Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili.com redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 Xtil

Xtil

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 March 2012 - 01:12 PM

Random redirects to Happili and other sites. I tried some clean up on my own but ready to see if there is anything I missed.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:57 PM

Posted 28 March 2012 - 02:09 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 March 2012 - 03:07 PM

Here is the log and I am still getting the happili redirects.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by brar at 15:02:42 on 2012-03-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6627 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\FOG\FOGService.exe
C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Logitech\H760\H760.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Logitech H760] C:\Program Files (x86)\Logitech\H760\H760.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\brar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\H760\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Click to &Dial - file:///C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Context.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: boydbros.com\bbt-bit9.boydimage
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.5
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF} : DhcpNameServer = 192.168.1.5
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF}\14E64627F69646455647865627 : DhcpNameServer = 172.20.21.254
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF}\262647F57657563747 : DhcpNameServer = 192.168.1.5
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF}\65562796A7F6E602D494649443531303C4025454135402355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF}\A656375737 : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{406A53D0-CB41-4C4F-8977-D6473C1598CF}\D696E6563627166647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F17C6DD3-1E6D-448A-91E7-7AB5537375CF} : DhcpNameServer = 192.168.1.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: AvayaIEHlprObj Class: {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Logitech H760] C:\Program Files (x86)\Logitech\H760\H760.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brar\AppData\Roaming\Mozilla\Firefox\Profiles\xy5rbwli.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.boydbros.com/cgi/CD01.PGM|https://footprints.pruittcom.com/MRcgi/MRhomepage.pl?USER=rbranton&PROJECTID=2&MRP=A9HPkYo&OPTION=none&WRITECACHE=1&FIRST_TIME_IN_FP=1&FIRST_TIME_IN_PROJ=1&|https://solarwinds.pruittcom.com/Orion/Login.aspx?ReturnUrl=%2fOrion%2fSummaryView.aspx|https://10.94.1.67:3780/login.html|https://cp.appriver.com/Login.aspx?ReturnUrl=%2fAdmin%2fUsers.aspx|https://10.94.1.58:9443/mng/login/pages/loginPage.jsf|http://192.168.1.119/fog/management/|http://bbt-cl1-spice:9675/dashboard
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\brar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-13 913752]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-21 89600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 Fog Service;Fog Service;C:\Program Files (x86)\FOG\FOGService.exe [2011-6-15 10752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-23 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-10-21 8192]
R2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-21 2656536]
R2 uvnc_service;uvnc_service;C:\Program Files (x86)\UltraVNC\winvnc.exe [2011-12-6 2016504]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\DRIVERS\O2MDRw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
RUnknown DwProt;DwProt; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NUServer64;Network USB Server Device ;C:\Windows\system32\DRIVERS\NUServer64.sys --> C:\Windows\system32\DRIVERS\NUServer64.sys [?]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\drivers\O2MDFw7x64.sys --> C:\Windows\system32\drivers\O2MDFw7x64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-28 19:40:09 -------- d-----w- C:\Users\brar\DoctorWeb
2012-03-28 18:49:14 -------- d-----w- C:\Program Files\iTunes
2012-03-28 18:49:14 -------- d-----w- C:\Program Files\iPod
2012-03-28 18:49:14 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-28 16:12:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-28 11:59:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06915A44-24FA-429C-9452-43ED00BC8B23}\offreg.dll
2012-03-27 19:42:14 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-27 19:37:41 53248 ----a-w- C:\Windows\System32\zlib.dll
2012-03-27 19:23:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-27 19:12:48 53248 ----a-w- C:\Windows\SysWow64\zlib.dll
2012-03-27 17:51:58 -------- d-----w- C:\Users\brar\AppData\Local\Microsoft Games
2012-03-26 19:16:06 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2012-03-26 15:17:40 -------- d-----w- C:\Users\brar\AppData\Local\http___www.julien-manici
2012-03-26 14:31:10 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-23 12:44:41 -------- d-----w- C:\Users\brar\AppData\Local\Downloaded Installations
2012-03-22 18:36:20 -------- d-----w- C:\Users\brar\AppData\Local\MCEdit-64bit
2012-03-21 16:19:02 -------- d-----w- C:\Users\brar\AppData\Local\{B2E97903-7371-11E1-826D-B8AC6F996F26}
2012-03-19 18:27:07 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:27:07 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 18:05:04 -------- d-----w- C:\Users\brar\AppData\Roaming\USB Server
2012-03-16 17:43:47 -------- d-----w- C:\Program Files (x86)\USB Server 2
2012-03-16 17:42:12 -------- d-----w- C:\Program Files (x86)\IPUSB2HD2 Driver
2012-03-15 20:31:57 -------- d-----w- C:\Users\brar\AppData\Local\assembly
2012-03-15 20:19:24 -------- d-----w- C:\Users\brar\AppData\Roaming\Avaya
2012-03-15 20:18:18 -------- d-----w- C:\Program Files (x86)\Avaya
2012-03-15 19:13:18 -------- d-----w- C:\Program Files (x86)\Dokan
2012-03-15 18:39:25 -------- d-----w- C:\Program Files (x86)\Wot_Tank_Viewer
2012-03-13 10:46:17 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06915A44-24FA-429C-9452-43ED00BC8B23}\mpengine.dll
2012-03-12 20:27:12 -------- d-----w- C:\ProgramData\RICOH
2012-03-12 20:23:48 -------- d-----w- C:\ricoh
2012-03-12 19:57:17 -------- d-----w- C:\Program Files (x86)\SysTools OST Recovery
2012-03-12 15:14:25 -------- d-----w- C:\Program Files\Image Resizer for Windows
2012-03-12 15:14:25 -------- d-----w- C:\Program Files (x86)\Image Resizer for Windows
2012-03-09 19:25:29 -------- d-----w- C:\Users\brar\AppData\Local\IsolatedStorage
2012-03-02 21:47:41 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-03-02 21:47:23 -------- d-----w- C:\Users\brar\AppData\Roaming\BitTorrent
2012-03-02 21:00:43 -------- d-----w- C:\Program Files (x86)\Ultimate ZIP Cracker II Evaluation
2012-03-02 20:05:44 -------- d-----w- C:\Users\brar\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2012-03-27 12:27:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 13:53:09 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-02-02 14:47:57 65536 ----a-w- C:\Windows\IFinst27.exe
2012-01-29 11:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 20:12:44 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-23 15:47:11 0 ----a-w- C:\Windows\invcol.tmp
2012-01-16 19:06:41 79888 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-01-16 19:03:14 140816 ----a-w- C:\Windows\System32\drivers\DefragFs.sys
2012-01-16 19:00:59 268552 ----a-w- C:\Windows\System32\PDBoot.exe
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-12 16:34:23 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 16:34:23 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 16:31:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 16:31:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 16:31:58 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 16:31:58 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 16:29:58 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 16:29:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 22:01:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-11 22:01:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-11 22:01:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-11 22:01:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-12-30 23:02:52 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
.
============= FINISH: 15:03:15.04 ===============

Edited by Xtil, 28 March 2012 - 03:52 PM.


#4 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 March 2012 - 04:40 PM

bump

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 12:19 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 March 2012 - 07:41 AM

Here you go... computer is still same. Its about 2 of 10 google searches return the Happili.com from FireFox. IE does not appear to be affected.

Also the Other Deletions area.... keeps appearing even after deleting it.

c:\users\brar\AppData\Local\assembly\tmp



ComboFix 12-03-29.02 - brar 03/29/2012 7:20.6.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6107 [GMT -5:00]
Running from: c:\users\brar\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\brar\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 12:26 . 2012-03-29 12:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-29 12:26 . 2012-03-29 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 12:26 . 2012-03-29 12:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-29 12:26 . 2012-03-29 12:26 -------- d-----w- c:\users\Abuser1\AppData\Local\temp
2012-03-28 19:40 . 2012-03-28 19:40 -------- d-----w- c:\users\brar\DoctorWeb
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files\iTunes
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files (x86)\iTunes
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files\iPod
2012-03-28 11:59 . 2012-03-28 11:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06915A44-24FA-429C-9452-43ED00BC8B23}\offreg.dll
2012-03-27 19:42 . 2012-03-27 19:42 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 19:37 . 2012-03-27 19:37 53248 ----a-w- c:\windows\system32\zlib.dll
2012-03-27 19:23 . 2012-03-27 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-27 19:12 . 2012-03-27 19:12 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2012-03-27 17:51 . 2012-03-27 17:57 -------- d-----w- c:\users\brar\AppData\Local\Microsoft Games
2012-03-26 19:16 . 2012-03-26 19:16 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2012-03-26 15:17 . 2012-03-26 15:17 -------- d-----w- c:\users\brar\AppData\Local\http___www.julien-manici
2012-03-26 14:31 . 2012-03-28 18:53 -------- d-----w- c:\program files (x86)\ESET
2012-03-23 12:46 . 2012-03-23 12:46 -------- d-----w- c:\programdata\LogiShrd
2012-03-23 12:45 . 2012-03-23 12:45 -------- d-----w- c:\program files (x86)\Logitech
2012-03-23 12:44 . 2012-03-23 12:44 -------- d-----w- c:\users\brar\AppData\Local\Downloaded Installations
2012-03-22 20:09 . 2012-03-22 20:44 -------- d-----w- c:\users\brar\AppData\Roaming\Audacity
2012-03-22 18:36 . 2012-03-25 21:01 -------- d-----w- c:\users\brar\AppData\Local\MCEdit-64bit
2012-03-21 16:19 . 2012-03-21 16:19 -------- d-----w- c:\users\brar\AppData\Local\{B2E97903-7371-11E1-826D-B8AC6F996F26}
2012-03-19 18:27 . 2012-03-19 18:27 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:27 . 2012-03-19 18:27 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 16:11 . 2012-03-20 12:12 -------- d-----w- c:\users\brar\AppData\Roaming\Media Player Classic
2012-03-16 18:05 . 2012-03-16 18:06 -------- d-----w- c:\users\brar\AppData\Roaming\USB Server
2012-03-16 17:43 . 2012-03-20 19:20 -------- d-----w- c:\program files (x86)\USB Server 2
2012-03-16 17:42 . 2012-03-16 17:42 -------- d-----w- c:\program files (x86)\IPUSB2HD2 Driver
2012-03-15 20:31 . 2012-03-29 12:26 -------- d-----w- c:\users\brar\AppData\Local\assembly
2012-03-15 20:19 . 2012-03-15 20:19 -------- d-----w- c:\users\brar\AppData\Roaming\Avaya
2012-03-15 20:18 . 2012-03-15 20:18 -------- d-----w- c:\program files (x86)\Avaya
2012-03-15 19:13 . 2012-03-15 19:13 -------- d-----w- c:\program files (x86)\Dokan
2012-03-15 18:39 . 2012-03-22 19:16 -------- d-----w- c:\program files (x86)\Wot_Tank_Viewer
2012-03-13 10:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06915A44-24FA-429C-9452-43ED00BC8B23}\mpengine.dll
2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\programdata\RICOH
2012-03-12 20:23 . 2012-03-12 20:27 -------- d-----w- C:\ricoh
2012-03-12 19:57 . 2012-03-23 13:19 -------- d-----w- c:\program files (x86)\SysTools OST Recovery
2012-03-12 15:14 . 2012-03-12 15:14 -------- d-----w- c:\program files\Image Resizer for Windows
2012-03-12 15:14 . 2012-03-12 15:14 -------- d-----w- c:\program files (x86)\Image Resizer for Windows
2012-03-09 19:25 . 2012-03-09 19:25 -------- d-----w- c:\users\brar\AppData\Local\IsolatedStorage
2012-03-02 20:05 . 2012-03-02 20:05 -------- d-----w- c:\users\brar\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 12:27 . 2011-10-21 17:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 13:53 . 2011-12-01 22:31 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-02-02 14:47 . 2012-02-02 14:44 65536 ----a-w- c:\windows\IFinst27.exe
2012-02-01 15:24 . 2012-02-01 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 20:12 . 2011-10-21 17:49 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 15:47 . 2012-01-23 15:47 0 ----a-w- c:\windows\invcol.tmp
2012-01-14 04:06 . 2012-02-23 13:38 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 16:34 . 2012-01-12 16:34 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 16:34 . 2012-01-12 16:34 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 16:33 . 2012-01-12 16:33 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-12 16:33 . 2012-01-12 16:33 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 16:33 . 2012-01-12 16:33 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-12 16:33 . 2012-01-12 16:33 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-12 16:33 . 2012-01-12 16:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 16:33 . 2012-01-12 16:33 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-12 16:33 . 2012-01-12 16:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 16:33 . 2012-01-12 16:33 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 16:33 . 2012-01-12 16:33 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 16:33 . 2012-01-12 16:33 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 16:33 . 2012-01-12 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-12 16:33 . 2012-01-12 16:33 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-12 16:33 . 2012-01-12 16:33 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 16:33 . 2012-01-12 16:33 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-12 16:31 . 2012-01-12 16:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 16:31 . 2012-01-12 16:31 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 16:31 . 2012-01-12 16:31 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 16:31 . 2012-01-12 16:31 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 16:29 . 2012-01-12 16:29 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 16:29 . 2012-01-12 16:29 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 22:01 . 2012-01-11 22:01 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-11 22:01 . 2012-01-11 22:01 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-11 22:01 . 2012-01-11 22:01 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-11 22:01 . 2012-01-11 22:01 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-30 23:02 . 2011-12-13 22:05 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2010-01-16 14336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Logitech H760"="c:\program files (x86)\Logitech\H760\H760.exe" [2010-07-09 275800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
c:\users\brar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech H760 Product Registration.lnk - c:\program files (x86)\Logitech\H760\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 NUServer64;Network USB Server Device ;c:\windows\system32\DRIVERS\NUServer64.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Fog Service;Fog Service;c:\program files (x86)\FOG\FOGService.exe [2011-06-15 10752]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2011-05-19 2016504]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2839840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2012-02-04 907776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Click to &Dial - file:///c:\program files (x86)\Avaya\Avaya one-X Communicator\Context.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: boydbros.com\bbt-bit9.boydimage
TCP: DhcpNameServer = 192.168.1.5
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-TibetSystem - Uninstall EyeMax DVR Client - c:\windows\system32\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{65134FDF-F8A5-4B3D-91D9-CDF273CFD578}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4c,00,
61,97,b6,53,0e,ee,cf,8e,b2,76,91,91,6c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E6DF0B46-7D6F-407A-A6A2-62D17A021A9A}"=hex:51,66,7a,6c,4c,1d,38,12,28,08,cc,
e2,5d,33,14,05,d9,b4,21,91,7f,5c,5e,8e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6d,a2,84,c9,26,08,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,b2,49,3a,40,06,d6,4e,8a,c8,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,b2,49,3a,40,06,d6,4e,8a,c8,c0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 07:28:51
ComboFix-quarantined-files.txt 2012-03-29 12:28
.
Pre-Run: 92,378,677,248 bytes free
Post-Run: 92,302,184,448 bytes free
.
- - End Of File - - BB7F78DE26F8431775215AD385B64E3C

Edited by Xtil, 29 March 2012 - 08:05 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 11:41 AM

Greetings

I want you to uninstall FireFox and when asked about user data I want that removed also
Then when that is complete I want you to reinstall it back and make sure it is the latest version

Then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 March 2012 - 01:14 PM

After removing and reinstalling I am not seeing the happili.com redirect.

Here is the TDSSKiller and aswMBR logs:

12:18:53.0266 4884 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
12:18:53.0609 4884 ============================================================
12:18:53.0609 4884 Current date / time: 2012/03/29 12:18:53.0609
12:18:53.0609 4884 SystemInfo:
12:18:53.0609 4884
12:18:53.0609 4884 OS Version: 6.1.7601 ServicePack: 1.0
12:18:53.0609 4884 Product type: Workstation
12:18:53.0609 4884 ComputerName: BBT-CL1-IS-BRAR
12:18:53.0609 4884 UserName: brar
12:18:53.0609 4884 Windows directory: C:\Windows
12:18:53.0609 4884 System windows directory: C:\Windows
12:18:53.0609 4884 Running under WOW64
12:18:53.0609 4884 Processor architecture: Intel x64
12:18:53.0609 4884 Number of processors: 4
12:18:53.0609 4884 Page size: 0x1000
12:18:53.0609 4884 Boot type: Normal boot
12:18:53.0609 4884 ============================================================
12:18:54.0086 4884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:18:54.0090 4884 \Device\Harddisk0\DR0:
12:18:54.0090 4884 MBR used
12:18:54.0090 4884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x278000
12:18:54.0090 4884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x28C000, BlocksNum 0x3A0F9830
12:18:54.0131 4884 Initialize success
12:18:54.0131 4884 ============================================================
12:18:55.0398 5156 ============================================================
12:18:55.0398 5156 Scan started
12:18:55.0398 5156 Mode: Manual;
12:18:55.0398 5156 ============================================================
12:18:55.0875 5156 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:18:55.0876 5156 !SASCORE - ok
12:18:56.0056 5156 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:18:56.0089 5156 1394ohci - ok
12:18:56.0186 5156 Acceler (1575a815c27789061f34b4f55ae0b5c3) C:\Windows\system32\DRIVERS\accelern.sys
12:18:56.0187 5156 Acceler - ok
12:18:56.0545 5156 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:18:56.0549 5156 ACPI - ok
12:18:56.0659 5156 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:18:56.0669 5156 AcpiPmi - ok
12:18:56.0773 5156 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:18:56.0774 5156 AdobeARMservice - ok
12:18:56.0888 5156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:18:56.0944 5156 adp94xx - ok
12:18:56.0986 5156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:18:57.0019 5156 adpahci - ok
12:18:57.0101 5156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:18:57.0103 5156 adpu320 - ok
12:18:57.0225 5156 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
12:18:57.0230 5156 AdvancedSystemCareService5 - ok
12:18:57.0332 5156 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:18:57.0333 5156 AeLookupSvc - ok
12:18:57.0396 5156 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
12:18:57.0397 5156 AESTFilters - ok
12:18:57.0507 5156 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:18:57.0526 5156 AFD - ok
12:18:57.0631 5156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:18:57.0645 5156 agp440 - ok
12:18:57.0678 5156 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:18:57.0679 5156 ALG - ok
12:18:57.0729 5156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:18:57.0739 5156 aliide - ok
12:18:57.0829 5156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:18:57.0839 5156 amdide - ok
12:18:57.0866 5156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:18:57.0877 5156 AmdK8 - ok
12:18:57.0896 5156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:18:57.0907 5156 AmdPPM - ok
12:18:57.0956 5156 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:18:57.0956 5156 amdsata - ok
12:18:57.0986 5156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:18:57.0998 5156 amdsbs - ok
12:18:58.0111 5156 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:18:58.0112 5156 amdxata - ok
12:18:58.0188 5156 ApfiltrService (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:18:58.0199 5156 ApfiltrService - ok
12:18:58.0232 5156 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:18:58.0242 5156 AppID - ok
12:18:58.0346 5156 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:18:58.0347 5156 AppIDSvc - ok
12:18:58.0394 5156 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:18:58.0396 5156 Appinfo - ok
12:18:58.0491 5156 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:18:58.0492 5156 Apple Mobile Device - ok
12:18:58.0598 5156 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:18:58.0601 5156 AppMgmt - ok
12:18:58.0707 5156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:18:58.0717 5156 arc - ok
12:18:58.0786 5156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:18:58.0787 5156 arcsas - ok
12:18:58.0842 5156 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:18:58.0844 5156 aspnet_state - ok
12:18:58.0915 5156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:58.0924 5156 AsyncMac - ok
12:18:58.0996 5156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:18:58.0997 5156 atapi - ok
12:18:59.0082 5156 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:18:59.0089 5156 AudioEndpointBuilder - ok
12:18:59.0101 5156 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:18:59.0104 5156 AudioSrv - ok
12:18:59.0182 5156 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:18:59.0185 5156 AxInstSV - ok
12:18:59.0243 5156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:18:59.0248 5156 b06bdrv - ok
12:18:59.0322 5156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:18:59.0334 5156 b57nd60a - ok
12:18:59.0369 5156 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:18:59.0370 5156 BDESVC - ok
12:18:59.0468 5156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:18:59.0469 5156 Beep - ok
12:18:59.0558 5156 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:18:59.0566 5156 BFE - ok
12:18:59.0726 5156 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:18:59.0736 5156 BITS - ok
12:18:59.0865 5156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:18:59.0875 5156 blbdrive - ok
12:18:59.0920 5156 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:18:59.0923 5156 Bonjour Service - ok
12:19:00.0025 5156 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:19:00.0045 5156 bowser - ok
12:19:00.0200 5156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:19:00.0201 5156 BrFiltLo - ok
12:19:00.0254 5156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:19:00.0255 5156 BrFiltUp - ok
12:19:00.0338 5156 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:19:00.0349 5156 BridgeMP - ok
12:19:00.0468 5156 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:19:00.0470 5156 Browser - ok
12:19:00.0592 5156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:19:00.0605 5156 Brserid - ok
12:19:00.0689 5156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:19:00.0699 5156 BrSerWdm - ok
12:19:00.0760 5156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:19:00.0770 5156 BrUsbMdm - ok
12:19:00.0787 5156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:19:00.0788 5156 BrUsbSer - ok
12:19:00.0853 5156 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
12:19:00.0853 5156 BthEnum - ok
12:19:00.0931 5156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:19:00.0931 5156 BTHMODEM - ok
12:19:01.0000 5156 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:19:01.0002 5156 BthPan - ok
12:19:01.0064 5156 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:19:01.0070 5156 BTHPORT - ok
12:19:01.0124 5156 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:19:01.0126 5156 bthserv - ok
12:19:01.0219 5156 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:19:01.0220 5156 BTHUSB - ok
12:19:01.0288 5156 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
12:19:01.0291 5156 BTWAMPFL - ok
12:19:01.0385 5156 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
12:19:01.0386 5156 btwaudio - ok
12:19:01.0501 5156 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
12:19:01.0503 5156 btwavdt - ok
12:19:01.0575 5156 btwdins (cc9dae7759ac2c0d19111c0d38ddd232) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:19:01.0588 5156 btwdins - ok
12:19:01.0679 5156 btwl2cap (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:19:01.0680 5156 btwl2cap - ok
12:19:01.0693 5156 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
12:19:01.0695 5156 btwrchid - ok
12:19:01.0759 5156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:19:01.0761 5156 cdfs - ok
12:19:01.0788 5156 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:19:01.0799 5156 cdrom - ok
12:19:01.0881 5156 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:19:01.0882 5156 CertPropSvc - ok
12:19:01.0925 5156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:19:01.0926 5156 circlass - ok
12:19:02.0020 5156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:19:02.0041 5156 CLFS - ok
12:19:02.0121 5156 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:19:02.0123 5156 clr_optimization_v2.0.50727_32 - ok
12:19:02.0195 5156 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:19:02.0197 5156 clr_optimization_v2.0.50727_64 - ok
12:19:02.0235 5156 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:19:02.0238 5156 clr_optimization_v4.0.30319_32 - ok
12:19:02.0338 5156 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:19:02.0339 5156 clr_optimization_v4.0.30319_64 - ok
12:19:02.0369 5156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:19:02.0378 5156 CmBatt - ok
12:19:02.0410 5156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:19:02.0420 5156 cmdide - ok
12:19:02.0457 5156 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:19:02.0487 5156 CNG - ok
12:19:02.0523 5156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:19:02.0524 5156 Compbatt - ok
12:19:02.0542 5156 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:19:02.0544 5156 CompositeBus - ok
12:19:02.0552 5156 COMSysApp - ok
12:19:02.0586 5156 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
12:19:02.0587 5156 cpudrv64 - ok
12:19:02.0626 5156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:19:02.0629 5156 crcdisk - ok
12:19:02.0717 5156 Credential Vault Host Control Service (d8e4f20bd26d8dca4cb67a796d7eec84) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
12:19:02.0726 5156 Credential Vault Host Control Service - ok
12:19:02.0745 5156 Credential Vault Host Storage (ec31c9a4d1059e599dd1dbb50b84f278) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
12:19:02.0746 5156 Credential Vault Host Storage - ok
12:19:02.0865 5156 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:19:02.0867 5156 CryptSvc - ok
12:19:02.0971 5156 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:19:02.0978 5156 CSC - ok
12:19:03.0086 5156 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:19:03.0093 5156 CscService - ok
12:19:03.0190 5156 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:19:03.0192 5156 CtClsFlt - ok
12:19:03.0222 5156 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
12:19:03.0232 5156 CVirtA - ok
12:19:03.0340 5156 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:19:03.0348 5156 CVPND - ok
12:19:03.0420 5156 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys
12:19:03.0423 5156 CVPNDRVA - ok
12:19:03.0445 5156 cvusbdrv (afd403048b1753eb4225ca476f663350) C:\Windows\system32\Drivers\cvusbdrv.sys
12:19:03.0464 5156 cvusbdrv - ok
12:19:03.0585 5156 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:19:03.0589 5156 DcomLaunch - ok
12:19:03.0645 5156 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
12:19:03.0648 5156 dcpsysmgrsvc - ok
12:19:03.0741 5156 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:19:03.0744 5156 defragsvc - ok
12:19:03.0792 5156 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:19:03.0794 5156 DfsC - ok
12:19:03.0833 5156 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:19:03.0837 5156 Dhcp - ok
12:19:03.0872 5156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:19:03.0891 5156 discache - ok
12:19:04.0015 5156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:19:04.0016 5156 Disk - ok
12:19:04.0044 5156 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:19:04.0046 5156 dmvsc - ok
12:19:04.0125 5156 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
12:19:04.0126 5156 DNE - ok
12:19:04.0165 5156 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:19:04.0167 5156 Dnscache - ok
12:19:04.0262 5156 Dokan (fa122bc1451b1b35b7814fbe1acf1924) C:\Windows\system32\drivers\dokan.sys
12:19:04.0264 5156 Dokan - ok
12:19:04.0357 5156 DokanMounter (8c856e531a1170f53ac6844e89cd0b5f) C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
12:19:04.0357 5156 DokanMounter - ok
12:19:04.0400 5156 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:19:04.0403 5156 dot3svc - ok
12:19:04.0447 5156 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:19:04.0449 5156 DPS - ok
12:19:04.0483 5156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:19:04.0493 5156 drmkaud - ok
12:19:04.0570 5156 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:19:04.0572 5156 dtsoftbus01 - ok
12:19:04.0604 5156 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:19:04.0610 5156 DXGKrnl - ok
12:19:04.0649 5156 e1cexpress (5db7ceb8fb44abf01614e33bad2056e0) C:\Windows\system32\DRIVERS\e1c62x64.sys
12:19:04.0651 5156 e1cexpress - ok
12:19:04.0675 5156 eamonm (55e3de49eec3640e8e174021591b171a) C:\Windows\system32\DRIVERS\eamonm.sys
12:19:04.0686 5156 eamonm - ok
12:19:04.0778 5156 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:19:04.0779 5156 EapHost - ok
12:19:04.0921 5156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:19:05.0046 5156 ebdrv - ok
12:19:05.0174 5156 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:19:05.0175 5156 EFS - ok
12:19:05.0289 5156 ehdrv (31bf254a77400baeffbc420db348a6b5) C:\Windows\system32\DRIVERS\ehdrv.sys
12:19:05.0299 5156 ehdrv - ok
12:19:05.0371 5156 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:19:05.0379 5156 ehRecvr - ok
12:19:05.0424 5156 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:19:05.0425 5156 ehSched - ok
12:19:05.0480 5156 EhttpSrv (53ce26c6585cd9ae03667707b9f39ec9) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
12:19:05.0480 5156 EhttpSrv - ok
12:19:05.0506 5156 ekrn (7f69964274272c4df172ad2d79014732) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
12:19:05.0510 5156 ekrn - ok
12:19:05.0593 5156 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
12:19:05.0600 5156 ElRawDisk - ok
12:19:05.0639 5156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:19:05.0645 5156 elxstor - ok
12:19:05.0687 5156 epfwwfpr (a3e3a91359c6cfdec40ec2699f54022e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:19:05.0698 5156 epfwwfpr - ok
12:19:05.0741 5156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:19:05.0751 5156 ErrDev - ok
12:19:05.0789 5156 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:19:05.0793 5156 EventSystem - ok
12:19:05.0918 5156 EvtEng (5c08b9a2baaec1f33c2d50fd166deebb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:19:05.0953 5156 EvtEng - ok
12:19:06.0105 5156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:19:06.0139 5156 exfat - ok
12:19:06.0187 5156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:19:06.0209 5156 fastfat - ok
12:19:06.0280 5156 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:19:06.0288 5156 Fax - ok
12:19:06.0347 5156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:19:06.0366 5156 fdc - ok
12:19:06.0443 5156 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:19:06.0444 5156 fdPHost - ok
12:19:06.0526 5156 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:19:06.0528 5156 FDResPub - ok
12:19:06.0561 5156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:19:06.0571 5156 FileInfo - ok
12:19:06.0623 5156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:19:06.0635 5156 Filetrace - ok
12:19:06.0659 5156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:19:06.0660 5156 flpydisk - ok
12:19:06.0687 5156 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:19:06.0720 5156 FltMgr - ok
12:19:06.0819 5156 Fog Service (8fbd697ee3bb9a38af97426cfd74a53a) C:\Program Files (x86)\FOG\FOGService.exe
12:19:06.0819 5156 Fog Service - ok
12:19:06.0944 5156 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:19:06.0973 5156 FontCache - ok
12:19:07.0063 5156 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:19:07.0064 5156 FontCache3.0.0.0 - ok
12:19:07.0103 5156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:19:07.0114 5156 FsDepends - ok
12:19:07.0131 5156 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:19:07.0141 5156 Fs_Rec - ok
12:19:07.0167 5156 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:19:07.0200 5156 fvevol - ok
12:19:07.0315 5156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:19:07.0343 5156 gagp30kx - ok
12:19:07.0386 5156 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:19:07.0387 5156 GEARAspiWDM - ok
12:19:07.0438 5156 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:19:07.0446 5156 gpsvc - ok
12:19:07.0531 5156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:19:07.0532 5156 hcw85cir - ok
12:19:07.0559 5156 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:19:07.0561 5156 HDAudBus - ok
12:19:07.0599 5156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:19:07.0618 5156 HidBatt - ok
12:19:07.0644 5156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:19:07.0655 5156 HidBth - ok
12:19:07.0671 5156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:19:07.0689 5156 HidIr - ok
12:19:07.0725 5156 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:19:07.0726 5156 hidserv - ok
12:19:07.0767 5156 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:19:07.0778 5156 HidUsb - ok
12:19:07.0853 5156 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:19:07.0855 5156 hkmsvc - ok
12:19:07.0896 5156 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:19:07.0899 5156 HomeGroupListener - ok
12:19:07.0933 5156 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:19:07.0935 5156 HomeGroupProvider - ok
12:19:08.0040 5156 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:19:08.0041 5156 HpSAMD - ok
12:19:08.0089 5156 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:19:08.0089 5156 HTCAND64 - ok
12:19:08.0155 5156 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:19:08.0189 5156 HTTP - ok
12:19:08.0328 5156 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:19:08.0338 5156 hwpolicy - ok
12:19:08.0426 5156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:19:08.0438 5156 i8042prt - ok
12:19:08.0473 5156 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
12:19:08.0476 5156 iaStor - ok
12:19:08.0575 5156 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:19:08.0575 5156 IAStorDataMgrSvc - ok
12:19:08.0664 5156 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:19:08.0668 5156 iaStorV - ok
12:19:08.0830 5156 iClarityQoSService (5374c6155866629fbc95f7c7581b69d8) C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
12:19:08.0839 5156 iClarityQoSService - ok
12:19:08.0944 5156 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:19:08.0952 5156 idsvc - ok
12:19:09.0293 5156 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:19:09.0557 5156 igfx - ok
12:19:09.0650 5156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:19:09.0651 5156 iirsp - ok
12:19:09.0717 5156 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
12:19:09.0718 5156 IISADMIN - ok
12:19:09.0773 5156 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:19:09.0782 5156 IKEEXT - ok
12:19:09.0830 5156 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
12:19:09.0832 5156 Impcd - ok
12:19:09.0883 5156 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:19:09.0897 5156 IntcDAud - ok
12:19:10.0024 5156 Intel® PROSet Monitoring Service (4a9eb8ac8959c580adcaddbdbbebe033) C:\Windows\system32\IProsetMonitor.exe
12:19:10.0025 5156 Intel® PROSet Monitoring Service - ok
12:19:10.0060 5156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:19:10.0062 5156 intelide - ok
12:19:10.0134 5156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:19:10.0144 5156 intelppm - ok
12:19:10.0176 5156 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:19:10.0178 5156 IPBusEnum - ok
12:19:10.0204 5156 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:19:10.0206 5156 IpFilterDriver - ok
12:19:10.0301 5156 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:19:10.0306 5156 iphlpsvc - ok
12:19:10.0401 5156 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:19:10.0402 5156 IPMIDRV - ok
12:19:10.0427 5156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:19:10.0438 5156 IPNAT - ok
12:19:10.0567 5156 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
12:19:10.0589 5156 iPod Service - ok
12:19:10.0675 5156 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
12:19:10.0685 5156 iPodDrv - ok
12:19:10.0740 5156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:19:10.0741 5156 IRENUM - ok
12:19:10.0802 5156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:19:10.0812 5156 isapnp - ok
12:19:10.0839 5156 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:19:10.0851 5156 iScsiPrt - ok
12:19:10.0933 5156 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:19:10.0934 5156 jhi_service - ok
12:19:10.0968 5156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:19:10.0970 5156 kbdclass - ok
12:19:11.0010 5156 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:19:11.0012 5156 kbdhid - ok
12:19:11.0041 5156 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:11.0042 5156 KeyIso - ok
12:19:11.0105 5156 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:19:11.0107 5156 KSecDD - ok
12:19:11.0214 5156 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:19:11.0216 5156 KSecPkg - ok
12:19:11.0311 5156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:19:11.0322 5156 ksthunk - ok
12:19:11.0387 5156 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:19:11.0391 5156 KtmRm - ok
12:19:11.0455 5156 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:19:11.0458 5156 LanmanServer - ok
12:19:11.0564 5156 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:19:11.0566 5156 LanmanWorkstation - ok
12:19:11.0653 5156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:19:11.0665 5156 lltdio - ok
12:19:11.0743 5156 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:19:11.0747 5156 lltdsvc - ok
12:19:11.0786 5156 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:19:11.0788 5156 lmhosts - ok
12:19:11.0903 5156 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:19:11.0905 5156 LMS - ok
12:19:12.0033 5156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:19:12.0044 5156 LSI_FC - ok
12:19:12.0147 5156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:19:12.0162 5156 LSI_SAS - ok
12:19:12.0501 5156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:19:12.0511 5156 LSI_SAS2 - ok
12:19:12.0662 5156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:19:12.0673 5156 LSI_SCSI - ok
12:19:12.0822 5156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:19:12.0823 5156 luafv - ok
12:19:13.0045 5156 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:19:13.0047 5156 Mcx2Svc - ok
12:19:13.0686 5156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:19:13.0706 5156 megasas - ok
12:19:13.0862 5156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:19:13.0875 5156 MegaSR - ok
12:19:14.0002 5156 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:19:14.0003 5156 MEIx64 - ok
12:19:14.0119 5156 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:14.0121 5156 MMCSS - ok
12:19:14.0487 5156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:19:14.0488 5156 Modem - ok
12:19:14.0632 5156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:19:14.0642 5156 monitor - ok
12:19:14.0765 5156 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
12:19:14.0767 5156 motandroidusb - ok
12:19:14.0897 5156 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
12:19:14.0907 5156 motccgp - ok
12:19:15.0041 5156 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
12:19:15.0041 5156 motccgpfl - ok
12:19:15.0136 5156 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
12:19:15.0139 5156 MotoHelper - ok
12:19:15.0253 5156 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
12:19:15.0254 5156 MotoSwitchService - ok
12:19:15.0348 5156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:19:15.0349 5156 mouclass - ok
12:19:15.0437 5156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:19:15.0439 5156 mouhid - ok
12:19:15.0532 5156 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:19:15.0543 5156 mountmgr - ok
12:19:15.0642 5156 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:19:15.0646 5156 mpio - ok
12:19:15.0738 5156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:19:15.0749 5156 mpsdrv - ok
12:19:15.0860 5156 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:19:15.0868 5156 MpsSvc - ok
12:19:16.0012 5156 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:19:16.0014 5156 MRxDAV - ok
12:19:16.0142 5156 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:19:16.0146 5156 mrxsmb - ok
12:19:16.0353 5156 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:19:16.0356 5156 mrxsmb10 - ok
12:19:16.0493 5156 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:19:16.0505 5156 mrxsmb20 - ok
12:19:16.0600 5156 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:19:16.0600 5156 msahci - ok
12:19:16.0700 5156 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:19:16.0702 5156 msdsm - ok
12:19:16.0836 5156 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:19:16.0838 5156 MSDTC - ok
12:19:16.0981 5156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:19:16.0983 5156 Msfs - ok
12:19:17.0114 5156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:19:17.0115 5156 mshidkmdf - ok
12:19:17.0245 5156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:19:17.0245 5156 msisadrv - ok
12:19:17.0371 5156 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:19:17.0376 5156 MSiSCSI - ok
12:19:17.0463 5156 msiserver - ok
12:19:17.0623 5156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:19:17.0624 5156 MSKSSRV - ok
12:19:17.0758 5156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:19:17.0759 5156 MSPCLOCK - ok
12:19:17.0898 5156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:19:17.0908 5156 MSPQM - ok
12:19:18.0054 5156 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:19:18.0059 5156 MsRPC - ok
12:19:18.0249 5156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:19:18.0251 5156 mssmbios - ok
12:19:18.0557 5156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:19:18.0558 5156 MSTEE - ok
12:19:18.0704 5156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:19:18.0705 5156 MTConfig - ok
12:19:18.0853 5156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:19:18.0863 5156 Mup - ok
12:19:19.0007 5156 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:19:19.0014 5156 napagent - ok
12:19:19.0187 5156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:19:19.0276 5156 NativeWifiP - ok
12:19:19.0432 5156 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:19:19.0437 5156 NDIS - ok
12:19:19.0577 5156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:19:19.0588 5156 NdisCap - ok
12:19:19.0728 5156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:19:19.0731 5156 NdisTapi - ok
12:19:19.0873 5156 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:19:19.0876 5156 Ndisuio - ok
12:19:20.0020 5156 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:19:20.0033 5156 NdisWan - ok
12:19:20.0181 5156 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:19:20.0201 5156 NDProxy - ok
12:19:20.0533 5156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:19:20.0543 5156 NetBIOS - ok
12:19:20.0664 5156 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:19:20.0677 5156 NetBT - ok
12:19:20.0797 5156 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:20.0798 5156 Netlogon - ok
12:19:20.0928 5156 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:19:20.0933 5156 Netman - ok
12:19:21.0059 5156 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0061 5156 NetMsmqActivator - ok
12:19:21.0067 5156 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0068 5156 NetPipeActivator - ok
12:19:21.0192 5156 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:19:21.0197 5156 netprofm - ok
12:19:21.0326 5156 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0327 5156 NetTcpActivator - ok
12:19:21.0331 5156 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0332 5156 NetTcpPortSharing - ok
12:19:21.0442 5156 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
12:19:21.0444 5156 netvsc - ok
12:19:21.0734 5156 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:19:21.0953 5156 NETwNs64 - ok
12:19:22.0086 5156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:19:22.0106 5156 nfrd960 - ok
12:19:22.0197 5156 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:19:22.0201 5156 NlaSvc - ok
12:19:22.0303 5156 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
12:19:22.0322 5156 NPF - ok
12:19:22.0460 5156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:19:22.0471 5156 Npfs - ok
12:19:22.0562 5156 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:19:22.0564 5156 nsi - ok
12:19:22.0663 5156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:19:22.0673 5156 nsiproxy - ok
12:19:22.0809 5156 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:19:22.0842 5156 Ntfs - ok
12:19:22.0988 5156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:19:22.0999 5156 Null - ok
12:19:23.0164 5156 NUServer64 (05ed699058671ee1dc0b10e8b1152e92) C:\Windows\system32\DRIVERS\NUServer64.sys
12:19:23.0166 5156 NUServer64 - ok
12:19:23.0308 5156 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:19:23.0309 5156 nvraid - ok
12:19:23.0441 5156 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:19:23.0442 5156 nvstor - ok
12:19:23.0568 5156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:19:23.0579 5156 nv_agp - ok
12:19:23.0699 5156 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
12:19:23.0701 5156 O2FLASH - ok
12:19:23.0821 5156 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\drivers\O2MDFw7x64.sys
12:19:23.0822 5156 O2MDFRDR - ok
12:19:23.0942 5156 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
12:19:23.0953 5156 O2MDRRDR - ok
12:19:24.0062 5156 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe
12:19:24.0063 5156 O2SDIOAssist - ok
12:19:24.0194 5156 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
12:19:24.0205 5156 O2SDJRDR - ok
12:19:24.0491 5156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:19:24.0501 5156 ohci1394 - ok
12:19:24.0577 5156 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:19:24.0578 5156 ose - ok
12:19:24.0759 5156 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:19:24.0875 5156 osppsvc - ok
12:19:25.0028 5156 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:25.0032 5156 p2pimsvc - ok
12:19:25.0142 5156 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:19:25.0149 5156 p2psvc - ok
12:19:25.0305 5156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:19:25.0316 5156 Parport - ok
12:19:25.0425 5156 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:19:25.0436 5156 partmgr - ok
12:19:25.0533 5156 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
12:19:25.0534 5156 PBADRV - ok
12:19:25.0651 5156 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:19:25.0653 5156 PcaSvc - ok
12:19:25.0748 5156 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:19:25.0750 5156 pci - ok
12:19:25.0827 5156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:19:25.0837 5156 pciide - ok
12:19:25.0931 5156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:19:25.0943 5156 pcmcia - ok
12:19:26.0048 5156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:19:26.0058 5156 pcw - ok
12:19:26.0180 5156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:19:26.0202 5156 PEAUTH - ok
12:19:26.0372 5156 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:19:26.0404 5156 PeerDistSvc - ok
12:19:26.0575 5156 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:19:26.0576 5156 PerfHost - ok
12:19:26.0760 5156 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:19:26.0795 5156 pla - ok
12:19:26.0988 5156 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:19:26.0993 5156 PlugPlay - ok
12:19:27.0164 5156 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:19:27.0166 5156 PNRPAutoReg - ok
12:19:27.0295 5156 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:27.0297 5156 PNRPsvc - ok
12:19:27.0422 5156 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:19:27.0428 5156 PolicyAgent - ok
12:19:27.0589 5156 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:19:27.0592 5156 Power - ok
12:19:27.0687 5156 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:19:27.0716 5156 PptpMiniport - ok
12:19:27.0874 5156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:19:27.0885 5156 Processor - ok
12:19:27.0997 5156 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:19:28.0000 5156 ProfSvc - ok
12:19:28.0097 5156 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:28.0098 5156 ProtectedStorage - ok
12:19:28.0193 5156 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:19:28.0204 5156 Psched - ok
12:19:28.0304 5156 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:19:28.0314 5156 PxHlpa64 - ok
12:19:28.0434 5156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:19:28.0466 5156 ql2300 - ok
12:19:28.0635 5156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:19:28.0637 5156 ql40xx - ok
12:19:28.0778 5156 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:19:28.0781 5156 QWAVE - ok
12:19:28.0905 5156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:19:28.0915 5156 QWAVEdrv - ok
12:19:29.0044 5156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:19:29.0054 5156 RasAcd - ok
12:19:29.0180 5156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:19:29.0182 5156 RasAgileVpn - ok
12:19:29.0321 5156 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:19:29.0323 5156 RasAuto - ok
12:19:29.0464 5156 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:19:29.0485 5156 Rasl2tp - ok
12:19:29.0690 5156 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:19:29.0694 5156 RasMan - ok
12:19:29.0815 5156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:19:29.0818 5156 RasPppoe - ok
12:19:29.0940 5156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:19:29.0951 5156 RasSstp - ok
12:19:30.0066 5156 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:19:30.0072 5156 rdbss - ok
12:19:30.0191 5156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:19:30.0211 5156 rdpbus - ok
12:19:30.0401 5156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:19:30.0402 5156 RDPCDD - ok
12:19:30.0519 5156 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:19:30.0541 5156 RDPDR - ok
12:19:30.0670 5156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:19:30.0671 5156 RDPENCDD - ok
12:19:30.0813 5156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:19:30.0814 5156 RDPREFMP - ok
12:19:30.0942 5156 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:19:30.0954 5156 RDPWD - ok
12:19:31.0067 5156 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:19:31.0071 5156 rdyboost - ok
12:19:31.0177 5156 RegSrvc (f90cc59135f2945a6ebb1670a7bbd8b3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:19:31.0184 5156 RegSrvc - ok
12:19:31.0360 5156 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:19:31.0364 5156 RemoteAccess - ok
12:19:31.0490 5156 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:19:31.0492 5156 RemoteRegistry - ok
12:19:31.0634 5156 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
12:19:31.0645 5156 Revoflt - ok
12:19:31.0739 5156 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:19:31.0752 5156 RFCOMM - ok
12:19:31.0854 5156 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:19:31.0857 5156 RpcEptMapper - ok
12:19:31.0955 5156 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:19:31.0957 5156 RpcLocator - ok
12:19:32.0075 5156 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:19:32.0079 5156 RpcSs - ok
12:19:32.0177 5156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:19:32.0188 5156 rspndr - ok
12:19:32.0295 5156 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:19:32.0296 5156 s3cap - ok
12:19:32.0408 5156 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:32.0410 5156 SamSs - ok
12:19:32.0474 5156 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:19:32.0475 5156 SASDIFSV - ok
12:19:32.0522 5156 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:19:32.0532 5156 SASKUTIL - ok
12:19:32.0622 5156 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:19:32.0632 5156 sbp2port - ok
12:19:32.0730 5156 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:19:32.0735 5156 SCardSvr - ok
12:19:32.0846 5156 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:19:32.0857 5156 scfilter - ok
12:19:32.0976 5156 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:19:32.0992 5156 Schedule - ok
12:19:33.0149 5156 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:19:33.0149 5156 SCPolicySvc - ok
12:19:33.0249 5156 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:19:33.0252 5156 SDRSVC - ok
12:19:33.0359 5156 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
12:19:33.0360 5156 SeagateDashboardService - ok
12:19:33.0466 5156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:19:33.0476 5156 secdrv - ok
12:19:33.0572 5156 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:19:33.0574 5156 seclogon - ok
12:19:33.0721 5156 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
12:19:33.0768 5156 SecureStorageService - ok
12:19:33.0925 5156 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:19:33.0927 5156 SENS - ok
12:19:34.0043 5156 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:19:34.0046 5156 SensrSvc - ok
12:19:34.0164 5156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:19:34.0175 5156 Serenum - ok
12:19:34.0304 5156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:19:34.0339 5156 Serial - ok
12:19:34.0499 5156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:19:34.0509 5156 sermouse - ok
12:19:34.0685 5156 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:19:34.0687 5156 SessionEnv - ok
12:19:34.0811 5156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:19:34.0821 5156 sffdisk - ok
12:19:34.0908 5156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:19:34.0918 5156 sffp_mmc - ok
12:19:35.0013 5156 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:19:35.0015 5156 sffp_sd - ok
12:19:35.0091 5156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:19:35.0101 5156 sfloppy - ok
12:19:35.0259 5156 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:19:35.0264 5156 SharedAccess - ok
12:19:35.0402 5156 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:19:35.0406 5156 ShellHWDetection - ok
12:19:35.0523 5156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:19:35.0543 5156 SiSRaid2 - ok
12:19:35.0652 5156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:19:35.0662 5156 SiSRaid4 - ok
12:19:35.0789 5156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:19:35.0791 5156 Smb - ok
12:19:35.0891 5156 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:19:35.0894 5156 SNMPTRAP - ok
12:19:36.0029 5156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:19:36.0039 5156 spldr - ok
12:19:36.0132 5156 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:19:36.0136 5156 Spooler - ok
12:19:36.0317 5156 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:19:36.0387 5156 sppsvc - ok
12:19:36.0534 5156 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:19:36.0536 5156 sppuinotify - ok
12:19:36.0664 5156 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:19:36.0730 5156 srv - ok
12:19:36.0891 5156 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:19:36.0904 5156 srv2 - ok
12:19:37.0068 5156 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:19:37.0070 5156 srvnet - ok
12:19:37.0199 5156 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:19:37.0202 5156 SSDPSRV - ok
12:19:37.0353 5156 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:19:37.0355 5156 SstpSvc - ok
12:19:37.0447 5156 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
12:19:37.0449 5156 STacSV - ok
12:19:37.0548 5156 stdcfltn (e4ea2412fb1b8aee33667a9cc6d456a4) C:\Windows\system32\DRIVERS\stdcfltn.sys
12:19:37.0550 5156 stdcfltn - ok
12:19:37.0673 5156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:19:37.0675 5156 stexstor - ok
12:19:37.0803 5156 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
12:19:37.0824 5156 STHDA - ok
12:19:37.0964 5156 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:19:37.0971 5156 stisvc - ok
12:19:38.0130 5156 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:19:38.0132 5156 StorSvc - ok
12:19:38.0265 5156 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:19:38.0266 5156 storvsc - ok
12:19:38.0396 5156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:19:38.0406 5156 swenum - ok
12:19:38.0533 5156 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:19:38.0539 5156 swprv - ok
12:19:38.0691 5156 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
12:19:38.0692 5156 SynthVid - ok
12:19:38.0847 5156 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:19:38.0881 5156 SysMain - ok
12:19:39.0044 5156 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:19:39.0046 5156 TabletInputService - ok
12:19:39.0187 5156 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:19:39.0191 5156 TapiSrv - ok
12:19:39.0310 5156 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:19:39.0313 5156 TBS - ok
12:19:39.0478 5156 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:19:39.0524 5156 Tcpip - ok
12:19:39.0745 5156 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:19:39.0755 5156 TCPIP6 - ok
12:19:39.0901 5156 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:19:39.0902 5156 tcpipreg - ok
12:19:40.0011 5156 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:19:40.0021 5156 tcsd_win32.exe - ok
12:19:40.0226 5156 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
12:19:40.0306 5156 TdmService - ok
12:19:40.0445 5156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:19:40.0455 5156 TDPIPE - ok
12:19:40.0500 5156 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:19:40.0507 5156 TDTCP - ok
12:19:40.0572 5156 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:19:40.0583 5156 tdx - ok
12:19:40.0697 5156 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:19:40.0707 5156 TermDD - ok
12:19:40.0842 5156 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:19:40.0850 5156 TermService - ok
12:19:41.0027 5156 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:19:41.0029 5156 Themes - ok
12:19:41.0153 5156 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:41.0154 5156 THREADORDER - ok
12:19:41.0288 5156 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:19:41.0291 5156 TrkWks - ok
12:19:41.0394 5156 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
12:19:41.0396 5156 truecrypt - ok
12:19:41.0514 5156 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:19:41.0517 5156 TrustedInstaller - ok
12:19:41.0624 5156 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:19:41.0626 5156 tssecsrv - ok
12:19:41.0720 5156 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:19:41.0739 5156 TsUsbFlt - ok
12:19:41.0885 5156 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:19:41.0886 5156 TsUsbGD - ok
12:19:41.0967 5156 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:19:41.0979 5156 tunnel - ok
12:19:42.0080 5156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:19:42.0090 5156 uagp35 - ok
12:19:42.0197 5156 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:19:42.0202 5156 udfs - ok
12:19:42.0335 5156 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:19:42.0337 5156 UI0Detect - ok
12:19:42.0452 5156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:19:42.0463 5156 uliagpkx - ok
12:19:42.0565 5156 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:19:42.0576 5156 umbus - ok
12:19:42.0705 5156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:19:42.0715 5156 UmPass - ok
12:19:42.0847 5156 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:19:42.0851 5156 UmRdpService - ok
12:19:43.0050 5156 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:19:43.0064 5156 UNS - ok
12:19:43.0228 5156 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:19:43.0234 5156 upnphost - ok
12:19:43.0379 5156 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:19:43.0389 5156 USBAAPL64 - ok
12:19:43.0542 5156 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:19:43.0553 5156 usbaudio - ok
12:19:43.0665 5156 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:19:43.0677 5156 usbccgp - ok
12:19:43.0786 5156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:19:43.0787 5156 usbcir - ok
12:19:43.0869 5156 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:19:43.0880 5156 usbehci - ok
12:19:43.0985 5156 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
12:19:44.0007 5156 usbhub - ok
12:19:44.0140 5156 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:19:44.0141 5156 usbohci - ok
12:19:44.0240 5156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:19:44.0251 5156 usbprint - ok
12:19:44.0352 5156 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:19:44.0352 5156 USBSTOR - ok
12:19:44.0460 5156 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:19:44.0461 5156 usbuhci - ok
12:19:44.0561 5156 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:19:44.0574 5156 usbvideo - ok
12:19:44.0706 5156 uvnc_service (6da5bd7f379500c8473bb9ef23fbeb60) C:\Program Files (x86)\UltraVNC\WinVNC.exe
12:19:44.0718 5156 uvnc_service - ok
12:19:44.0864 5156 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:19:44.0866 5156 UxSms - ok
12:19:44.0997 5156 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:44.0998 5156 VaultSvc - ok
12:19:45.0126 5156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:19:45.0146 5156 vdrvroot - ok
12:19:45.0314 5156 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:19:45.0320 5156 vds - ok
12:19:45.0460 5156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:19:45.0461 5156 vga - ok
12:19:45.0605 5156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:19:45.0616 5156 VgaSave - ok
12:19:45.0738 5156 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:19:45.0750 5156 vhdmp - ok
12:19:45.0853 5156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:19:45.0863 5156 viaide - ok
12:19:45.0971 5156 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:19:45.0981 5156 VMBusHID - ok
12:19:46.0067 5156 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:19:46.0088 5156 volmgr - ok
12:19:46.0230 5156 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:19:46.0235 5156 volmgrx - ok
12:19:46.0392 5156 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:19:46.0413 5156 volsnap - ok
12:19:46.0573 5156 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
12:19:46.0576 5156 vpcbus - ok
12:19:46.0700 5156 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:19:46.0712 5156 vpcnfltr - ok
12:19:46.0844 5156 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
12:19:46.0855 5156 vpcusb - ok
12:19:46.0971 5156 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
12:19:46.0974 5156 vpcvmm - ok
12:19:47.0083 5156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:19:47.0095 5156 vsmraid - ok
12:19:47.0223 5156 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:19:47.0254 5156 VSS - ok
12:19:47.0407 5156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:19:47.0418 5156 vwifibus - ok
12:19:47.0502 5156 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:19:47.0504 5156 vwififlt - ok
12:19:47.0654 5156 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:19:47.0659 5156 W32Time - ok
12:19:47.0791 5156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:19:47.0792 5156 WacomPen - ok
12:19:47.0890 5156 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:47.0901 5156 WANARP - ok
12:19:47.0915 5156 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:47.0916 5156 Wanarpv6 - ok
12:19:48.0059 5156 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:19:48.0087 5156 WatAdminSvc - ok
12:19:48.0250 5156 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
12:19:48.0283 5156 Wave Authentication Manager Service - ok
12:19:48.0504 5156 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:19:48.0538 5156 wbengine - ok
12:19:48.0709 5156 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:19:48.0713 5156 WbioSrvc - ok
12:19:48.0778 5156 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:19:48.0783 5156 wcncsvc - ok
12:19:48.0878 5156 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:19:48.0880 5156 WcsPlugInService - ok
12:19:48.0988 5156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:19:48.0989 5156 Wd - ok
12:19:49.0071 5156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:19:49.0079 5156 Wdf01000 - ok
12:19:49.0136 5156 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:49.0139 5156 WdiServiceHost - ok
12:19:49.0144 5156 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:49.0146 5156 WdiSystemHost - ok
12:19:49.0188 5156 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:19:49.0194 5156 WebClient - ok
12:19:49.0222 5156 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:19:49.0226 5156 Wecsvc - ok
12:19:49.0353 5156 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:19:49.0355 5156 wercplsupport - ok
12:19:49.0483 5156 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:19:49.0487 5156 WerSvc - ok
12:19:49.0605 5156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:19:49.0616 5156 WfpLwf - ok
12:19:49.0709 5156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:19:49.0720 5156 WIMMount - ok
12:19:49.0766 5156 WinDefend - ok
12:19:49.0778 5156 WinHttpAutoProxySvc - ok
12:19:49.0931 5156 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:19:49.0933 5156 Winmgmt - ok
12:19:50.0091 5156 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:19:50.0145 5156 WinRM - ok
12:19:50.0281 5156 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:19:50.0293 5156 WinUsb - ok
12:19:50.0341 5156 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:19:50.0356 5156 Wlansvc - ok
12:19:50.0434 5156 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:19:50.0434 5156 wlcrasvc - ok
12:19:50.0561 5156 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:19:50.0596 5156 wlidsvc - ok
12:19:50.0707 5156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:19:50.0717 5156 WmiAcpi - ok
12:19:50.0809 5156 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:19:50.0811 5156 wmiApSrv - ok
12:19:50.0882 5156 WMPNetworkSvc - ok
12:19:50.0946 5156 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:19:50.0948 5156 WPCSvc - ok
12:19:50.0998 5156 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:19:51.0001 5156 WPDBusEnum - ok
12:19:51.0045 5156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:19:51.0055 5156 ws2ifsl - ok
12:19:51.0130 5156 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:19:51.0133 5156 wscsvc - ok
12:19:51.0143 5156 WSearch - ok
12:19:51.0204 5156 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:19:51.0252 5156 wuauserv - ok
12:19:51.0365 5156 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:19:51.0377 5156 WudfPf - ok
12:19:51.0497 5156 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:19:51.0510 5156 WUDFRd - ok
12:19:51.0562 5156 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:19:51.0565 5156 wudfsvc - ok
12:19:51.0611 5156 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:19:51.0615 5156 WwanSvc - ok
12:19:51.0756 5156 ZcfgSvc7 (b87e12317928739e22d2e3acc7ccac80) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
12:19:51.0769 5156 ZcfgSvc7 - ok
12:19:51.0799 5156 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:19:51.0859 5156 \Device\Harddisk0\DR0 - ok
12:19:51.0861 5156 Boot (0x1200) (225ca361125e0dabec2a544e11ca58a7) \Device\Harddisk0\DR0\Partition0
12:19:51.0862 5156 \Device\Harddisk0\DR0\Partition0 - ok
12:19:51.0873 5156 Boot (0x1200) (83a8995c1ec864205e556b4b46ab961e) \Device\Harddisk0\DR0\Partition1
12:19:51.0875 5156 \Device\Harddisk0\DR0\Partition1 - ok
12:19:51.0876 5156 ============================================================
12:19:51.0876 5156 Scan finished
12:19:51.0876 5156 ============================================================
12:19:51.0881 1080 Detected object count: 0
12:19:51.0881 1080 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 12:41:39
-----------------------------
12:41:39.351 OS Version: Windows x64 6.1.7601 Service Pack 1
12:41:39.351 Number of processors: 4 586 0x2A07
12:41:39.351 ComputerName: BBT-CL1-IS-BRAR UserName: brar
12:41:42.066 Initialize success
12:41:45.017 AVAST engine defs: 12032900
12:41:49.491 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:49.492 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
12:41:49.515 Disk 0 MBR read successfully
12:41:49.516 Disk 0 MBR scan
12:41:49.519 Disk 0 Windows VISTA default MBR code
12:41:49.521 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:41:49.530 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1264 MB offset 81920
12:41:49.545 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 475635 MB offset 2670592
12:41:49.570 Disk 0 scanning C:\Windows\system32\drivers
12:42:22.130 Service scanning
12:44:18.068 Modules scanning
12:44:18.072 Disk 0 trace - called modules:
12:44:18.096 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
12:44:18.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009343060]
12:44:18.101 3 CLASSPNP.SYS[fffff88001b9743f] -> nt!IofCallDriver -> [0xfffffa8009192cb0]
12:44:18.103 5 stdcfltn.sys[fffff88001ad5d12] -> nt!IofCallDriver -> [0xfffffa80073ee960]
12:44:18.106 7 ACPI.sys[fffff88000f687a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80073f3050]
12:44:20.603 AVAST engine scan C:\Windows
12:44:46.118 AVAST engine scan C:\Windows\system32
12:53:18.276 AVAST engine scan C:\Windows\system32\drivers
12:54:07.570 AVAST engine scan C:\Users\brar
13:06:21.485 AVAST engine scan C:\ProgramData
13:07:15.774 Scan finished successfully
13:08:12.202 Disk 0 MBR has been saved successfully to "C:\Users\brar\Desktop\MBR.dat"
13:08:12.207 The log file has been saved successfully to "C:\Users\brar\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 01:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 March 2012 - 01:47 PM

Here is the latest run of ComboFix with the script. All seems well. I do find it interesting how it only managed to infect a single browser.

ComboFix 12-03-29.02 - brar 03/29/2012 13:36:48.7.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5663 [GMT -5:00]
Running from: c:\users\brar\Desktop\ComboFix.exe
Command switches used :: c:\users\brar\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\brar\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 18:41 . 2012-03-29 18:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-29 18:41 . 2012-03-29 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 18:41 . 2012-03-29 18:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-29 18:41 . 2012-03-29 18:41 -------- d-----w- c:\users\Abuser1\AppData\Local\temp
2012-03-29 15:13 . 2012-03-29 15:13 -------- d-----w- c:\users\brar\AppData\Local\Mozilla
2012-03-29 13:44 . 2012-03-29 13:44 -------- d-----w- c:\users\brar\AppData\Local\VS Revo Group
2012-03-29 13:44 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-29 13:44 . 2012-03-29 13:44 -------- d-----w- c:\program files\VS Revo Group
2012-03-28 19:40 . 2012-03-28 19:40 -------- d-----w- c:\users\brar\DoctorWeb
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files\iTunes
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files (x86)\iTunes
2012-03-28 18:49 . 2012-03-28 18:49 -------- d-----w- c:\program files\iPod
2012-03-27 19:42 . 2012-03-27 19:42 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 19:37 . 2012-03-27 19:37 53248 ----a-w- c:\windows\system32\zlib.dll
2012-03-27 19:23 . 2012-03-27 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-27 19:12 . 2012-03-27 19:12 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2012-03-27 17:51 . 2012-03-27 17:57 -------- d-----w- c:\users\brar\AppData\Local\Microsoft Games
2012-03-26 19:16 . 2012-03-26 19:16 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2012-03-26 15:17 . 2012-03-26 15:17 -------- d-----w- c:\users\brar\AppData\Local\http___www.julien-manici
2012-03-26 14:31 . 2012-03-28 18:53 -------- d-----w- c:\program files (x86)\ESET
2012-03-23 12:46 . 2012-03-23 12:46 -------- d-----w- c:\programdata\LogiShrd
2012-03-23 12:45 . 2012-03-23 12:45 -------- d-----w- c:\program files (x86)\Logitech
2012-03-23 12:44 . 2012-03-23 12:44 -------- d-----w- c:\users\brar\AppData\Local\Downloaded Installations
2012-03-22 20:09 . 2012-03-22 20:44 -------- d-----w- c:\users\brar\AppData\Roaming\Audacity
2012-03-22 18:36 . 2012-03-25 21:01 -------- d-----w- c:\users\brar\AppData\Local\MCEdit-64bit
2012-03-21 16:19 . 2012-03-21 16:19 -------- d-----w- c:\users\brar\AppData\Local\{B2E97903-7371-11E1-826D-B8AC6F996F26}
2012-03-19 16:11 . 2012-03-20 12:12 -------- d-----w- c:\users\brar\AppData\Roaming\Media Player Classic
2012-03-16 18:05 . 2012-03-16 18:06 -------- d-----w- c:\users\brar\AppData\Roaming\USB Server
2012-03-16 17:43 . 2012-03-20 19:20 -------- d-----w- c:\program files (x86)\USB Server 2
2012-03-16 17:42 . 2012-03-16 17:42 -------- d-----w- c:\program files (x86)\IPUSB2HD2 Driver
2012-03-15 20:31 . 2012-03-29 18:41 -------- d-----w- c:\users\brar\AppData\Local\assembly
2012-03-15 20:19 . 2012-03-15 20:19 -------- d-----w- c:\users\brar\AppData\Roaming\Avaya
2012-03-15 20:18 . 2012-03-15 20:18 -------- d-----w- c:\program files (x86)\Avaya
2012-03-15 19:13 . 2012-03-15 19:13 -------- d-----w- c:\program files (x86)\Dokan
2012-03-15 18:39 . 2012-03-22 19:16 -------- d-----w- c:\program files (x86)\Wot_Tank_Viewer
2012-03-13 10:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06915A44-24FA-429C-9452-43ED00BC8B23}\mpengine.dll
2012-03-12 20:27 . 2012-03-12 20:27 -------- d-----w- c:\programdata\RICOH
2012-03-12 20:23 . 2012-03-12 20:27 -------- d-----w- C:\ricoh
2012-03-12 19:57 . 2012-03-23 13:19 -------- d-----w- c:\program files (x86)\SysTools OST Recovery
2012-03-12 15:14 . 2012-03-12 15:14 -------- d-----w- c:\program files\Image Resizer for Windows
2012-03-12 15:14 . 2012-03-12 15:14 -------- d-----w- c:\program files (x86)\Image Resizer for Windows
2012-03-09 19:25 . 2012-03-09 19:25 -------- d-----w- c:\users\brar\AppData\Local\IsolatedStorage
2012-03-02 20:05 . 2012-03-02 20:05 -------- d-----w- c:\users\brar\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 12:27 . 2011-10-21 17:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 13:53 . 2011-12-01 22:31 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-02-02 14:47 . 2012-02-02 14:44 65536 ----a-w- c:\windows\IFinst27.exe
2012-02-01 15:24 . 2012-02-01 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-29 11:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 20:12 . 2011-10-21 17:49 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 15:47 . 2012-01-23 15:47 0 ----a-w- c:\windows\invcol.tmp
2012-01-14 04:06 . 2012-02-23 13:38 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 16:34 . 2012-01-12 16:34 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 16:34 . 2012-01-12 16:34 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 16:33 . 2012-01-12 16:33 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-12 16:33 . 2012-01-12 16:33 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 16:33 . 2012-01-12 16:33 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-12 16:33 . 2012-01-12 16:33 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-12 16:33 . 2012-01-12 16:33 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 16:33 . 2012-01-12 16:33 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-12 16:33 . 2012-01-12 16:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 16:33 . 2012-01-12 16:33 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 16:33 . 2012-01-12 16:33 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 16:33 . 2012-01-12 16:33 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 16:33 . 2012-01-12 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-12 16:33 . 2012-01-12 16:33 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-12 16:33 . 2012-01-12 16:33 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 16:33 . 2012-01-12 16:33 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-12 16:31 . 2012-01-12 16:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 16:31 . 2012-01-12 16:31 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 16:31 . 2012-01-12 16:31 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 16:31 . 2012-01-12 16:31 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 16:29 . 2012-01-12 16:29 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 16:29 . 2012-01-12 16:29 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 22:01 . 2012-01-11 22:01 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-11 22:01 . 2012-01-11 22:01 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-11 22:01 . 2012-01-11 22:01 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-11 22:01 . 2012-01-11 22:01 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-30 23:02 . 2011-12-13 22:05 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-29_12.27.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-29 14:05 64788 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-29 12:14 44436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 16:14 44436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-05 16:11 . 2012-03-29 16:14 16614 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2983136120-1425134638-3266412980-2279_UserData.bin
+ 2011-12-01 20:42 . 2012-03-29 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-01 20:42 . 2012-03-28 13:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-01 20:42 . 2012-03-29 13:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-01 20:42 . 2012-03-28 13:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 13:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-29 12:12 . 2012-03-29 12:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 16:12 . 2012-03-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 16:12 . 2012-03-29 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-29 12:12 . 2012-03-29 12:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-01 21:15 . 2012-03-29 13:56 616416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-01 21:15 . 2012-03-25 22:24 616416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-03-28 22:01 432408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-29 16:11 432408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-02 16:28 . 2012-03-29 16:11 27361832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2983136120-1425134638-3266412980-2279-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2010-01-16 14336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Logitech H760"="c:\program files (x86)\Logitech\H760\H760.exe" [2010-07-09 275800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
c:\users\brar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech H760 Product Registration.lnk - c:\program files (x86)\Logitech\H760\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 NUServer64;Network USB Server Device ;c:\windows\system32\DRIVERS\NUServer64.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Fog Service;Fog Service;c:\program files (x86)\FOG\FOGService.exe [2011-06-15 10752]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2011-05-19 2016504]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 61257411
*Deregistered* - 61257411
*Deregistered* - aswMBR
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\brar\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2839840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2012-02-04 907776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Click to &Dial - file:///c:\program files (x86)\Avaya\Avaya one-X Communicator\Context.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: boydbros.com\bbt-bit9.boydimage
TCP: DhcpNameServer = 192.168.1.5
FF - ProfilePath - c:\users\brar\AppData\Roaming\Mozilla\Firefox\Profiles\mb8uqvqi.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.boydbros.com/cgi/CD01.PGM|https://footprints.pruittcom.com/MRcgi/MRhomepage.pl?USER=rbranton&PROJECTID=2&MRP=A9HPkYo&OPTION=none&WRITECACHE=1&FIRST_TIME_IN_FP=1&FIRST_TIME_IN_PROJ=1&|https://solarwinds.pruittcom.com/Orion/Login.aspx?ReturnUrl=%2fOrion%2fSummaryView.aspx|https://10.94.1.67:3780/login.html|https://cp.appriver.com/Login.aspx?ReturnUrl=%2fAdmin%2fUsers.aspx|https://10.94.1.58:9443/mng/login/pages/loginPage.jsf|http://192.168.1.119/fog/management/|http://bbt-cl1-spice:9675/dashboard
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{65134FDF-F8A5-4B3D-91D9-CDF273CFD578}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4c,00,
61,97,b6,53,0e,ee,cf,8e,b2,76,91,91,6c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E6DF0B46-7D6F-407A-A6A2-62D17A021A9A}"=hex:51,66,7a,6c,4c,1d,38,12,28,08,cc,
e2,5d,33,14,05,d9,b4,21,91,7f,5c,5e,8e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6d,a2,84,c9,26,08,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,b2,49,3a,40,06,d6,4e,8a,c8,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,b2,49,3a,40,06,d6,4e,8a,c8,c0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 13:44:09
ComboFix-quarantined-files.txt 2012-03-29 18:44
ComboFix2.txt 2012-03-29 12:28
.
Pre-Run: 95,832,567,808 bytes free
Post-Run: 95,763,587,072 bytes free
.
- - End Of File - - 5BAAC46DB1F176537FB95F5ACE5A192C

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 01:53 PM

Hello

Lets check if all your programs are up to date so it does not happen again.

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 March 2012 - 01:56 PM

I believe this is what you are looking for...

AccelerometerP11
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Avaya one-X® Communicator
CraftBukkit
CyberLink PowerDVD 9.5
D3DX10
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Driver Download Manager
Dell Webcam Central
Digsby
Dokan Library 0.6.0
doubleTwist
Dropbox
DVR Viewer
ESET Remote Administrator Console
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.2
FOG Service
Game Booster 3
GIMP 2.6.11
GoToMeeting 5.1.0.880
IBM i Access for Windows MRI
Image Resizer for Windows
ImgBurn
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Junk Mail filter update
LANsurveyor Express
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft ReportViewer 2010 Redistributable
Microsoft Silverlight
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
O2Micro Flash Memory Card Windows Driver
OpenAL
PuTTY version 0.61
QuickTime
R-Studio 5.4
R-Studio Emergency GUI Startup Media Creator 5.4
Revo Uninstaller 1.93
RSDLite
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Startup Delayer v3.0 (build 321)
System Requirements Lab for Intel
SysTools OST Recovery v3.3
TrueCrypt
UltraVnc
Uninstall EyeMax DVR Client
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 2.0.1
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMerge 2.12.4
WinPcap 3.0
World of Tanks v.0.7.1.1
WOT Tank Viewer version 0.3.2

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 01:57 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 22
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Xtil

Xtil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 March 2012 - 02:20 PM

seems to be running smooth just a little sluggish on boot. I am not seeing the Happili.com anymore.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
brar :: BBT-CL1-IS-BRAR [administrator]

3/29/2012 2:14:24 PM
mbam-log-2012-03-29 (14-14-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239517
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:19:01 PM, on 3/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Logitech H760] C:\Program Files (x86)\Logitech\H760\H760.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: Logitech H760 Product Registration.lnk = C:\Program Files (x86)\Logitech\H760\eReg.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O8 - Extra context menu item: Click to &Dial - file:///C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Context.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://bbt-bit9.boydimage.boydbros.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = boydimage.boydbros.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = boydimage.boydbros.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = boydimage.boydbros.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FOG Service (Fog Service) - FOG - C:\Program Files (x86)\FOG\FOGService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iClarityQoSService - Avaya Inc. - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - c:\Windows\SysWOW64\srvany.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NTRU TSS v1.2.1.36 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

--
End of file - 14307 bytes

Edited by Xtil, 29 March 2012 - 02:30 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 29 March 2012 - 02:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users