55.0949 4900 bowser - ok
21:57:56.0019 4900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:57:56.0020 4900 BrFiltLo - ok
21:57:56.0065 4900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:57:56.0066 4900 BrFiltUp - ok
21:57:56.0148 4900 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
21:57:56.0151 4900 Bridge - ok
21:57:56.0162 4900 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
21:57:56.0163 4900 BridgeMP - ok
21:57:56.0219 4900 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:57:56.0221 4900 Browser - ok
21:57:56.0308 4900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:57:56.0314 4900 Brserid - ok
21:57:56.0364 4900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:57:56.0366 4900 BrSerWdm - ok
21:57:56.0402 4900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:57:56.0402 4900 BrUsbMdm - ok
21:57:56.0450 4900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:57:56.0451 4900 BrUsbSer - ok
21:57:56.0493 4900 BT - ok
21:57:56.0622 4900 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:57:56.0623 4900 BthEnum - ok
21:57:56.0660 4900 BtHidBus - ok
21:57:56.0725 4900 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:57:56.0727 4900 BTHMODEM - ok
21:57:56.0788 4900 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:57:56.0790 4900 BthPan - ok
21:57:56.0864 4900 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:57:56.0886 4900 BTHPORT - ok
21:57:56.0984 4900 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
21:57:56.0986 4900 BthServ - ok
21:57:57.0039 4900 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:57:57.0041 4900 BTHUSB - ok
21:57:57.0141 4900 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
21:57:57.0142 4900 btnetBUs - ok
21:57:57.0201 4900 btwaudio (92a4bb1596ae126c6c2312c3fb82dcbc) C:\Windows\system32\drivers\btwaudio.sys
21:57:57.0203 4900 btwaudio - ok
21:57:57.0286 4900 btwavdt (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
21:57:57.0289 4900 btwavdt - ok
21:57:57.0393 4900 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:57:57.0394 4900 btwl2cap - ok
21:57:57.0457 4900 btwrchid (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
21:57:57.0458 4900 btwrchid - ok
21:57:57.0482 4900 catchme - ok
21:57:57.0537 4900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:57:57.0539 4900 cdfs - ok
21:57:57.0635 4900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:57:57.0637 4900 cdrom - ok
21:57:57.0742 4900 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:57:57.0743 4900 CertPropSvc - ok
21:57:57.0815 4900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:57:57.0816 4900 circlass - ok
21:57:57.0896 4900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:57:57.0900 4900 CLFS - ok
21:57:57.0990 4900 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:57:57.0992 4900 clr_optimization_v2.0.50727_32 - ok
21:57:58.0065 4900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:57:58.0066 4900 CmBatt - ok
21:57:58.0137 4900 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:57:58.0138 4900 cmdide - ok
21:57:58.0205 4900 CnxtHdAudService (9ee20b227083b6e8a0d1c61b2a122b0b) C:\Windows\system32\drivers\CHDRT32.sys
21:57:58.0210 4900 CnxtHdAudService - ok
21:57:58.0277 4900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:57:58.0278 4900 Compbatt - ok
21:57:58.0315 4900 COMSysApp - ok
21:57:58.0361 4900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:57:58.0362 4900 crcdisk - ok
21:57:58.0404 4900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:57:58.0406 4900 Crusoe - ok
21:57:58.0498 4900 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:57:58.0500 4900 CryptSvc - ok
21:57:58.0605 4900 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:57:58.0610 4900 DcomLaunch - ok
21:57:58.0704 4900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:57:58.0706 4900 DfsC - ok
21:57:58.0793 4900 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:57:58.0797 4900 Dhcp - ok
21:57:58.0899 4900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:57:58.0900 4900 disk - ok
21:57:58.0968 4900 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
21:57:58.0969 4900 DLABMFSM - ok
21:57:58.0996 4900 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
21:57:58.0998 4900 DLABOIOM - ok
21:57:59.0047 4900 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
21:57:59.0048 4900 DLACDBHM - ok
21:57:59.0079 4900 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
21:57:59.0080 4900 DLADResM - ok
21:57:59.0149 4900 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
21:57:59.0151 4900 DLAIFS_M - ok
21:57:59.0210 4900 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
21:57:59.0212 4900 DLAOPIOM - ok
21:57:59.0240 4900 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
21:57:59.0241 4900 DLAPoolM - ok
21:57:59.0285 4900 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
21:57:59.0286 4900 DLARTL_M - ok
21:57:59.0323 4900 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
21:57:59.0325 4900 DLAUDFAM - ok
21:57:59.0369 4900 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
21:57:59.0371 4900 DLAUDF_M - ok
21:57:59.0466 4900 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:57:59.0469 4900 Dnscache - ok
21:57:59.0538 4900 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:57:59.0542 4900 dot3svc - ok
21:57:59.0606 4900 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:57:59.0610 4900 DPS - ok
21:57:59.0706 4900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:57:59.0707 4900 drmkaud - ok
21:57:59.0771 4900 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
21:57:59.0773 4900 DRVMCDB - ok
21:57:59.0795 4900 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
21:57:59.0797 4900 DRVNDDM - ok
21:57:59.0881 4900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:57:59.0904 4900 DXGKrnl - ok
21:58:00.0011 4900 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:58:00.0016 4900 e1express - ok
21:58:00.0066 4900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:58:00.0069 4900 E1G60 - ok
21:58:00.0137 4900 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:58:00.0139 4900 EapHost - ok
21:58:00.0231 4900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:58:00.0234 4900 Ecache - ok
21:58:00.0311 4900 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:58:00.0312 4900 ElbyCDIO - ok
21:58:00.0388 4900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:58:00.0394 4900 elxstor - ok
21:58:00.0500 4900 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:58:00.0522 4900 EMDMgmt - ok
21:58:00.0607 4900 EPSON_PM_RPCV4_01 (3fcce2927e79a3f84aaae90250f3f8f2) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:58:00.0652 4900 EPSON_PM_RPCV4_01 - ok
21:58:00.0722 4900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:58:00.0723 4900 ErrDev - ok
21:58:00.0825 4900 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:58:00.0827 4900 EventSystem - ok
21:58:00.0930 4900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:58:00.0934 4900 exfat - ok
21:58:01.0013 4900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:58:01.0016 4900 fastfat - ok
21:58:01.0103 4900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:58:01.0104 4900 fdc - ok
21:58:01.0173 4900 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:58:01.0175 4900 fdPHost - ok
21:58:01.0200 4900 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:58:01.0202 4900 FDResPub - ok
21:58:01.0233 4900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:58:01.0235 4900 FileInfo - ok
21:58:01.0279 4900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:58:01.0280 4900 Filetrace - ok
21:58:01.0368 4900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:58:01.0369 4900 flpydisk - ok
21:58:01.0467 4900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:58:01.0471 4900 FltMgr - ok
21:58:01.0592 4900 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:58:01.0614 4900 FontCache - ok
21:58:01.0717 4900 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:58:01.0718 4900 FontCache3.0.0.0 - ok
21:58:01.0801 4900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:58:01.0802 4900 Fs_Rec - ok
21:58:01.0843 4900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:58:01.0845 4900 gagp30kx - ok
21:58:01.0918 4900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:58:01.0920 4900 GEARAspiWDM - ok
21:58:02.0033 4900 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:58:02.0034 4900 GoogleDesktopManager-051210-111108 - ok
21:58:02.0146 4900 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:58:02.0168 4900 gpsvc - ok
21:58:02.0234 4900 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:58:02.0235 4900 gusvc - ok
21:58:02.0304 4900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:58:02.0308 4900 HdAudAddService - ok
21:58:02.0403 4900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:02.0426 4900 HDAudBus - ok
21:58:02.0499 4900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:58:02.0500 4900 HidBth - ok
21:58:02.0549 4900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:58:02.0550 4900 HidIr - ok
21:58:02.0634 4900 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:58:02.0636 4900 hidserv - ok
21:58:02.0724 4900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:58:02.0724 4900 HidUsb - ok
21:58:02.0770 4900 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:58:02.0772 4900 hkmsvc - ok
21:58:02.0855 4900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:58:02.0857 4900 HpCISSs - ok
21:58:02.0950 4900 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
21:58:02.0951 4900 HPFXBULK - ok
21:58:03.0039 4900 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:58:03.0043 4900 HSFHWAZL - ok
21:58:03.0109 4900 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:58:03.0154 4900 HSF_DPV - ok
21:58:03.0214 4900 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:58:03.0219 4900 HSXHWAZL - ok
21:58:03.0287 4900 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:58:03.0299 4900 HTTP - ok
21:58:03.0385 4900 hwdatacard - ok
21:58:03.0489 4900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:58:03.0491 4900 i2omp - ok
21:58:03.0551 4900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:58:03.0552 4900 i8042prt - ok
21:58:03.0608 4900 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
21:58:03.0610 4900 iaStor - ok
21:58:03.0678 4900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:58:03.0683 4900 iaStorV - ok
21:58:03.0789 4900 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:58:03.0790 4900 IBMPMDRV - ok
21:58:03.0821 4900 IBMPMSVC (bb5cb196922c9f57598ae98c036de246) C:\Windows\system32\ibmpmsvc.exe
21:58:03.0822 4900 IBMPMSVC - ok
21:58:03.0903 4900 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\Windows\system32\Drivers\Icam4USB.sys
21:58:03.0907 4900 Icam4USB - ok
21:58:03.0997 4900 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
21:58:03.0998 4900 ICDUSB2 - ok
21:58:04.0106 4900 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:58:04.0108 4900 IDriverT - ok
21:58:04.0255 4900 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:58:04.0285 4900 idsvc - ok
21:58:04.0412 4900 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:58:04.0466 4900 igfx - ok
21:58:04.0522 4900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:58:04.0524 4900 iirsp - ok
21:58:04.0628 4900 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:58:04.0638 4900 IKEEXT - ok
21:58:04.0727 4900 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
21:58:04.0730 4900 IntcHdmiAddService - ok
21:58:04.0778 4900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:58:04.0780 4900 intelide - ok
21:58:04.0816 4900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:58:04.0817 4900 intelppm - ok
21:58:04.0862 4900 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:58:04.0865 4900 IPBusEnum - ok
21:58:04.0934 4900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:04.0935 4900 IpFilterDriver - ok
21:58:05.0032 4900 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:58:05.0037 4900 iphlpsvc - ok
21:58:05.0075 4900 IpInIp - ok
21:58:05.0130 4900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:58:05.0132 4900 IPMIDRV - ok
21:58:05.0168 4900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:58:05.0170 4900 IPNAT - ok
21:58:05.0278 4900 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
21:58:05.0284 4900 iPod Service - ok
21:58:05.0376 4900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:58:05.0377 4900 IRENUM - ok
21:58:05.0420 4900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:58:05.0421 4900 isapnp - ok
21:58:05.0501 4900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:58:05.0504 4900 iScsiPrt - ok
21:58:05.0545 4900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:58:05.0547 4900 iteatapi - ok
21:58:05.0585 4900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:58:05.0588 4900 iteraid - ok
21:58:05.0665 4900 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:58:05.0666 4900 IviRegMgr - ok
21:58:05.0753 4900 IvtBtBUs - ok
21:58:05.0812 4900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:05.0813 4900 kbdclass - ok
21:58:05.0894 4900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:05.0894 4900 kbdhid - ok
21:58:05.0957 4900 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:58:05.0959 4900 KeyIso - ok
21:58:06.0053 4900 kibegsvd - ok
21:58:06.0104 4900 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:58:06.0126 4900 KSecDD - ok
21:58:06.0196 4900 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:58:06.0204 4900 KtmRm - ok
21:58:06.0264 4900 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:58:06.0267 4900 LanmanServer - ok
21:58:06.0378 4900 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:58:06.0384 4900 LanmanWorkstation - ok
21:58:06.0477 4900 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
21:58:06.0478 4900 lenovo.smi - ok
21:58:06.0566 4900 LFKAS (2f21d22f994d6b40abfd9c7745a11e4e) C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
21:58:06.0623 4900 LFKAS - ok
21:58:06.0706 4900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:58:06.0708 4900 lltdio - ok
21:58:06.0761 4900 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:58:06.0766 4900 lltdsvc - ok
21:58:06.0797 4900 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:58:06.0800 4900 lmhosts - ok
21:58:06.0860 4900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:58:06.0862 4900 LSI_FC - ok
21:58:06.0920 4900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:58:06.0922 4900 LSI_SAS - ok
21:58:07.0018 4900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:58:07.0021 4900 LSI_SCSI - ok
21:58:07.0073 4900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:58:07.0075 4900 luafv - ok
21:58:07.0189 4900 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:58:07.0234 4900 LVPr2Mon - ok
21:58:07.0371 4900 LVPrcSrv (5c7b88695ce461d8bda4fe0c0e57e71d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:58:07.0372 4900 LVPrcSrv - ok
21:58:07.0440 4900 lziimslb - ok
21:58:07.0480 4900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:58:07.0481 4900 mdmxsdk - ok
21:58:07.0564 4900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:58:07.0565 4900 megasas - ok
21:58:07.0613 4900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:58:07.0620 4900 MegaSR - ok
21:58:07.0718 4900 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:58:07.0720 4900 Microsoft Office Groove Audit Service - ok
21:58:07.0803 4900 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:58:07.0806 4900 MMCSS - ok
21:58:07.0868 4900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:58:07.0869 4900 Modem - ok
21:58:07.0947 4900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:58:07.0948 4900 monitor - ok
21:58:07.0976 4900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:58:07.0978 4900 mouclass - ok
21:58:08.0024 4900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:58:08.0025 4900 mouhid - ok
21:58:08.0088 4900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:58:08.0090 4900 MountMgr - ok
21:58:08.0187 4900 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:58:08.0190 4900 MpFilter - ok
21:58:08.0255 4900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:58:08.0256 4900 mpio - ok
21:58:08.0358 4900 MpKsl790ce464 - ok
21:58:08.0467 4900 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:58:08.0468 4900 MpNWMon - ok
21:58:08.0525 4900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:58:08.0527 4900 mpsdrv - ok
21:58:08.0617 4900 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:58:08.0639 4900 MpsSvc - ok
21:58:08.0733 4900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:58:08.0734 4900 Mraid35x - ok
21:58:08.0817 4900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:58:08.0821 4900 MRxDAV - ok
21:58:08.0869 4900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:08.0872 4900 mrxsmb - ok
21:58:08.0942 4900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:08.0947 4900 mrxsmb10 - ok
21:58:09.0022 4900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:09.0025 4900 mrxsmb20 - ok
21:58:09.0097 4900 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:58:09.0098 4900 msahci - ok
21:58:09.0150 4900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:58:09.0151 4900 msdsm - ok
21:58:09.0214 4900 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:58:09.0217 4900 MSDTC - ok
21:58:09.0262 4900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:58:09.0263 4900 Msfs - ok
21:58:09.0345 4900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:58:09.0346 4900 msisadrv - ok
21:58:09.0398 4900 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:58:09.0401 4900 MSiSCSI - ok
21:58:09.0428 4900 msiserver - ok
21:58:09.0493 4900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:58:09.0494 4900 MSKSSRV - ok
21:58:09.0592 4900 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:58:09.0593 4900 MsMpSvc - ok
21:58:09.0689 4900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:09.0690 4900 MSPCLOCK - ok
21:58:09.0730 4900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:58:09.0731 4900 MSPQM - ok
21:58:09.0821 4900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:58:09.0826 4900 MsRPC - ok
21:58:09.0864 4900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:58:09.0865 4900 mssmbios - ok
21:58:09.0948 4900 MSSQL$MSSMLBIZ - ok
21:58:10.0002 4900 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:58:10.0003 4900 MSSQLServerADHelper - ok
21:58:10.0112 4900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:58:10.0113 4900 MSTEE - ok
21:58:10.0164 4900 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
21:58:10.0165 4900 MTsensor - ok
21:58:10.0216 4900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:58:10.0218 4900 Mup - ok
21:58:10.0325 4900 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:58:10.0333 4900 napagent - ok
21:58:10.0461 4900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:58:10.0465 4900 NativeWifiP - ok
21:58:10.0527 4900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:58:10.0531 4900 NDIS - ok
21:58:10.0580 4900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:10.0581 4900 NdisTapi - ok
21:58:10.0618 4900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:10.0619 4900 Ndisuio - ok
21:58:10.0742 4900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:10.0745 4900 NdisWan - ok
21:58:10.0778 4900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:58:10.0780 4900 NDProxy - ok
21:58:10.0855 4900 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll
21:58:10.0856 4900 Net Driver HPZ12 - ok
21:58:10.0910 4900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:58:10.0912 4900 NetBIOS - ok
21:58:11.0037 4900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:58:11.0040 4900 netbt - ok
21:58:11.0102 4900 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:58:11.0104 4900 Netlogon - ok
21:58:11.0158 4900 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:58:11.0165 4900 Netman - ok
21:58:11.0213 4900 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:58:11.0219 4900 netprofm - ok
21:58:11.0315 4900 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:11.0319 4900 NetTcpPortSharing - ok
21:58:11.0406 4900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:58:11.0408 4900 nfrd960 - ok
21:58:11.0470 4900 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:58:11.0471 4900 NisDrv - ok
21:58:11.0558 4900 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:58:11.0562 4900 NisSrv - ok
21:58:11.0640 4900 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:58:11.0645 4900 NlaSvc - ok
21:58:11.0709 4900 nmwcdnsu - ok
21:58:11.0741 4900 nmwcdnsuc - ok
21:58:11.0816 4900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:58:11.0821 4900 Npfs - ok
21:58:11.0859 4900 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:58:11.0862 4900 nsi - ok
21:58:11.0933 4900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:58:11.0934 4900 nsiproxy - ok
21:58:12.0046 4900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:58:12.0054 4900 Ntfs - ok
21:58:12.0098 4900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:58:12.0099 4900 ntrigdigi - ok
21:58:12.0132 4900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:58:12.0133 4900 Null - ok
21:58:12.0177 4900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:58:12.0179 4900 nvraid - ok
21:58:12.0261 4900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:58:12.0263 4900 nvstor - ok
21:58:12.0311 4900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:58:12.0313 4900 nv_agp - ok
21:58:12.0352 4900 NwlnkFlt - ok
21:58:12.0387 4900 NwlnkFwd - ok
21:58:12.0481 4900 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:58:12.0492 4900 odserv - ok
21:58:12.0623 4900 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:58:12.0624 4900 ohci1394 - ok
21:58:12.0669 4900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:12.0672 4900 ose - ok
21:58:12.0766 4900 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:58:12.0789 4900 p2pimsvc - ok
21:58:12.0810 4900 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:58:12.0817 4900 p2psvc - ok
21:58:12.0888 4900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:58:12.0892 4900 Parport - ok
21:58:13.0003 4900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:58:13.0004 4900 partmgr - ok
21:58:13.0044 4900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:58:13.0045 4900 Parvdm - ok
21:58:13.0086 4900 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:58:13.0089 4900 PcaSvc - ok
21:58:13.0140 4900 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:58:13.0141 4900 pccsmcfd - ok
21:58:13.0199 4900 PcdrNdisuio - ok
21:58:13.0273 4900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:58:13.0276 4900 pci - ok
21:58:13.0355 4900 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:58:13.0356 4900 pciide - ok
21:58:13.0427 4900 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
21:58:13.0431 4900 pcmcia - ok
21:58:13.0523 4900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:58:13.0545 4900 PEAUTH - ok
21:58:13.0725 4900 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
21:58:13.0791 4900 PID_PEPI - ok
21:58:13.0819 4900 pktcnlmk - ok
21:58:13.0892 4900 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:58:13.0935 4900 pla - ok
21:58:14.0017 4900 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:58:14.0024 4900 PlugPlay - ok
21:58:14.0140 4900 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll
21:58:14.0142 4900 Pml Driver HPZ12 - ok
21:58:14.0244 4900 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:58:14.0250 4900 PNRPAutoReg - ok
21:58:14.0277 4900 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:58:14.0284 4900 PNRPsvc - ok
21:58:14.0329 4900 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:58:14.0337 4900 PolicyAgent - ok
21:58:14.0464 4900 Power Manager DBC Service (2804e582753985e6def08ff5b0b2c82e) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:58:14.0465 4900 Power Manager DBC Service - ok
21:58:14.0566 4900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:58:14.0568 4900 PptpMiniport - ok
21:58:14.0617 4900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:58:14.0619 4900 Processor - ok
21:58:14.0702 4900 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:58:14.0707 4900 ProfSvc - ok
21:58:14.0770 4900 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:58:14.0772 4900 ProtectedStorage - ok
21:58:14.0878 4900 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
21:58:14.0880 4900 psadd - ok
21:58:14.0959 4900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:58:14.0961 4900 PSched - ok
21:58:14.0999 4900 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
21:58:15.0001 4900 PxHelp20 - ok
21:58:15.0030 4900 qgiuznzz - ok
21:58:15.0111 4900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:58:15.0146 4900 ql2300 - ok
21:58:15.0241 4900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:58:15.0244 4900 ql40xx - ok
21:58:15.0305 4900 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:58:15.0312 4900 QWAVE - ok
21:58:15.0361 4900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:58:15.0363 4900 QWAVEdrv - ok
21:58:15.0410 4900 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
21:58:15.0413 4900 RapiMgr - ok
21:58:15.0512 4900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:58:15.0513 4900 RasAcd - ok
21:58:15.0552 4900 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:58:15.0556 4900 RasAuto - ok
21:58:15.0611 4900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:15.0613 4900 Rasl2tp - ok
21:58:15.0715 4900 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:58:15.0723 4900 RasMan - ok
21:58:15.0852 4900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:15.0853 4900 RasPppoe - ok
21:58:15.0927 4900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:58:15.0929 4900 RasSstp - ok
21:58:16.0003 4900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:58:16.0008 4900 rdbss - ok
21:58:16.0045 4900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:16.0046 4900 RDPCDD - ok
21:58:16.0094 4900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:58:16.0099 4900 rdpdr - ok
21:58:16.0178 4900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:58:16.0180 4900 RDPENCDD - ok
21:58:16.0259 4900 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:58:16.0347 4900 RDPWD - ok
21:58:16.0418 4900 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:58:16.0422 4900 RemoteAccess - ok
21:58:16.0530 4900 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:58:16.0532 4900 RemoteRegistry - ok
21:58:16.0631 4900 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:58:16.0635 4900 RFCOMM - ok
21:58:16.0705 4900 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:58:16.0708 4900 rimmptsk - ok
21:58:16.0743 4900 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:58:16.0745 4900 rimsptsk - ok
21:58:16.0789 4900 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:58:16.0790 4900 rismxdp - ok
21:58:16.0872 4900 Roxio UPnP Renderer 10 (ada991d7a02130fa78413281a134330b) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
21:58:16.0878 4900 Roxio UPnP Renderer 10 - ok
21:58:16.0917 4900 Roxio Upnp Server 10 (11f07111105072f81c03a437423e88ee) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
21:58:16.0924 4900 Roxio Upnp Server 10 - ok
21:58:17.0028 4900 RoxLiveShare10 (7c334636b539fbfa65bd3b6da75b9d30) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
21:58:17.0034 4900 RoxLiveShare10 - ok
21:58:17.0083 4900 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:58:17.0116 4900 RoxMediaDB10 - ok
21:58:17.0158 4900 RoxWatch10 (640e33efb13278bedd3699dfa88185e5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
21:58:17.0162 4900 RoxWatch10 - ok
21:58:17.0236 4900 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:58:17.0238 4900 RpcLocator - ok
21:58:17.0321 4900 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:58:17.0328 4900 RpcSs - ok
21:58:17.0404 4900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:58:17.0405 4900 rspndr - ok
21:58:17.0584 4900 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:58:17.0598 4900 RTL8169 - ok
21:58:17.0653 4900 rwxbigfl - ok
21:58:17.0748 4900 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:58:17.0750 4900 SamSs - ok
21:58:17.0824 4900 SASDIFSV - ok
21:58:17.0840 4900 SASKUTIL - ok
21:58:17.0926 4900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:58:17.0932 4900 sbp2port - ok
21:58:18.0059 4900 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:58:18.0063 4900 SCardSvr - ok
21:58:18.0129 4900 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:58:18.0136 4900 Schedule - ok
21:58:18.0212 4900 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:58:18.0213 4900 SCPolicySvc - ok
21:58:18.0331 4900 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:58:18.0333 4900 sdbus - ok
21:58:18.0397 4900 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:58:18.0402 4900 SDRSVC - ok
21:58:18.0438 4900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:58:18.0439 4900 secdrv - ok
21:58:18.0479 4900 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:58:18.0482 4900 seclogon - ok
21:58:18.0511 4900 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:58:18.0515 4900 SENS - ok
21:58:18.0574 4900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:58:18.0575 4900 Serenum - ok
21:58:18.0642 4900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:58:18.0662 4900 Serial - ok
21:58:18.0720 4900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:58:18.0722 4900 sermouse - ok
21:58:18.0814 4900 ServiceLayer (58d5bfdf3adf49fe9cabd78cc61d92f6) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:58:18.0973 4900 ServiceLayer - ok
21:58:19.0033 4900 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:58:19.0037 4900 SessionEnv - ok
21:58:19.0059 4900 SessionLauncher - ok
21:58:19.0137 4900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:58:19.0138 4900 sffdisk - ok
21:58:19.0176 4900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:58:19.0177 4900 sffp_mmc - ok
21:58:19.0256 4900 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:58:19.0257 4900 sffp_sd - ok
21:58:19.0317 4900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:58:19.0318 4900 sfloppy - ok
21:58:19.0384 4900 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:58:19.0390 4900 SharedAccess - ok
21:58:19.0483 4900 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:58:19.0487 4900 ShellHWDetection - ok
21:58:19.0547 4900 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
21:58:19.0550 4900 Shockprf - ok
21:58:19.0605 4900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:58:19.0607 4900 sisagp - ok
21:58:19.0657 4900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:58:19.0659 4900 SiSRaid2 - ok
21:58:19.0715 4900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:58:19.0718 4900 SiSRaid4 - ok
21:58:19.0803 4900 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:58:19.0804 4900 SkypeUpdate - ok
21:58:19.0963 4900 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:58:20.0041 4900 slsvc - ok
21:58:20.0114 4900 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:58:20.0118 4900 SLUINotify - ok
21:58:20.0199 4900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:58:20.0201 4900 Smb - ok
21:58:20.0248 4900 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:58:20.0252 4900 SNMPTRAP - ok
21:58:20.0298 4900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:58:20.0300 4900 spldr - ok
21:58:20.0388 4900 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:58:20.0391 4900 Spooler - ok
21:58:20.0481 4900 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:58:20.0483 4900 SQLBrowser - ok
21:58:20.0531 4900 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:58:20.0532 4900 SQLWriter - ok
21:58:20.0637 4900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:58:20.0643 4900 srv - ok
21:58:20.0699 4900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:58:20.0702 4900 srv2 - ok
21:58:20.0749 4900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:58:20.0752 4900 srvnet - ok
21:58:20.0795 4900 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:58:20.0798 4900 SSDPSRV - ok
21:58:20.0857 4900 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:58:20.0861 4900 SstpSvc - ok
21:58:20.0922 4900 StarOpen - ok
21:58:21.0013 4900 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:58:21.0019 4900 stisvc - ok
21:58:21.0080 4900 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:58:21.0120 4900 stllssvr - ok
21:58:21.0187 4900 SUService (b384a999c5326ba7bc940347a26fc0b9) C:\Program Files\Lenovo\System Update\SUService.exe
21:58:21.0202 4900 SUService - ok
21:58:21.0304 4900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:58:21.0305 4900 swenum - ok
21:58:21.0391 4900 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:58:21.0399 4900 swprv - ok
21:58:21.0460 4900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:58:21.0462 4900 Symc8xx - ok
21:58:21.0509 4900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:58:21.0510 4900 Sym_hi - ok
21:58:21.0599 4900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:58:21.0601 4900 Sym_u3 - ok
21:58:21.0700 4900 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
21:58:21.0705 4900 SynTP - ok
21:58:21.0791 4900 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:58:21.0813 4900 SysMain - ok
21:58:21.0863 4900 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:58:21.0867 4900 TabletInputService - ok
21:58:21.0962 4900 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:58:21.0966 4900 TapiSrv - ok
21:58:22.0011 4900 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:58:22.0015 4900 TBS - ok
21:58:22.0127 4900 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:58:22.0133 4900 Tcpip - ok
21:58:22.0206 4900 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:58:22.0211 4900 Tcpip6 - ok
21:58:22.0303 4900 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:58:22.0305 4900 tcpipreg - ok
21:58:22.0351 4900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:58:22.0352 4900 TDPIPE - ok
21:58:22.0415 4900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:58:22.0417 4900 TDTCP - ok
21:58:22.0498 4900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:58:22.0499 4900 tdx - ok
21:58:22.0586 4900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:58:22.0587 4900 TermDD - ok
21:58:22.0673 4900 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:58:22.0678 4900 TermService - ok
21:58:22.0739 4900 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:58:22.0742 4900 Themes - ok
21:58:22.0824 4900 ThinkVantage Registry Monitor Service (eb90a37aabaefd7b4f4f92befea8c2e2) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:58:22.0829 4900 ThinkVantage Registry Monitor Service - ok
21:58:22.0873 4900 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:58:22.0874 4900 THREADORDER - ok
21:58:22.0953 4900 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
21:58:22.0954 4900 TPDIGIMN - ok
21:58:22.0999 4900 TPHDEXLGSVC (51b679f627a43a25ef9444ad23bbff9a) C:\Windows\system32\TPHDEXLG.exe
21:58:23.0002 4900 TPHDEXLGSVC - ok
21:58:23.0072 4900 TPHKSVC (b4e3143eb1acd62efd6537a41c920c6c) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:58:23.0073 4900 TPHKSVC - ok
21:58:23.0118 4900 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
21:58:23.0119 4900 TPM - ok
21:58:23.0262 4900 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
21:58:23.0263 4900 TPPWRIF - ok
21:58:23.0317 4900 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:58:23.0321 4900 TrkWks - ok
21:58:23.0388 4900 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:58:23.0390 4900 TrustedInstaller - ok
21:58:23.0447 4900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:58:23.0448 4900 tssecsrv - ok
21:58:23.0522 4900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:58:23.0524 4900 tunmp - ok
21:58:23.0621 4900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:58:23.0622 4900 tunnel - ok
21:58:23.0690 4900 TVicPort (3147063508eae931becc01573c204fac) C:\Windows\system32\DRIVERS\TVICPORT.SYS
21:58:23.0708 4900 TVicPort - ok
21:58:23.0813 4900 TVT Backup Protection Service (1a9f115d6f82fc0753d06599e42b2295) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
21:58:23.0925 4900 TVT Backup Protection Service - ok
21:58:24.0001 4900 TVT Backup Service (43ffbb6af7245c97865ada74b8ceecf9) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:58:24.0103 4900 TVT Backup Service - ok
21:58:24.0201 4900 TVT Scheduler (58bc366538a8a1f252d2750c1f5193b6) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:58:25.0074 4900 TVT Scheduler - ok
21:58:25.0175 4900 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
21:58:25.0176 4900 tvtfilter - ok
21:58:25.0237 4900 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
21:58:25.0239 4900 tvtumon - ok
21:58:25.0310 4900 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
21:58:25.0317 4900 TVT_UpdateMonitor - ok
21:58:25.0381 4900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:58:25.0383 4900 uagp35 - ok
21:58:25.0508 4900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:58:25.0510 4900 udfs - ok
21:58:25.0564 4900 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:58:25.0568 4900 UI0Detect - ok
21:58:25.0603 4900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:58:25.0605 4900 uliagpkx - ok
21:58:25.0656 4900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:58:25.0661 4900 uliahci - ok
21:58:25.0717 4900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:58:25.0719 4900 UlSata - ok
21:58:25.0795 4900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:58:25.0798 4900 ulsata2 - ok
21:58:25.0834 4900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:58:25.0835 4900 umbus - ok
21:58:25.0899 4900 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:58:25.0903 4900 upnphost - ok
21:58:25.0966 4900 upperdev - ok
21:58:26.0100 4900 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
21:58:26.0101 4900 USBAAPL - ok
21:58:26.0196 4900 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:58:26.0200 4900 usbaudio - ok
21:58:26.0283 4900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:58:26.0286 4900 usbccgp - ok
21:58:26.0338 4900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:58:26.0341 4900 usbcir - ok
21:58:26.0418 4900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:58:26.0419 4900 usbehci - ok
21:58:26.0492 4900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:58:26.0496 4900 usbhub - ok
21:58:26.0540 4900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:58:26.0542 4900 usbohci - ok
21:58:26.0625 4900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:58:26.0626 4900 usbprint - ok
21:58:26.0734 4900 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:58:26.0735 4900 usbscan - ok
21:58:26.0821 4900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:58:26.0824 4900 USBSTOR - ok
21:58:26.0859 4900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:58:26.0861 4900 usbuhci - ok
21:58:26.0953 4900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:58:26.0956 4900 usbvideo - ok
21:58:27.0039 4900 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
21:58:27.0040 4900 usb_rndisx - ok
21:58:27.0127 4900 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:58:27.0130 4900 UxSms - ok
21:58:27.0178 4900 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
21:58:27.0180 4900 VClone - ok
21:58:27.0222 4900 VComm - ok
21:58:27.0266 4900 VcommMgr - ok
21:58:27.0376 4900 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:58:27.0398 4900 vds - ok
21:58:27.0466 4900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:58:27.0468 4900 vga - ok
21:58:27.0506 4900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:58:27.0507 4900 VgaSave - ok
21:58:27.0553 4900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:58:27.0555 4900 viaagp - ok
21:58:27.0625 4900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:58:27.0627 4900 ViaC7 - ok
21:58:27.0668 4900 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:58:27.0669 4900 viaide - ok
21:58:27.0731 4900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:58:27.0733 4900 volmgr - ok
21:58:27.0822 4900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:58:27.0829 4900 volmgrx - ok
21:58:27.0936 4900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:58:27.0941 4900 volsnap - ok
21:58:28.0009 4900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:58:28.0012 4900 vsmraid - ok
21:58:28.0116 4900 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:58:28.0150 4900 VSS - ok
21:58:28.0232 4900 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:58:28.0236 4900 W32Time - ok
21:58:28.0304 4900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:58:28.0305 4900 WacomPen - ok
21:58:28.0360 4900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:58:28.0361 4900 Wanarp - ok
21:58:28.0366 4900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:58:28.0367 4900 Wanarpv6 - ok
21:58:28.0418 4900 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
21:58:28.0423 4900 WcesComm - ok
21:58:28.0532 4900 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:58:28.0548 4900 wcncsvc - ok
21:58:28.0598 4900 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:58:28.0602 4900 WcsPlugInService - ok
21:58:28.0673 4900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:58:28.0675 4900 Wd - ok
21:58:28.0774 4900 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:58:28.0783 4900 Wdf01000 - ok
21:58:28.0815 4900 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:58:28.0820 4900 WdiServiceHost - ok
21:58:28.0826 4900 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:58:28.0830 4900 WdiSystemHost - ok
21:58:28.0911 4900 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:58:28.0918 4900 WebClient - ok
21:58:28.0990 4900 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:58:28.0994 4900 Wecsvc - ok
21:58:29.0052 4900 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:58:29.0056 4900 wercplsupport - ok
21:58:29.0130 4900 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:58:29.0135 4900 WerSvc - ok
21:58:29.0203 4900 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
21:58:29.0205 4900 WimFltr - ok
21:58:29.0277 4900 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:58:29.0299 4900 winachsf - ok
21:58:29.0405 4900 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:58:29.0411 4900 WinDefend - ok
21:58:29.0417 4900 WinHttpAutoProxySvc - ok
21:58:29.0573 4900 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:58:29.0579 4900 Winmgmt - ok
21:58:29.0684 4900 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:58:29.0718 4900 WinRM - ok
21:58:29.0816 4900 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
21:58:29.0818 4900 winusb - ok
21:58:29.0936 4900 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:58:29.0958 4900 Wlansvc - ok
21:58:30.0086 4900 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:58:30.0098 4900 wlidsvc - ok
21:58:30.0157 4900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:58:30.0158 4900 WmiAcpi - ok
21:58:30.0294 4900 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:58:30.0296 4900 wmiApSrv - ok
21:58:30.0392 4900 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:58:30.0415 4900 WMPNetworkSvc - ok
21:58:30.0450 4900 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:58:30.0456 4900 WPCSvc - ok
21:58:30.0559 4900 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:58:30.0564 4900 WPDBusEnum - ok
21:58:30.0681 4900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:58:30.0683 4900 WpdUsb - ok
21:58:30.0730 4900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:58:30.0732 4900 ws2ifsl - ok
21:58:30.0820 4900 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:58:30.0824 4900 wscsvc - ok
21:58:30.0877 4900 WSearch - ok
21:58:30.0911 4900 wsfagjiu - ok
21:58:31.0030 4900 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:58:31.0086 4900 wuauserv - ok
21:58:31.0143 4900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:58:31.0146 4900 WUDFRd - ok
21:58:31.0210 4900 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:58:31.0215 4900 wudfsvc - ok
21:58:31.0299 4900 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:58:31.0301 4900 XAudio - ok
21:58:31.0345 4900 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
21:58:31.0349 4900 XAudioService - ok
21:58:31.0378 4900 xitpqqnd - ok
21:58:31.0414 4900 xksvwehz - ok
21:58:31.0467 4900 ztemtusbser - ok
21:58:31.0547 4900 MBR (0x1B8) (1d4371c2050c018c628c61dce8f7c590) \Device\Harddisk0\DR0
21:58:31.0578 4900 \Device\Harddisk0\DR0 - ok
21:58:31.0606 4900 Boot (0x1200) (c9be1810e48327396ac7884e90a3d9a4) \Device\Harddisk0\DR0\Partition0
21:58:31.0608 4900 \Device\Harddisk0\DR0\Partition0 - ok
21:58:31.0628 4900 Boot (0x1200) (0f0bf31ffc447333f08051a29c7c25c2) \Device\Harddisk0\DR0\Partition1
21:58:31.0629 4900 \Device\Harddisk0\DR0\Partition1 - ok
21:58:31.0655 4900 Boot (0x1200) (6a2d02647ec8a11de93892d163316a50) \Device\Harddisk0\DR0\Partition2
21:58:31.0657 4900 \Device\Harddisk0\DR0\Partition2 - ok
21:58:31.0657 4900 ============================================================
21:58:31.0657 4900 Scan finished
21:58:31.0657 4900 ============================================================
21:58:31.0672 3672 Detected object count: 0
21:58:31.0672 3672 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 22:00:23
-----------------------------
22:00:23.417 OS Version: Windows 6.0.6002 Service Pack 2
22:00:23.418 Number of processors: 2 586 0xF0D
22:00:23.419 ComputerName: OSMAN-PC UserName: Osman
22:00:25.165 Initialize success
22:13:20.603 AVAST engine defs: 12032802
22:16:34.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:16:34.263 Disk 0 Vendor: FUJITSU_ 0084 Size: 152627MB BusType: 3
22:16:34.278 Disk 0 MBR read successfully
22:16:34.281 Disk 0 MBR scan
22:16:34.286 Disk 0 unknown MBR code
22:16:34.292 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
22:16:34.347 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141124 MB offset 3074048
22:16:34.386 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048
22:16:34.405 Disk 0 scanning sectors +312578048
22:16:34.471 Disk 0 scanning C:\Windows\system32\drivers
22:17:02.238 Service scanning
22:17:21.235 Service MpKslcffad583 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCB88265-04D6-4C29-B322-231F2672893F}\MpKslcffad583.sys **LOCKED** 32
22:17:21.661 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:17:53.094 Modules scanning
22:18:00.923 Disk 0 trace - called modules:
22:18:00.947 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
22:18:00.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8701f228]
22:18:00.958 3 CLASSPNP.SYS[8b1cf8b3] -> nt!IofCallDriver -> [0x85cff728]
22:18:00.964 5 acpi.sys[8068e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d40028]
22:18:02.012 AVAST engine scan C:\Windows
22:18:12.978 AVAST engine scan C:\Windows\system32
22:23:25.393 AVAST engine scan C:\Windows\system32\drivers
22:23:57.473 AVAST engine scan C:\Users\Osman
22:45:37.744 AVAST engine scan C:\ProgramData
22:49:37.363 Scan finished successfully

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 10:19 PM

Hello


you can rehide the files this way - http://pcsupport.about.com/od/windowsvista/ht/hide-hidden-files-vista.htm


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6394A16B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCCB8240-DCE2-E75D-AC14FD41A6B697E0}\{CCBBBFAF-D782-4243-9A223EC5C9E9D74B}\{381F6F0A-6948-72AB-150979187EC28E60}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 adrian77

adrian77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 28 March 2012 - 10:48 PM

Hi,

I fixed the hidden files issue, thanks for that. The extra ads on websites are still around though. I really appreciate your patience on this with me. Below is the combofix log:

ComboFix 12-03-26.02 - Osman 28/03/2012 23:23:13.5.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1610 [GMT -4:00]
Running from: c:\users\Osman\Documents\Desktop\ComboFix.exe
Command switches used :: c:\users\Osman\Documents\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 03:28 . 2012-03-29 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 02:21 . 2012-03-29 02:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCB88265-04D6-4C29-B322-231F2672893F}\offreg.dll
2012-03-29 02:00 . 2012-03-29 02:00 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCB88265-04D6-4C29-B322-231F2672893F}\MpKslcffad583.sys
2012-03-28 22:36 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCB88265-04D6-4C29-B322-231F2672893F}\mpengine.dll
2012-03-28 22:19 . 2012-03-29 03:28 -------- d-----w- c:\users\Osman\AppData\Local\temp
2012-03-27 02:21 . 2012-03-27 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 04:11 . 2012-03-24 04:11 -------- d-----w- c:\programdata\Premium
2012-03-24 04:11 . 2012-03-24 04:11 -------- d-----w- c:\programdata\InstallMate
2012-03-18 13:21 . 2012-03-18 13:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 13:21 . 2012-03-18 13:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 01:45 . 2012-03-16 01:45 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 16:54 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:54 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 16:54 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 16:54 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:54 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 16:54 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 11:06 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:06 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-02 03:05 . 2012-03-02 03:05 -------- d-----w- c:\program files\Refworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-04-07 15:01 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 16:14 . 2011-05-17 00:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 15:48 . 2011-06-02 21:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 21:32 . 2012-02-10 21:32 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EB8785E-6085-47EC-BCCF-97F35C2B55CC}\gapaengine.dll
2012-01-31 12:44 . 2009-10-04 05:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-03-18 13:21 . 2011-05-09 19:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-25 03:20 . 2009-11-09 03:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Akamai NetSession Interface"="c:\users\Osman\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-31 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 145944]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1105920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2599493611-1266133161-1204128436-1003]
"EnableNotificationsRef"=dword:00000002
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10178994
*NewlyCreated* - MPKSLCFFAD583
*Deregistered* - 10178994
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599493611-1266133161-1204128436-1003Core.job
- c:\users\Osman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:26]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599493611-1266133161-1204128436-1003UA.job
- c:\users\Osman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Osman\AppData\Roaming\Mozilla\Firefox\Profiles\idic7jkd.default\

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 23:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ř*‘%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§*]%i%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§*]%i%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ±**]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ±**\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%E*µ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%E*µ*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%¤**]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%¤**\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“%˝*ő*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2599493611-1266133161-1204128436-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*“%˝*ő*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-28 23:30:45
ComboFix-quarantined-files.txt 2012-03-29 03:30
ComboFix2.txt 2012-03-28 22:36
ComboFix3.txt 2012-03-27 03:52
.
Pre-Run: 9,888,591,872 bytes free
Post-Run: 9,966,223,360 bytes free
.
- - End Of File - - 0D3F7D4582F50C6D15E16497C21E6E12

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 PM

Posted 28 March 2012 - 11:04 PM

Hello

which browser or browsers does this happen in?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users