Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 nginx error leading to happili virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 BSFD

BSFD

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 30 March 2012 - 03:57 PM

Hello,

I am new to this forum and wanted to get some help since my computer has been acting up lately.

Initially I used firefox 2 days ago and started to get a 404 google nginx error when I used google. I noticed searches didn't have a autofill fuction and when I clicked on images on the top, it redirected me to a google image search engine as opposed to just providing the images for the initial search I had.

After looking into the problem, I tried to solve it by looking at the host files and wasn't able to fix it.

All of a sudden, my firefox started to redirect me to happili search engine and eventually got to a point where my computer slowed down considerably and my FF doesn't open at all. (Must use IE on that computer which also runs extremely slow)

It seems like I messed up my situation more than I thought over the last 2 days of trying to solve the problem. (Tried using combo fix which stopped at stage 48... It was a direct dl somewhere online on a topic similar to mine and I used it without knowing that I should have taken my time to read through its use only when mentioned to do so by someone who knew what they were doing...)

I am somewhat lost now after trying a few things and would like some assistance. Please let me know what to provide and I will do my best to provide it asap.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 30 March 2012 - 11:12 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 31 March 2012 - 01:52 PM

DDS shown below:


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Paul at 12:32:11 on 2012-03-31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1451 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\jdk1.6.0_23\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\jdk1.6.0_23\bin\jp2ssv.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [NIRegistrationWizard] c:\program files\national instruments\shared\registrationwizard\bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NI Background Service] c:\program files\national instruments\shared\update service\niupdate.exe
mRun: [niDevMon] c:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vQKjDyPeBbSvEb.exe] c:\programdata\vQKjDyPeBbSvEb.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\paul\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{540D0EA9-B5B8-4429-B6B2-68A8708363E5} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\18lo4ocf.default\
FF - component: c:\program files\pc tools\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\jdk1.6.0_23\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\jdk1.6.0_23\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIMAQAXControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2010win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\drivers\niede.sys [2010-6-15 32432]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2010-3-24 15448]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\system32\drivers\nipxibaf.sys [2010-6-21 58504]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\system32\drivers\nipxibrc.sys [2010-6-21 42136]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\national instruments\shared\ni webserver\ApplicationWebServer.exe [2010-6-22 47776]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2010-3-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2010-6-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2010-7-30 194224]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-6-14 11416]
S2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2010-6-17 19608]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-6-23 11432]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-5 20104]
S3 lwldr18a;CRi USB Loader Driver (lwldr18a.sys);c:\windows\system32\drivers\lwldr18a.sys [2011-12-16 53608]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-6-21 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-6-21 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-6-21 22608]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-7-2 11352]
S3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-10-31 11952]
S3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2010-10-31 11912]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-10-31 11920]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-6-11 11432]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-10-29 11920]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-10-31 11928]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-10-31 11920]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-10-31 11920]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2010-7-11 11936]
S3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2010-6-21 11384]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-8-24 11360]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-9-27 11976]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-7-11 11944]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-7-11 11952]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-7-14 11944]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-10-26 11968]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-10-26 11968]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-6-14 21144]
S3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-10-31 11912]
S3 NiRioRpc;National Instruments RIO Server;c:\windows\system32\NiRioRpc.exe [2010-6-26 31880]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-7-12 11960]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-1 11936]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-7-14 11928]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-7-12 11960]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-10-31 11920]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-1-5 11312]
S3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-9-27 11912]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-8-31 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2010-7-13 11912]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-7-12 11944]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-10-31 11944]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-6-23 11432]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-10-31 11920]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-10-31 11920]
S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2008-11-26 333824]
S3 USBlwcam18a;CRi 18a Camera;c:\windows\system32\drivers\lwcam18a.sys [2011-12-16 471144]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-8 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-31 19:32:08 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c258d192-e8e6-4289-933c-2e9390986019}\offreg.dll
2012-03-30 06:44:17 -------- d-s---w- C:\ComboFix
2012-03-30 01:11:29 98816 ----a-w- c:\windows\sed.exe
2012-03-30 01:11:29 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 01:11:29 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 01:11:29 208896 ----a-w- c:\windows\MBR.exe
2012-03-30 00:18:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 23:22:18 99328 ----a-w- c:\programdata\415W8IXs.exe
2012-03-29 23:20:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 18:48:28 -------- d-----w- c:\users\paul\appdata\local\Threat Expert
2012-03-29 17:53:32 -------- d-----w- c:\users\paul\appdata\roaming\Spam Monitor
2012-03-29 17:53:32 -------- d-----w- c:\users\paul\appdata\roaming\PC Tools
2012-03-29 17:47:00 -------- d-----w- c:\program files\PC Tools
2012-03-29 17:44:07 -------- d-----w- c:\program files\common files\PC Tools
2012-03-29 17:36:18 -------- d-----w- c:\programdata\PC Tools
2012-03-29 17:36:17 -------- d-----w- c:\users\paul\appdata\roaming\TestApp
2012-03-29 17:04:12 -------- d-----w- c:\users\paul\appdata\roaming\ParetoLogic
2012-03-29 17:04:12 -------- d-----w- c:\users\paul\appdata\roaming\DriverCure
2012-03-29 17:03:56 -------- d-----w- c:\programdata\ParetoLogic
2012-03-29 17:03:56 -------- d-----w- c:\program files\ParetoLogic
2012-03-20 04:57:42 -------- d-----w- c:\users\paul\appdata\local\{C811F6BE-019A-4204-A8C6-DAE30D92C233}
2012-03-20 04:57:29 -------- d-----w- c:\users\paul\appdata\local\{DF28B890-9A9F-4607-A22B-87B44FCAAB21}
.
==================== Find3M ====================
.
2012-03-30 00:36:22 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-09 08:52:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:33:20.68 ===============


Some problems that occurred was:
1. computer running extremely sluggish compared to yesterday both online as well as normal functions (opening folders, saving files, etc).
2. downloaded DDS but wasn't able to run until I did it in safe mode.

Just wanted to know if future programs should be downloaded and just run in safe mode?

Thank you for taking the time to help me out and I will do my best to reply with logs asap.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 31 March 2012 - 08:05 PM

Hello

Always try first in normal mode.

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 April 2012 - 01:57 AM

Hello Gringo,

I just wanted to quickly update you with what has been going on with my computer.

I was running Combofix which strangely took longer than I expected. It has been on and running for almost a day now and it is currently at stage 49. I just wanted to note that a majority of the time, the prompt was on stage 48 (at least 4/5 of the time was at stage 48 and it recently went to 49 within the last hour of posting this reply.)

Is this common? I know Combofix sometimes takes longer but I wasn't sure if it could go this long.

I'll let it run until it produces a log and if any other issues arise in the future, I'll be sure to reply on this thread.

#6 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 April 2012 - 12:43 PM

Combofix log is shown below:



ComboFix 12-04-01.01 - Paul 04/01/2012 23:06:47.4.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1194 [GMT -7:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\415W8IXs.exe
c:\users\Paul\AppData\Local\assembly\tmp
c:\users\Paul\AppData\Roaming\completescan
c:\users\Paul\AppData\Roaming\install
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At17.job
c:\windows\$NtUninstallKB41462$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 10:08 . 2012-04-03 10:12 -------- d-----w- c:\users\Paul\AppData\Local\temp
2012-04-03 10:08 . 2012-04-03 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 05:06 . 2012-04-03 10:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C258D192-E8E6-4289-933C-2E9390986019}\offreg.dll
2012-03-30 00:18 . 2012-03-30 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 23:20 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 18:48 . 2012-03-29 18:48 -------- d-----w- c:\users\Paul\AppData\Local\Threat Expert
2012-03-29 17:53 . 2012-03-29 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\Spam Monitor
2012-03-29 17:53 . 2012-03-29 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Tools
2012-03-29 17:47 . 2012-03-29 17:47 -------- d-----w- c:\program files\PC Tools
2012-03-29 17:44 . 2012-03-29 23:10 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-29 17:36 . 2012-03-29 17:51 -------- d-----w- c:\programdata\PC Tools
2012-03-29 17:36 . 2012-03-29 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\TestApp
2012-03-29 17:04 . 2012-03-29 17:04 -------- d-----w- c:\users\Paul\AppData\Roaming\ParetoLogic
2012-03-29 17:04 . 2012-03-29 17:04 -------- d-----w- c:\users\Paul\AppData\Roaming\DriverCure
2012-03-29 17:03 . 2012-03-29 17:33 -------- d-----w- c:\programdata\ParetoLogic
2012-03-29 17:03 . 2012-03-29 17:03 -------- d-----w- c:\program files\ParetoLogic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 00:36 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-09 08:52 . 2011-12-04 03:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-05-25 01:39 . 2010-05-25 01:39 43608 ----a-w- c:\program files\internet explorer\plugins\IMAQActiveXControl.dll
2010-09-16 21:35 . 2010-09-16 21:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 21:50 . 2008-12-10 21:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-05-25 19:43 . 2010-05-25 19:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\program files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\niupdate.exe" [2010-08-10 77824]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 20104]
R3 lwldr18a;CRi USB Loader Driver (lwldr18a.sys);c:\windows\system32\Drivers\lwldr18a.sys [2010-11-04 53608]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-06-21 26192]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-06-21 11344]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-06-21 22608]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-07-02 11352]
R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-11-01 11952]
R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2010-11-01 11912]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-11-01 11920]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-10-29 11920]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-11-01 11928]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-11-01 11920]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-11-01 11920]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2010-07-11 11936]
R3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2010-06-21 11384]
R3 niimaqk;NI-IMAQ Driver;c:\windows\system32\drivers\niimaqk.sys [x]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-09-27 11976]
R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [x]
R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [x]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-07-11 11952]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-10-27 11968]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-10-27 11968]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 21144]
R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-11-01 11912]
R3 NiRioRpc;National Instruments RIO Server;c:\windows\system32\NiRioRpc.exe [2010-06-26 31880]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 11960]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 11936]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 11928]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 11960]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-11-01 11920]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11312]
R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-09-27 11912]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11360]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2010-07-13 11912]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-07-13 11944]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-11-01 11944]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11432]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-11-01 11920]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 USBlwcam18a;CRi 18a Camera;c:\windows\system32\Drivers\lwcam18a.sys [2010-11-04 471144]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 15448]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2010-06-21 58504]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2010-06-21 42136]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-23 47776]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-06-14 11416]
S2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2010-06-17 19608]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11432]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11432]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 32432]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11360]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-07-11 11944]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-11-01 11920]
S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\18lo4ocf.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-vQKjDyPeBbSvEb.exe - c:\programdata\vQKjDyPeBbSvEb.exe
SafeBoot-46728264.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-929556980-4212560544-2375974545-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-929556980-4212560544-2375974545-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4688)
c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\nipxism.exe
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-03 03:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 10:18
.
Pre-Run: 122,740,355,072 bytes free
Post-Run: 123,376,009,216 bytes free
.
- - End Of File - - 76F88F578230DC3181310B7D2F528166



Problems were listed in the post above this one which discussed the long ComboFix running time.

As for how the computer is doing right now, FF still doesn't work but IE does, happili searches still pop up when trying to use google as well. It seems like it is running the same as before. Extremely sluggish and FF does not work.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 04 April 2012 - 12:16 AM

Greetings

I want you to uninstall firefox and if asked about user data or settings then remove these also then reinstall again

then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 04 April 2012 - 06:06 PM

TDSSKiller log:

12:45:34.0149 2004 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
12:45:34.0630 2004 ============================================================
12:45:34.0631 2004 Current date / time: 2012/04/04 12:45:34.0630
12:45:34.0631 2004 SystemInfo:
12:45:34.0631 2004
12:45:34.0631 2004 OS Version: 6.1.7600 ServicePack: 0.0
12:45:34.0631 2004 Product type: Workstation
12:45:34.0631 2004 ComputerName: PAUL-PC
12:45:34.0631 2004 UserName: Paul
12:45:34.0631 2004 Windows directory: C:\Windows
12:45:34.0631 2004 System windows directory: C:\Windows
12:45:34.0631 2004 Processor architecture: Intel x86
12:45:34.0631 2004 Number of processors: 1
12:45:34.0631 2004 Page size: 0x1000
12:45:34.0631 2004 Boot type: Normal boot
12:45:34.0631 2004 ============================================================
12:45:35.0353 2004 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:45:35.0356 2004 Drive \Device\Harddisk1\DR1 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:45:35.0357 2004 \Device\Harddisk0\DR0:
12:45:35.0357 2004 MBR used
12:45:35.0357 2004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
12:45:35.0357 2004 \Device\Harddisk1\DR1:
12:45:35.0358 2004 MBR used
12:45:35.0384 2004 Initialize success
12:45:35.0384 2004 ============================================================
12:45:36.0259 1848 ============================================================
12:45:36.0259 1848 Scan started
12:45:36.0259 1848 Mode: Manual;
12:45:36.0259 1848 ============================================================
12:45:36.0841 1848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:45:36.0843 1848 1394ohci - ok
12:45:36.0900 1848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:45:36.0906 1848 ACPI - ok
12:45:37.0036 1848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:45:37.0039 1848 AcpiPmi - ok
12:45:37.0135 1848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:37.0140 1848 adp94xx - ok
12:45:37.0232 1848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:37.0235 1848 adpahci - ok
12:45:37.0333 1848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:37.0334 1848 adpu320 - ok
12:45:37.0393 1848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:45:37.0394 1848 AeLookupSvc - ok
12:45:37.0483 1848 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:45:37.0487 1848 AFD - ok
12:45:37.0565 1848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:45:37.0565 1848 agp440 - ok
12:45:37.0647 1848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:45:37.0648 1848 aic78xx - ok
12:45:37.0816 1848 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
12:45:37.0852 1848 ALCXWDM - ok
12:45:37.0967 1848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:45:37.0968 1848 ALG - ok
12:45:38.0018 1848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:45:38.0019 1848 aliide - ok
12:45:38.0062 1848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:45:38.0063 1848 amdagp - ok
12:45:38.0094 1848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:45:38.0094 1848 amdide - ok
12:45:38.0218 1848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:38.0218 1848 AmdK8 - ok
12:45:38.0291 1848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:38.0292 1848 AmdPPM - ok
12:45:38.0334 1848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
12:45:38.0335 1848 amdsata - ok
12:45:38.0413 1848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:38.0415 1848 amdsbs - ok
12:45:38.0486 1848 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
12:45:38.0489 1848 amdxata - ok
12:45:38.0555 1848 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:45:38.0556 1848 AppID - ok
12:45:38.0607 1848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:45:38.0608 1848 AppIDSvc - ok
12:45:38.0674 1848 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
12:45:38.0675 1848 Appinfo - ok
12:45:38.0829 1848 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:38.0831 1848 Apple Mobile Device - ok
12:45:38.0940 1848 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:45:38.0942 1848 AppMgmt - ok
12:45:39.0010 1848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:45:39.0011 1848 arc - ok
12:45:39.0055 1848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:39.0057 1848 arcsas - ok
12:45:39.0156 1848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:39.0157 1848 AsyncMac - ok
12:45:39.0201 1848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:45:39.0202 1848 atapi - ok
12:45:39.0287 1848 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:45:39.0292 1848 AudioEndpointBuilder - ok
12:45:39.0316 1848 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:45:39.0324 1848 Audiosrv - ok
12:45:39.0416 1848 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
12:45:39.0416 1848 AxInstSV - ok
12:45:39.0492 1848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:45:39.0496 1848 b06bdrv - ok
12:45:39.0591 1848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:45:39.0594 1848 b57nd60x - ok
12:45:39.0662 1848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:45:39.0663 1848 BDESVC - ok
12:45:39.0718 1848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:45:39.0719 1848 Beep - ok
12:45:39.0833 1848 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
12:45:39.0837 1848 BFE - ok
12:45:39.0895 1848 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
12:45:39.0903 1848 BITS - ok
12:45:39.0960 1848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:39.0961 1848 blbdrive - ok
12:45:40.0063 1848 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:45:40.0064 1848 bowser - ok
12:45:40.0105 1848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:40.0106 1848 BrFiltLo - ok
12:45:40.0194 1848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:40.0195 1848 BrFiltUp - ok
12:45:40.0305 1848 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:45:40.0307 1848 BridgeMP - ok
12:45:40.0370 1848 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
12:45:40.0371 1848 Browser - ok
12:45:40.0431 1848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:45:40.0434 1848 Brserid - ok
12:45:40.0526 1848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:40.0527 1848 BrSerWdm - ok
12:45:40.0564 1848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:40.0564 1848 BrUsbMdm - ok
12:45:40.0620 1848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:40.0623 1848 BrUsbSer - ok
12:45:40.0662 1848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:40.0663 1848 BTHMODEM - ok
12:45:40.0774 1848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:45:40.0775 1848 bthserv - ok
12:45:40.0845 1848 catchme - ok
12:45:40.0958 1848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:40.0959 1848 cdfs - ok
12:45:41.0024 1848 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:41.0026 1848 cdrom - ok
12:45:41.0133 1848 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:45:41.0134 1848 CertPropSvc - ok
12:45:41.0231 1848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:45:41.0232 1848 circlass - ok
12:45:41.0361 1848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:45:41.0364 1848 CLFS - ok
12:45:41.0452 1848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:41.0454 1848 clr_optimization_v2.0.50727_32 - ok
12:45:41.0539 1848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:41.0539 1848 CmBatt - ok
12:45:41.0602 1848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:45:41.0605 1848 cmdide - ok
12:45:41.0664 1848 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:45:41.0666 1848 CNG - ok
12:45:41.0740 1848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:41.0740 1848 Compbatt - ok
12:45:41.0789 1848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:45:41.0790 1848 CompositeBus - ok
12:45:41.0857 1848 COMSysApp - ok
12:45:41.0927 1848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:41.0927 1848 crcdisk - ok
12:45:42.0012 1848 CrypKey License (2177a0f611584bca1dfdd7eeb35c0224) C:\Windows\system32\crypserv.exe
12:45:42.0014 1848 CrypKey License - ok
12:45:42.0133 1848 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
12:45:42.0135 1848 CryptSvc - ok
12:45:42.0242 1848 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:45:42.0247 1848 CSC - ok
12:45:42.0298 1848 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
12:45:42.0304 1848 CscService - ok
12:45:42.0409 1848 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
12:45:42.0409 1848 cvintdrv - ok
12:45:42.0494 1848 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:45:42.0514 1848 DcomLaunch - ok
12:45:42.0596 1848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:45:42.0599 1848 defragsvc - ok
12:45:42.0674 1848 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:45:42.0675 1848 DfsC - ok
12:45:42.0785 1848 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
12:45:42.0788 1848 Dhcp - ok
12:45:42.0841 1848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:45:42.0842 1848 discache - ok
12:45:42.0933 1848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:45:42.0934 1848 Disk - ok
12:45:42.0989 1848 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
12:45:42.0992 1848 Dnscache - ok
12:45:43.0044 1848 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
12:45:43.0047 1848 dot3svc - ok
12:45:43.0112 1848 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
12:45:43.0114 1848 DPS - ok
12:45:43.0171 1848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:45:43.0172 1848 drmkaud - ok
12:45:43.0235 1848 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:43.0241 1848 DXGKrnl - ok
12:45:43.0322 1848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:45:43.0325 1848 EapHost - ok
12:45:43.0492 1848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:45:43.0518 1848 ebdrv - ok
12:45:43.0617 1848 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
12:45:43.0619 1848 EFS - ok
12:45:43.0688 1848 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
12:45:43.0693 1848 ehRecvr - ok
12:45:43.0731 1848 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:45:43.0733 1848 ehSched - ok
12:45:43.0864 1848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:43.0896 1848 elxstor - ok
12:45:43.0930 1848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:45:43.0931 1848 ErrDev - ok
12:45:44.0001 1848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:45:44.0005 1848 EventSystem - ok
12:45:44.0115 1848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:45:44.0117 1848 exfat - ok
12:45:44.0161 1848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:45:44.0162 1848 fastfat - ok
12:45:44.0258 1848 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
12:45:44.0264 1848 Fax - ok
12:45:44.0346 1848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:45:44.0347 1848 fdc - ok
12:45:44.0393 1848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:45:44.0395 1848 fdPHost - ok
12:45:44.0449 1848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:45:44.0450 1848 FDResPub - ok
12:45:44.0483 1848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:45:44.0484 1848 FileInfo - ok
12:45:44.0563 1848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:45:44.0564 1848 Filetrace - ok
12:45:44.0666 1848 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:45:44.0685 1848 FLEXnet Licensing Service - ok
12:45:44.0791 1848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:44.0792 1848 flpydisk - ok
12:45:44.0834 1848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:45:44.0838 1848 FltMgr - ok
12:45:44.0901 1848 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
12:45:44.0910 1848 FontCache - ok
12:45:45.0022 1848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:45:45.0023 1848 FontCache3.0.0.0 - ok
12:45:45.0110 1848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:45:45.0111 1848 FsDepends - ok
12:45:45.0197 1848 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
12:45:45.0198 1848 fssfltr - ok
12:45:45.0327 1848 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:45:45.0339 1848 fsssvc - ok
12:45:45.0439 1848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:45.0440 1848 Fs_Rec - ok
12:45:45.0522 1848 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
12:45:45.0523 1848 FTDIBUS - ok
12:45:45.0579 1848 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
12:45:45.0580 1848 FTSER2K - ok
12:45:45.0698 1848 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:45.0701 1848 fvevol - ok
12:45:45.0764 1848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:45.0765 1848 gagp30kx - ok
12:45:45.0872 1848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:45:45.0873 1848 GEARAspiWDM - ok
12:45:45.0935 1848 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
12:45:45.0941 1848 gpsvc - ok
12:45:45.0992 1848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:45:45.0993 1848 hcw85cir - ok
12:45:46.0085 1848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:45:46.0089 1848 HDAudBus - ok
12:45:46.0134 1848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:46.0134 1848 HidBatt - ok
12:45:46.0190 1848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:46.0191 1848 HidBth - ok
12:45:46.0289 1848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:45:46.0290 1848 HidIr - ok
12:45:46.0346 1848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:45:46.0348 1848 hidserv - ok
12:45:46.0577 1848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:46.0578 1848 HidUsb - ok
12:45:46.0673 1848 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
12:45:46.0676 1848 hkmsvc - ok
12:45:46.0711 1848 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
12:45:46.0714 1848 HomeGroupListener - ok
12:45:46.0761 1848 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
12:45:46.0765 1848 HomeGroupProvider - ok
12:45:46.0869 1848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:45:46.0870 1848 HpSAMD - ok
12:45:46.0929 1848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:45:46.0935 1848 HTTP - ok
12:45:46.0967 1848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:45:46.0968 1848 hwpolicy - ok
12:45:47.0089 1848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:45:47.0090 1848 i8042prt - ok
12:45:47.0150 1848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
12:45:47.0153 1848 iaStorV - ok
12:45:47.0271 1848 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:45:47.0278 1848 idsvc - ok
12:45:47.0382 1848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:47.0383 1848 iirsp - ok
12:45:47.0466 1848 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
12:45:47.0473 1848 IKEEXT - ok
12:45:47.0518 1848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:45:47.0519 1848 intelide - ok
12:45:47.0635 1848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:47.0636 1848 intelppm - ok
12:45:47.0697 1848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:45:47.0700 1848 IPBusEnum - ok
12:45:47.0731 1848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:47.0732 1848 IpFilterDriver - ok
12:45:47.0863 1848 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
12:45:47.0869 1848 iphlpsvc - ok
12:45:47.0943 1848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:45:47.0944 1848 IPMIDRV - ok
12:45:47.0985 1848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:45:47.0986 1848 IPNAT - ok
12:45:48.0099 1848 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
12:45:48.0106 1848 iPod Service - ok
12:45:48.0218 1848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:45:48.0218 1848 IRENUM - ok
12:45:48.0267 1848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:45:48.0268 1848 isapnp - ok
12:45:48.0324 1848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:45:48.0326 1848 iScsiPrt - ok
12:45:48.0412 1848 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
12:45:48.0413 1848 ISODrive - ok
12:45:48.0525 1848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:48.0526 1848 kbdclass - ok
12:45:48.0575 1848 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:48.0575 1848 kbdhid - ok
12:45:48.0625 1848 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:45:48.0627 1848 KeyIso - ok
12:45:48.0708 1848 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:45:48.0708 1848 KSecDD - ok
12:45:48.0756 1848 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:48.0758 1848 KSecPkg - ok
12:45:48.0815 1848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:45:48.0819 1848 KtmRm - ok
12:45:48.0922 1848 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
12:45:48.0927 1848 LanmanServer - ok
12:45:48.0990 1848 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
12:45:48.0995 1848 LanmanWorkstation - ok
12:45:49.0129 1848 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\system32\lkcitdl.exe
12:45:49.0137 1848 LkCitadelServer - ok
12:45:49.0172 1848 lkClassAds (4cf1212843e92442265e61f945fdd7bc) C:\Windows\system32\lkads.exe
12:45:49.0174 1848 lkClassAds - ok
12:45:49.0212 1848 lkTimeSync (37f285d5645a4b01c2e2c98246436811) C:\Windows\system32\lktsrv.exe
12:45:49.0214 1848 lkTimeSync - ok
12:45:49.0333 1848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:49.0333 1848 lltdio - ok
12:45:49.0389 1848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:45:49.0393 1848 lltdsvc - ok
12:45:49.0424 1848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:45:49.0426 1848 lmhosts - ok
12:45:49.0545 1848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:49.0546 1848 LSI_FC - ok
12:45:49.0595 1848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:49.0596 1848 LSI_SAS - ok
12:45:49.0737 1848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:49.0738 1848 LSI_SAS2 - ok
12:45:49.0782 1848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:49.0783 1848 LSI_SCSI - ok
12:45:49.0831 1848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:45:49.0832 1848 luafv - ok
12:45:49.0942 1848 lvalarmk (bad54f937b43f0e75db242c1f40c2dcf) C:\Windows\system32\drivers\lvalarmk.sys
12:45:49.0943 1848 lvalarmk - ok
12:45:50.0016 1848 lwldr18a (ef1deb4a2be5b5a0214308a58739e08a) C:\Windows\system32\Drivers\lwldr18a.sys
12:45:50.0017 1848 lwldr18a - ok
12:45:50.0064 1848 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
12:45:50.0066 1848 Mcx2Svc - ok
12:45:50.0178 1848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:45:50.0179 1848 megasas - ok
12:45:50.0231 1848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:50.0233 1848 MegaSR - ok
12:45:50.0283 1848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:45:50.0286 1848 MMCSS - ok
12:45:50.0389 1848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:45:50.0390 1848 Modem - ok
12:45:50.0443 1848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:45:50.0444 1848 monitor - ok
12:45:50.0505 1848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:50.0506 1848 mouclass - ok
12:45:50.0605 1848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:50.0607 1848 mouhid - ok
12:45:50.0682 1848 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:45:50.0683 1848 mountmgr - ok
12:45:50.0726 1848 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:45:50.0727 1848 mpio - ok
12:45:50.0794 1848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:45:50.0795 1848 mpsdrv - ok
12:45:50.0878 1848 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
12:45:50.0885 1848 MpsSvc - ok
12:45:50.0942 1848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:45:50.0944 1848 MRxDAV - ok
12:45:51.0040 1848 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:51.0041 1848 mrxsmb - ok
12:45:51.0096 1848 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:51.0099 1848 mrxsmb10 - ok
12:45:51.0144 1848 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:51.0145 1848 mrxsmb20 - ok
12:45:51.0240 1848 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:45:51.0241 1848 msahci - ok
12:45:51.0327 1848 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
12:45:51.0329 1848 MSCamSvc - ok
12:45:51.0440 1848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:45:51.0442 1848 msdsm - ok
12:45:51.0490 1848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:45:51.0493 1848 MSDTC - ok
12:45:51.0536 1848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:45:51.0539 1848 Msfs - ok
12:45:51.0573 1848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:51.0574 1848 mshidkmdf - ok
12:45:51.0696 1848 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
12:45:51.0697 1848 MSHUSBVideo - ok
12:45:51.0756 1848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:45:51.0757 1848 msisadrv - ok
12:45:51.0821 1848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:45:51.0823 1848 MSiSCSI - ok
12:45:51.0899 1848 msiserver - ok
12:45:52.0005 1848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:52.0006 1848 MSKSSRV - ok
12:45:52.0055 1848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:52.0056 1848 MSPCLOCK - ok
12:45:52.0082 1848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:45:52.0083 1848 MSPQM - ok
12:45:52.0124 1848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:45:52.0125 1848 MsRPC - ok
12:45:52.0250 1848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:45:52.0250 1848 mssmbios - ok
12:45:52.0421 1848 MSSQL$SQLEXPRESS - ok
12:45:52.0541 1848 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:45:52.0541 1848 MSSQLServerADHelper100 - ok
12:45:52.0667 1848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:45:52.0668 1848 MSTEE - ok
12:45:52.0871 1848 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
12:45:52.0893 1848 msvsmon80 - ok
12:45:53.0030 1848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:53.0031 1848 MTConfig - ok
12:45:53.0101 1848 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
12:45:53.0102 1848 MTsensor - ok
12:45:53.0145 1848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:45:53.0146 1848 Mup - ok
12:45:53.0266 1848 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files\National Instruments\MAX\nimxs.exe
12:45:53.0266 1848 mxssvr - ok
12:45:53.0373 1848 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
12:45:53.0378 1848 napagent - ok
12:45:53.0448 1848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:53.0451 1848 NativeWifiP - ok
12:45:53.0560 1848 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:45:53.0566 1848 NDIS - ok
12:45:53.0625 1848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:53.0625 1848 NdisCap - ok
12:45:53.0730 1848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:53.0731 1848 NdisTapi - ok
12:45:53.0764 1848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:53.0765 1848 Ndisuio - ok
12:45:53.0802 1848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:53.0806 1848 NdisWan - ok
12:45:53.0862 1848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:45:53.0863 1848 NDProxy - ok
12:45:53.0966 1848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:45:53.0967 1848 NetBIOS - ok
12:45:54.0002 1848 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:45:54.0007 1848 NetBT - ok
12:45:54.0058 1848 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:45:54.0061 1848 Netlogon - ok
12:45:54.0136 1848 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:45:54.0141 1848 Netman - ok
12:45:54.0230 1848 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:45:54.0236 1848 netprofm - ok
12:45:54.0345 1848 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:54.0347 1848 NetTcpPortSharing - ok
12:45:54.0460 1848 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\Windows\System32\ckldrv.sys
12:45:54.0461 1848 NetworkX - ok
12:45:54.0544 1848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:54.0545 1848 nfrd960 - ok
12:45:54.0585 1848 ni1006k (2ad3c955a4b2a0c82c1906f61cb297f8) C:\Windows\system32\drivers\ni1006k.sys
12:45:54.0586 1848 ni1006k - ok
12:45:54.0668 1848 ni1045k (f965ee798882b6ccf8de95af3dd18b7c) C:\Windows\system32\drivers\ni1045kl.sys
12:45:54.0669 1848 ni1045k - ok
12:45:54.0707 1848 ni1065k (a5cd3acbac593859ad03ed957b443760) C:\Windows\system32\drivers\ni1065k.sys
12:45:54.0708 1848 ni1065k - ok
12:45:54.0808 1848 NIApplicationWebServer (ef5225ed8671d406e4a84769b26147f0) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
12:45:54.0809 1848 NIApplicationWebServer - ok
12:45:54.0939 1848 nicdrk (f96bdcf214ba8a022b5755815aff0291) C:\Windows\system32\drivers\nicdrkl.sys
12:45:54.0940 1848 nicdrk - ok
12:45:54.0990 1848 nicmrk (fe37800e2dffdbab97de5992f6a200d9) C:\Windows\system32\drivers\nicmrkl.sys
12:45:54.0990 1848 nicmrk - ok
12:45:55.0014 1848 nicondrk (b33b0bf6e36ac349d3f22b8100e4b76b) C:\Windows\system32\drivers\nicondrkl.sys
12:45:55.0015 1848 nicondrk - ok
12:45:55.0042 1848 nicsrk (875425aa51c3ff321220cb7f203b0c13) C:\Windows\system32\drivers\nicsrkl.sys
12:45:55.0043 1848 nicsrk - ok
12:45:55.0118 1848 nidevldu (a3ba8a14490fdbf106939c37a125e82c) C:\Windows\system32\nipalsm.exe
12:45:55.0123 1848 nidevldu - ok
12:45:55.0251 1848 nidimk (5b49b7840d9a690a40bfea0820387372) C:\Windows\system32\drivers\nidimkl.sys
12:45:55.0252 1848 nidimk - ok
12:45:55.0305 1848 nidmxfk (71862fb2b47ee230cb4b5ef4df6864ae) C:\Windows\system32\drivers\nidmxfkl.sys
12:45:55.0306 1848 nidmxfk - ok
12:45:55.0416 1848 NIDomainService (159e95cfc105a27a2ec6d7632bb254a8) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
12:45:55.0418 1848 NIDomainService - ok
12:45:55.0544 1848 nidsark (bfbb3c5c890707105efaa939d4f4ee0f) C:\Windows\system32\drivers\nidsarkl.sys
12:45:55.0545 1848 nidsark - ok
12:45:55.0584 1848 niemrk (f30bab9dcdd43d7c32d5242ba7a2ac48) C:\Windows\system32\drivers\niemrkl.sys
12:45:55.0585 1848 niemrk - ok
12:45:55.0645 1848 niesrk (9b57bb022f9018e6b2ff2703f5c0a449) C:\Windows\system32\drivers\niesrkl.sys
12:45:55.0645 1848 niesrk - ok
12:45:55.0755 1848 NIEthernetDeviceEnumerator (ba1a836450696c575c50ca7f34cefb46) C:\Windows\system32\DRIVERS\niede.sys
12:45:55.0756 1848 NIEthernetDeviceEnumerator - ok
12:45:55.0799 1848 nifslk (be6fb45ba370c13a81387482194a19fa) C:\Windows\system32\drivers\nifslkl.sys
12:45:55.0799 1848 nifslk - ok
12:45:55.0861 1848 niimaqdxk (16e6a4a0c7cb81d8c0ee2a8dbf81f4be) C:\Windows\system32\drivers\niimaqdxkl.sys
12:45:55.0862 1848 niimaqdxk - ok
12:45:55.0957 1848 niimaqk - ok
12:45:56.0081 1848 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
12:45:56.0088 1848 NILM License Manager - ok
12:45:56.0175 1848 niLXIDiscovery (3aaa79f03f85306005e060094b029142) C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
12:45:56.0177 1848 niLXIDiscovery - ok
12:45:56.0308 1848 nimdbgk (3759d89ba13dd30f0d165f8e8a05c3a8) C:\Windows\system32\drivers\nimdbgkl.sys
12:45:56.0308 1848 nimdbgk - ok
12:45:56.0411 1848 nimDNSResponder (2e6be65f13bb9f546ab38e1681239b90) C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
12:45:56.0413 1848 nimDNSResponder - ok
12:45:56.0528 1848 nimru2k (a4d639dd7cf0463228435beeb25d0ca2) C:\Windows\system32\drivers\nimru2kl.sys
12:45:56.0529 1848 nimru2k - ok
12:45:56.0582 1848 nimsdrk (6eeb6445ddc7adfc3d43e890f4f06e99) C:\Windows\system32\drivers\nimsdrkl.sys
12:45:56.0583 1848 nimsdrk - ok
12:45:56.0610 1848 nimslk - ok
12:45:56.0633 1848 nimsrlk - ok
12:45:56.0692 1848 nimstsk (655b435233e75742fdcfc0192bdcfe8c) C:\Windows\system32\drivers\nimstskl.sys
12:45:56.0693 1848 nimstsk - ok
12:45:56.0722 1848 nimxdfk (c1d3fe97174283dbece900a73bc5498e) C:\Windows\system32\drivers\nimxdfkl.sys
12:45:56.0723 1848 nimxdfk - ok
12:45:56.0817 1848 nimxpk (509c06e63dfc7ab4c71f358e1fe0449b) C:\Windows\system32\drivers\nimxpkl.sys
12:45:56.0818 1848 nimxpk - ok
12:45:56.0859 1848 ninshsdk (839c73aa11b60e39b7fee9fe3e202371) C:\Windows\system32\drivers\ninshsdkl.sys
12:45:56.0860 1848 ninshsdk - ok
12:45:56.0906 1848 niorbk (2ee2631f636f2cceb8f054bee79ad6c4) C:\Windows\system32\drivers\niorbkl.sys
12:45:56.0907 1848 niorbk - ok
12:45:57.0008 1848 nipalfwedl (4e561c1ff3daea7e1efb5821c8d9f9a5) C:\Windows\system32\drivers\nipalfwedl.sys
12:45:57.0009 1848 nipalfwedl - ok
12:45:57.0058 1848 NIPALK (5f8d15b6139c268c60ee7fd8411a6f8a) C:\Windows\system32\drivers\nipalk.sys
12:45:57.0063 1848 NIPALK - ok
12:45:57.0094 1848 nipalusbedl (c1a6e41472fd389f5d499ca7d5376b78) C:\Windows\system32\drivers\nipalusbedl.sys
12:45:57.0095 1848 nipalusbedl - ok
12:45:57.0139 1848 nipbcfk (96c846ab33c383583282b0375b34e9d2) C:\Windows\system32\drivers\nipbcfk.sys
12:45:57.0140 1848 nipbcfk - ok
12:45:57.0258 1848 nipxibaf (487f469717ebdafe2b933a2c449d43de) C:\Windows\system32\drivers\nipxibaf.sys
12:45:57.0259 1848 nipxibaf - ok
12:45:57.0291 1848 nipxibrc (7518a39976162f0312e7714a1f5df4fe) C:\Windows\system32\drivers\nipxibrc.sys
12:45:57.0291 1848 nipxibrc - ok
12:45:57.0325 1848 nipxigpk (159860b9418bfbc2ad6f5782cf1fe667) C:\Windows\system32\drivers\nipxigpk.sys
12:45:57.0326 1848 nipxigpk - ok
12:45:57.0363 1848 nipxirmk (f2a9ae586502774b9d1c1d790a6626b4) C:\Windows\system32\drivers\nipxirmkl.sys
12:45:57.0364 1848 nipxirmk - ok
12:45:57.0456 1848 nipxirmu (5dee05a153521be87c81fcb4d4aab6dc) C:\Windows\system32\nipxism.exe
12:45:57.0458 1848 nipxirmu - ok
12:45:57.0541 1848 niraptrk (7a75ee716f14411c386b3320f108361c) C:\Windows\system32\drivers\niraptrkl.sys
12:45:57.0542 1848 niraptrk - ok
12:45:57.0616 1848 NiRioRpc (50dfdd7b72f687d05b015082e067e5e0) C:\Windows\system32\NiRioRpc.exe
12:45:57.0619 1848 NiRioRpc - ok
12:45:57.0757 1848 niscdk (179dc92cb67bf63a096e002b60038516) C:\Windows\system32\drivers\niscdkl.sys
12:45:57.0758 1848 niscdk - ok
12:45:57.0792 1848 nisdigk (9ac3f0d19f89afa5d723b089e9477c84) C:\Windows\system32\drivers\nisdigkl.sys
12:45:57.0793 1848 nisdigk - ok
12:45:57.0884 1848 nisftk (5c764ba1f7f3b5f54b60ee2c864f8bb6) C:\Windows\system32\drivers\nisftkl.sys
12:45:57.0885 1848 nisftk - ok
12:45:57.0949 1848 nispdk (7303c44805909d3f661f9c1057faf337) C:\Windows\system32\drivers\nispdkl.sys
12:45:57.0950 1848 nispdk - ok
12:45:57.0985 1848 nissrk (4c1a1794b6f0dc80fe2817e8f44ffea4) C:\Windows\system32\drivers\nissrkl.sys
12:45:57.0986 1848 nissrk - ok
12:45:58.0014 1848 nistc2k (f3e81b7b92dd962e674018c810a3025e) C:\Windows\system32\drivers\nistc2kl.sys
12:45:58.0015 1848 nistc2k - ok
12:45:58.0084 1848 nistc3rk (f535f490c890594747225d902347c178) C:\Windows\system32\drivers\nistc3rkl.sys
12:45:58.0084 1848 nistc3rk - ok
12:45:58.0126 1848 nistcrk (3130589570081e83a1813c0b62aaca9f) C:\Windows\system32\drivers\nistcrkl.sys
12:45:58.0126 1848 nistcrk - ok
12:45:58.0204 1848 nistreamk (ca0f520b63cd0d7b296b9a13d221271d) C:\Windows\system32\drivers\nistreamkl.sys
12:45:58.0207 1848 nistreamk - ok
12:45:58.0310 1848 niSvcLoc (617b57046635d3b15634416d68528a8b) C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
12:45:58.0311 1848 niSvcLoc - ok
12:45:58.0458 1848 niswdk (fed5c82ec62112bcd339118d26a673ee) C:\Windows\system32\drivers\niswdkl.sys
12:45:58.0458 1848 niswdk - ok
12:45:58.0569 1848 NITaggerService (ad0203c2e2afaf92be528e79a38c64b5) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
12:45:58.0576 1848 NITaggerService - ok
12:45:58.0694 1848 nitiork (fe25687990f399e1c1a88cc3667f04ff) C:\Windows\system32\drivers\nitiorkl.sys
12:45:58.0695 1848 nitiork - ok
12:45:58.0743 1848 niufurk (0e312ac39974d299318cfa26ce34b77e) C:\Windows\system32\drivers\niufurkl.sys
12:45:58.0744 1848 niufurk - ok
12:45:58.0882 1848 NiViPciK (29ebe67b68d51d4f03f4257b81e5a22e) C:\Windows\system32\drivers\NiViPciKl.sys
12:45:58.0883 1848 NiViPciK - ok
12:45:58.0931 1848 NiViPxiK (9a202cc17625a5e8f84504ce45445d84) C:\Windows\system32\drivers\NiViPxiKl.sys
12:45:58.0932 1848 NiViPxiK - ok
12:45:58.0976 1848 niwfrk (0bb14a240b5868a06fb63ad7191274ec) C:\Windows\system32\drivers\niwfrkl.sys
12:45:58.0976 1848 niwfrk - ok
12:45:59.0072 1848 nixsrk (51b97905f9812dad80d5e5d35ee7f8e3) C:\Windows\system32\drivers\nixsrkl.sys
12:45:59.0074 1848 nixsrk - ok
12:45:59.0125 1848 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
12:45:59.0129 1848 NlaSvc - ok
12:45:59.0172 1848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:45:59.0174 1848 Npfs - ok
12:45:59.0207 1848 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:45:59.0209 1848 nsi - ok
12:45:59.0320 1848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:45:59.0323 1848 nsiproxy - ok
12:45:59.0407 1848 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
12:45:59.0417 1848 Ntfs - ok
12:45:59.0469 1848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:45:59.0472 1848 Null - ok
12:45:59.0612 1848 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
12:45:59.0616 1848 NVENETFD - ok
12:45:59.0901 1848 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:59.0994 1848 nvlddmkm - ok
12:46:00.0125 1848 nvmpu401 (d509ef6e99d1b55887fdc0cb61fd5a42) C:\Windows\system32\drivers\nvmpu401.sys
12:46:00.0125 1848 nvmpu401 - ok
12:46:00.0196 1848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
12:46:00.0198 1848 nvraid - ok
12:46:00.0248 1848 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
12:46:00.0249 1848 nvstor - ok
12:46:00.0333 1848 nvsvc (8e1424ddb7214a2cf78ec728413beccd) C:\Windows\system32\nvvsvc.exe
12:46:00.0335 1848 nvsvc - ok
12:46:00.0412 1848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:46:00.0414 1848 nv_agp - ok
12:46:00.0447 1848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:46:00.0448 1848 ohci1394 - ok
12:46:00.0546 1848 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\Windows\system32\OpcEnum.exe
12:46:00.0550 1848 OpcEnum - ok
12:46:00.0596 1848 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:00.0602 1848 p2pimsvc - ok
12:46:00.0660 1848 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:46:00.0666 1848 p2psvc - ok
12:46:00.0800 1848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:46:00.0801 1848 Parport - ok
12:46:00.0839 1848 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
12:46:00.0840 1848 partmgr - ok
12:46:00.0874 1848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:46:00.0875 1848 Parvdm - ok
12:46:00.0933 1848 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:46:00.0937 1848 PcaSvc - ok
12:46:01.0071 1848 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:46:01.0073 1848 pci - ok
12:46:01.0114 1848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:46:01.0115 1848 pciide - ok
12:46:01.0152 1848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:46:01.0156 1848 pcmcia - ok
12:46:01.0189 1848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:46:01.0190 1848 pcw - ok
12:46:01.0334 1848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:46:01.0340 1848 PEAUTH - ok
12:46:01.0423 1848 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:46:01.0433 1848 PeerDistSvc - ok
12:46:01.0581 1848 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
12:46:01.0595 1848 pla - ok
12:46:01.0658 1848 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
12:46:01.0664 1848 PlugPlay - ok
12:46:01.0762 1848 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:46:01.0765 1848 PNRPAutoReg - ok
12:46:01.0803 1848 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:01.0810 1848 PNRPsvc - ok
12:46:01.0866 1848 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
12:46:01.0871 1848 PolicyAgent - ok
12:46:01.0941 1848 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
12:46:01.0945 1848 Power - ok
12:46:02.0084 1848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:02.0085 1848 PptpMiniport - ok
12:46:02.0120 1848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:46:02.0123 1848 Processor - ok
12:46:02.0173 1848 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
12:46:02.0178 1848 ProfSvc - ok
12:46:02.0229 1848 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:46:02.0231 1848 ProtectedStorage - ok
12:46:02.0368 1848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:46:02.0369 1848 Psched - ok
12:46:02.0441 1848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:46:02.0453 1848 ql2300 - ok
12:46:02.0490 1848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:46:02.0492 1848 ql40xx - ok
12:46:02.0598 1848 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:46:02.0603 1848 QWAVE - ok
12:46:02.0679 1848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:46:02.0680 1848 QWAVEdrv - ok
12:46:02.0725 1848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:02.0726 1848 RasAcd - ok
12:46:02.0824 1848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:02.0824 1848 RasAgileVpn - ok
12:46:02.0886 1848 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:46:02.0890 1848 RasAuto - ok
12:46:02.0957 1848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:02.0958 1848 Rasl2tp - ok
12:46:03.0077 1848 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
12:46:03.0082 1848 RasMan - ok
12:46:03.0154 1848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:03.0156 1848 RasPppoe - ok
12:46:03.0241 1848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:03.0242 1848 RasSstp - ok
12:46:03.0343 1848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:03.0346 1848 rdbss - ok
12:46:03.0379 1848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:46:03.0380 1848 rdpbus - ok
12:46:03.0434 1848 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:03.0435 1848 RDPCDD - ok
12:46:03.0481 1848 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:46:03.0483 1848 RDPDR - ok
12:46:03.0594 1848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:46:03.0595 1848 RDPENCDD - ok
12:46:03.0653 1848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:46:03.0656 1848 RDPREFMP - ok
12:46:03.0708 1848 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
12:46:03.0709 1848 RDPWD - ok
12:46:03.0817 1848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:46:03.0820 1848 rdyboost - ok
12:46:03.0873 1848 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:46:03.0875 1848 RemoteAccess - ok
12:46:03.0923 1848 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:46:03.0927 1848 RemoteRegistry - ok
12:46:03.0960 1848 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:46:03.0963 1848 RpcEptMapper - ok
12:46:04.0064 1848 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:46:04.0066 1848 RpcLocator - ok
12:46:04.0110 1848 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:46:04.0117 1848 RpcSs - ok
12:46:04.0217 1848 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
12:46:04.0221 1848 RsFx0102 - ok
12:46:04.0324 1848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:04.0326 1848 rspndr - ok
12:46:04.0416 1848 rt61x86 (92f0efc2d29d2b38adf9fe49701523c1) C:\Windows\system32\DRIVERS\netr61.sys
12:46:04.0420 1848 rt61x86 - ok
12:46:04.0452 1848 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:46:04.0452 1848 s3cap - ok
12:46:04.0580 1848 SaiH8000 (34ea7d80b2e7899b99bd525428cdce94) C:\Windows\system32\DRIVERS\SaiH8000.sys
12:46:04.0582 1848 SaiH8000 - ok
12:46:04.0633 1848 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:46:04.0635 1848 SamSs - ok
12:46:04.0724 1848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:46:04.0725 1848 sbp2port - ok
12:46:04.0828 1848 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:46:04.0832 1848 SCardSvr - ok
12:46:04.0911 1848 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
12:46:04.0913 1848 SCDEmu - ok
12:46:04.0958 1848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:46:04.0959 1848 scfilter - ok
12:46:05.0059 1848 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
12:46:05.0068 1848 Schedule - ok
12:46:05.0137 1848 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:46:05.0138 1848 SCPolicySvc - ok
12:46:05.0195 1848 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
12:46:05.0199 1848 SDRSVC - ok
12:46:05.0369 1848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:46:05.0370 1848 secdrv - ok
12:46:05.0412 1848 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:46:05.0415 1848 seclogon - ok
12:46:05.0473 1848 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:46:05.0477 1848 SENS - ok
12:46:05.0558 1848 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:46:05.0562 1848 SensrSvc - ok
12:46:05.0646 1848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:46:05.0647 1848 Serenum - ok
12:46:05.0681 1848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:46:05.0683 1848 Serial - ok
12:46:05.0766 1848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:46:05.0767 1848 sermouse - ok
12:46:05.0841 1848 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
12:46:05.0845 1848 SessionEnv - ok
12:46:05.0915 1848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:46:05.0916 1848 sffdisk - ok
12:46:05.0941 1848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:46:05.0942 1848 sffp_mmc - ok
12:46:06.0018 1848 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:46:06.0019 1848 sffp_sd - ok
12:46:06.0060 1848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:06.0061 1848 sfloppy - ok
12:46:06.0116 1848 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:46:06.0120 1848 SharedAccess - ok
12:46:06.0218 1848 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
12:46:06.0224 1848 ShellHWDetection - ok
12:46:06.0312 1848 Si3114r5 (09889d435edc82435b18c7c311fe5721) C:\Windows\system32\DRIVERS\Si3114r5.sys
12:46:06.0315 1848 Si3114r5 - ok
12:46:06.0350 1848 SiFilter (46b92189fe4db53a09e3a0099aa3084c) C:\Windows\system32\DRIVERS\SiWinAcc.sys
12:46:06.0351 1848 SiFilter - ok
12:46:06.0445 1848 SiRemFil (b688378d258d1ecce4768cdb55d48d92) C:\Windows\system32\DRIVERS\SiRemFil.sys
12:46:06.0446 1848 SiRemFil - ok
12:46:06.0514 1848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:46:06.0515 1848 sisagp - ok
12:46:06.0556 1848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:46:06.0557 1848 SiSRaid2 - ok
12:46:06.0643 1848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:46:06.0645 1848 SiSRaid4 - ok
12:46:06.0735 1848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:46:06.0736 1848 Smb - ok
12:46:06.0846 1848 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:46:06.0850 1848 SNMPTRAP - ok
12:46:06.0933 1848 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:46:06.0934 1848 SolidWorks Licensing Service - ok
12:46:07.0056 1848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:46:07.0057 1848 spldr - ok
12:46:07.0100 1848 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
12:46:07.0106 1848 Spooler - ok
12:46:07.0241 1848 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
12:46:07.0267 1848 sppsvc - ok
12:46:07.0362 1848 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
12:46:07.0366 1848 sppuinotify - ok
12:46:07.0536 1848 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:46:07.0540 1848 SQLAgent$SQLEXPRESS - ok
12:46:07.0652 1848 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:46:07.0655 1848 SQLBrowser - ok
12:46:07.0738 1848 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:46:07.0739 1848 SQLWriter - ok
12:46:07.0846 1848 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:46:07.0850 1848 srv - ok
12:46:07.0896 1848 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:46:07.0900 1848 srv2 - ok
12:46:07.0940 1848 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:07.0942 1848 srvnet - ok
12:46:07.0996 1848 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:46:08.0000 1848 SSDPSRV - ok
12:46:08.0082 1848 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:46:08.0086 1848 SstpSvc - ok
12:46:08.0159 1848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:46:08.0160 1848 stexstor - ok
12:46:08.0212 1848 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
12:46:08.0220 1848 StiSvc - ok
12:46:08.0251 1848 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:46:08.0252 1848 storflt - ok
12:46:08.0330 1848 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:46:08.0331 1848 storvsc - ok
12:46:08.0408 1848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:46:08.0409 1848 swenum - ok
12:46:08.0469 1848 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:46:08.0475 1848 swprv - ok
12:46:08.0594 1848 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
12:46:08.0607 1848 SysMain - ok
12:46:08.0658 1848 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
12:46:08.0662 1848 TabletInputService - ok
12:46:08.0698 1848 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
12:46:08.0703 1848 TapiSrv - ok
12:46:08.0787 1848 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:46:08.0792 1848 TBS - ok
12:46:08.0902 1848 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
12:46:08.0912 1848 Tcpip - ok
12:46:09.0014 1848 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:09.0025 1848 TCPIP6 - ok
12:46:09.0078 1848 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:46:09.0080 1848 tcpipreg - ok
12:46:09.0140 1848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:46:09.0141 1848 TDPIPE - ok
12:46:09.0186 1848 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
12:46:09.0187 1848 TDTCP - ok
12:46:09.0286 1848 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:46:09.0290 1848 tdx - ok
12:46:09.0341 1848 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:46:09.0342 1848 TermDD - ok
12:46:09.0399 1848 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
12:46:09.0406 1848 TermService - ok
12:46:09.0492 1848 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:46:09.0496 1848 Themes - ok
12:46:09.0544 1848 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:46:09.0546 1848 THREADORDER - ok
12:46:09.0600 1848 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:46:09.0605 1848 TrkWks - ok
12:46:09.0686 1848 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
12:46:09.0691 1848 TrustedInstaller - ok
12:46:09.0774 1848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:09.0775 1848 tssecsrv - ok
12:46:09.0820 1848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:46:09.0824 1848 tunnel - ok
12:46:09.0882 1848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:46:09.0883 1848 uagp35 - ok
12:46:09.0997 1848 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:46:10.0000 1848 udfs - ok
12:46:10.0074 1848 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:46:10.0078 1848 UI0Detect - ok
12:46:10.0165 1848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:46:10.0166 1848 uliagpkx - ok
12:46:10.0271 1848 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
12:46:10.0271 1848 UltraMonUtility - ok
12:46:10.0401 1848 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:46:10.0402 1848 umbus - ok
12:46:10.0464 1848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:46:10.0465 1848 UmPass - ok
12:46:10.0524 1848 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
12:46:10.0529 1848 UmRdpService - ok
12:46:10.0600 1848 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:46:10.0606 1848 upnphost - ok
12:46:10.0692 1848 usb6xxxk - ok
12:46:10.0748 1848 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:46:10.0749 1848 USBAAPL - ok
12:46:10.0827 1848 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
12:46:10.0829 1848 usbaudio - ok
12:46:10.0916 1848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:10.0918 1848 usbccgp - ok
12:46:10.0970 1848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:46:10.0974 1848 usbcir - ok
12:46:11.0044 1848 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
12:46:11.0045 1848 usbehci - ok
12:46:11.0149 1848 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
12:46:11.0152 1848 usbhub - ok
12:46:11.0271 1848 USBlwcam18a (6d9c88e767533214fd1159fd8366d648) C:\Windows\system32\Drivers\lwcam18a.sys
12:46:11.0276 1848 USBlwcam18a - ok
12:46:11.0363 1848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:46:11.0364 1848 usbohci - ok
12:46:11.0444 1848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:46:11.0445 1848 usbprint - ok
12:46:11.0496 1848 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:46:11.0497 1848 usbscan - ok
12:46:11.0628 1848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:11.0630 1848 USBSTOR - ok
12:46:11.0702 1848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:46:11.0703 1848 usbuhci - ok
12:46:11.0809 1848 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
12:46:11.0812 1848 usbvideo - ok
12:46:11.0873 1848 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:46:11.0876 1848 UxSms - ok
12:46:11.0963 1848 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:46:11.0965 1848 VaultSvc - ok
12:46:12.0087 1848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:46:12.0090 1848 vdrvroot - ok
12:46:12.0155 1848 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
12:46:12.0163 1848 vds - ok
12:46:12.0232 1848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:12.0233 1848 vga - ok
12:46:12.0339 1848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:46:12.0340 1848 VgaSave - ok
12:46:12.0375 1848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:46:12.0377 1848 vhdmp - ok
12:46:12.0442 1848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:46:12.0444 1848 viaagp - ok
12:46:12.0545 1848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:46:12.0546 1848 ViaC7 - ok
12:46:12.0582 1848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:46:12.0583 1848 viaide - ok
12:46:12.0644 1848 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:46:12.0646 1848 vmbus - ok
12:46:12.0743 1848 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:46:12.0744 1848 VMBusHID - ok
12:46:12.0775 1848 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:46:12.0776 1848 volmgr - ok
12:46:12.0826 1848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:46:12.0829 1848 volmgrx - ok
12:46:12.0902 1848 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:46:12.0907 1848 volsnap - ok
12:46:13.0025 1848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:46:13.0027 1848 vsmraid - ok
12:46:13.0140 1848 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
12:46:13.0151 1848 VSS - ok
12:46:13.0234 1848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:46:13.0235 1848 vwifibus - ok
12:46:13.0329 1848 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:46:13.0334 1848 W32Time - ok
12:46:13.0440 1848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:46:13.0442 1848 WacomPen - ok
12:46:13.0515 1848 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:13.0516 1848 WANARP - ok
12:46:13.0529 1848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:13.0532 1848 Wanarpv6 - ok
12:46:13.0676 1848 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:46:13.0688 1848 WatAdminSvc - ok
12:46:13.0793 1848 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
12:46:13.0806 1848 wbengine - ok
12:46:13.0866 1848 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:46:13.0870 1848 WbioSrvc - ok
12:46:13.0928 1848 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
12:46:13.0934 1848 wcncsvc - ok
12:46:14.0006 1848 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:46:14.0010 1848 WcsPlugInService - ok
12:46:14.0109 1848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:46:14.0110 1848 Wd - ok
12:46:14.0200 1848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:46:14.0205 1848 Wdf01000 - ok
12:46:14.0270 1848 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:46:14.0277 1848 WdiServiceHost - ok
12:46:14.0297 1848 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:46:14.0301 1848 WdiSystemHost - ok
12:46:14.0357 1848 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
12:46:14.0362 1848 WebClient - ok
12:46:14.0426 1848 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:46:14.0431 1848 Wecsvc - ok
12:46:14.0463 1848 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:46:14.0467 1848 wercplsupport - ok
12:46:14.0532 1848 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:46:14.0536 1848 WerSvc - ok
12:46:14.0658 1848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:14.0659 1848 WfpLwf - ok
12:46:14.0691 1848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:46:14.0692 1848 WIMMount - ok
12:46:14.0779 1848 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:46:14.0785 1848 WinDefend - ok
12:46:14.0802 1848 WinHttpAutoProxySvc - ok
12:46:14.0924 1848 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:46:14.0926 1848 Winmgmt - ok
12:46:14.0999 1848 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
12:46:15.0012 1848 WinRM - ok
12:46:15.0151 1848 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
12:46:15.0152 1848 WinUsb - ok
12:46:15.0219 1848 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:46:15.0230 1848 Wlansvc - ok
12:46:15.0323 1848 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:46:15.0324 1848 wlcrasvc - ok
12:46:15.0438 1848 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:46:15.0451 1848 wlidsvc - ok
12:46:15.0576 1848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:46:15.0577 1848 WmiAcpi - ok
12:46:15.0665 1848 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:46:15.0666 1848 wmiApSrv - ok
12:46:15.0802 1848 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:46:15.0811 1848 WMPNetworkSvc - ok
12:46:15.0910 1848 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:46:15.0914 1848 WPCSvc - ok
12:46:15.0953 1848 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
12:46:15.0959 1848 WPDBusEnum - ok
12:46:16.0035 1848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:46:16.0036 1848 ws2ifsl - ok
12:46:16.0077 1848 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
12:46:16.0082 1848 wscsvc - ok
12:46:16.0161 1848 WSearch - ok
12:46:16.0257 1848 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
12:46:16.0276 1848 wuauserv - ok
12:46:16.0409 1848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:46:16.0411 1848 WudfPf - ok
12:46:16.0460 1848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:46:16.0461 1848 WUDFRd - ok
12:46:16.0584 1848 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
12:46:16.0591 1848 wudfsvc - ok
12:46:16.0653 1848 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:46:16.0658 1848 WwanSvc - ok
12:46:16.0781 1848 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
12:46:16.0784 1848 yukonw7 - ok
12:46:16.0830 1848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:46:16.0871 1848 \Device\Harddisk0\DR0 - ok
12:46:16.0887 1848 MBR (0x1B8) (b0deb658740daf15bb6f5c70d3752d18) \Device\Harddisk1\DR1
12:46:16.0912 1848 \Device\Harddisk1\DR1 - ok
12:46:16.0924 1848 Boot (0x1200) (d9112150919fed4f6d1fe9def027af89) \Device\Harddisk0\DR0\Partition0
12:46:16.0926 1848 \Device\Harddisk0\DR0\Partition0 - ok
12:46:16.0932 1848 ============================================================
12:46:16.0932 1848 Scan finished
12:46:16.0932 1848 ============================================================
12:46:16.0958 0752 Detected object count: 0
12:46:16.0958 0752 Actual detected object count: 0





aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 12:50:18
-----------------------------
12:50:18.935 OS Version: Windows 6.1.7600
12:50:18.936 Number of processors: 1 586 0x2F00
12:50:18.937 ComputerName: PAUL-PC UserName: Paul
12:50:19.545 Initialize success
12:51:13.049 AVAST engine defs: 12040400
12:52:24.196 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
12:52:24.202 Disk 0 Vendor: HDS722525VLSA80 V36OA6MA Size: 238475MB BusType: 3
12:52:24.219 Disk 0 MBR read successfully
12:52:24.223 Disk 0 MBR scan
12:52:24.229 Disk 0 Windows 7 default MBR code
12:52:24.243 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
12:52:24.253 Disk 0 scanning sectors +488394752
12:52:24.307 Disk 0 scanning C:\Windows\system32\drivers
12:52:38.462 Service scanning
12:53:14.682 Modules scanning
12:53:28.415 Disk 0 trace - called modules:
12:53:28.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:53:28.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861fb698]
12:53:28.823 3 CLASSPNP.SYS[8965b59e] -> nt!IofCallDriver -> [0x859ca918]
12:53:28.832 5 ACPI.sys[833b53b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0x859f5030]
12:53:29.366 AVAST engine scan C:\Windows
12:53:32.627 AVAST engine scan C:\Windows\system32
12:56:58.446 AVAST engine scan C:\Windows\system32\drivers
12:57:14.926 AVAST engine scan C:\Users\Paul
13:02:39.424 AVAST engine scan C:\ProgramData
13:07:27.771 Scan finished successfully
13:37:45.350 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:37:45.372 The log file has been saved successfully to "E:\aswMBR.txt"



Problems:

None as of yet. The computer seems to be running in good condition once again and I haven't been redirected to a alternate site via google searches since. :)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 04 April 2012 - 08:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\Paul\AppData\Roaming\ParetoLogic
c:\users\Paul\AppData\Roaming\DriverCure
c:\programdata\ParetoLogic
c:\program files\ParetoLogic

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 05 April 2012 - 12:14 AM

ComboFix Log:

ComboFix 12-04-01.01 - Paul 04/04/2012 21:35:26.5.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1141 [GMT -7:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ParetoLogic
c:\programdata\ParetoLogic
c:\users\Paul\AppData\Roaming\DriverCure
c:\users\Paul\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Paul\AppData\Roaming\ParetoLogic
c:\users\Paul\AppData\Roaming\ParetoLogic\PC Health Advisor\Client.txt
c:\users\Paul\AppData\Roaming\ParetoLogic\PC Health Advisor\Server.txt
c:\windows\$NtUninstallKB41462$
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 04:47 . 2012-04-05 04:50 -------- d-----w- c:\users\Paul\AppData\Local\temp
2012-04-05 04:47 . 2012-04-05 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 02:50 . 2012-04-04 02:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-04 02:32 . 2012-03-20 10:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CBB5A49-2929-4728-BC53-0C4038021E04}\mpengine.dll
2012-04-04 02:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-04 02:30 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 02:30 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-03 21:59 . 2011-07-16 04:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-03 21:58 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-03 21:54 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-03 21:54 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-03 21:54 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-30 00:18 . 2012-03-30 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 23:20 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 18:48 . 2012-03-29 18:48 -------- d-----w- c:\users\Paul\AppData\Local\Threat Expert
2012-03-29 17:53 . 2012-03-29 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\Spam Monitor
2012-03-29 17:53 . 2012-03-29 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Tools
2012-03-29 17:47 . 2012-03-29 17:47 -------- d-----w- c:\program files\PC Tools
2012-03-29 17:44 . 2012-03-29 23:10 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-29 17:36 . 2012-03-29 17:51 -------- d-----w- c:\programdata\PC Tools
2012-03-29 17:36 . 2012-03-29 17:36 -------- d-----w- c:\users\Paul\AppData\Roaming\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 00:36 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-02-23 16:18 . 2011-01-09 00:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 08:52 . 2011-12-04 03:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-05-25 01:39 . 2010-05-25 01:39 43608 ----a-w- c:\program files\internet explorer\plugins\IMAQActiveXControl.dll
2010-09-16 21:35 . 2010-09-16 21:35 158720 ----a-w- c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 21:50 . 2008-12-10 21:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-05-25 19:43 . 2010-05-25 19:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\program files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\niupdate.exe" [2010-08-10 77824]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 20104]
R3 lwldr18a;CRi USB Loader Driver (lwldr18a.sys);c:\windows\system32\Drivers\lwldr18a.sys [2010-11-04 53608]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2010-06-21 26192]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2010-06-21 11344]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2010-06-21 22608]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-07-02 11352]
R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2010-11-01 11952]
R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2010-11-01 11912]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2010-11-01 11920]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2010-10-29 11920]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2010-11-01 11928]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2010-11-01 11920]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2010-11-01 11920]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2010-07-11 11936]
R3 niimaqdxk;niimaqdxk;c:\windows\system32\drivers\niimaqdxkl.sys [2010-06-21 11384]
R3 niimaqk;NI-IMAQ Driver;c:\windows\system32\drivers\niimaqk.sys [x]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2010-09-27 11976]
R3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [x]
R3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [x]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2010-07-11 11952]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-10-27 11968]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-10-27 11968]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 21144]
R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2010-11-01 11912]
R3 NiRioRpc;National Instruments RIO Server;c:\windows\system32\NiRioRpc.exe [2010-06-26 31880]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-13 11960]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 11936]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 11928]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-13 11960]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2010-11-01 11920]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11312]
R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2010-09-27 11912]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11360]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2010-07-13 11912]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2010-07-13 11944]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2010-11-01 11944]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11432]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2010-11-01 11920]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 USBlwcam18a;CRi 18a Camera;c:\windows\system32\Drivers\lwcam18a.sys [2010-11-04 471144]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 15448]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2010-06-21 58504]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2010-06-21 42136]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-06-23 47776]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-06-14 11416]
S2 nistreamk;nistreamk;c:\windows\system32\drivers\nistreamkl.sys [2010-06-17 19608]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11432]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11432]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-16 32432]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11360]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2010-07-11 11944]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2010-11-01 11920]
S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-929556980-4212560544-2375974545-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-929556980-4212560544-2375974545-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6124)
c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\nipxism.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-04 21:55:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 04:55
ComboFix2.txt 2012-04-03 10:18
.
Pre-Run: 119,368,716,288 bytes free
Post-Run: 119,359,406,080 bytes free
.
- - End Of File - - 27D90F979957B4228A6EBC0E80E2049F


Didn't have any problems this time and ComboFix which took less than 20 mins as oppose to a full day.

Also, no problems with the computer so far. Let me know if you have anything else you would like me to do. :)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 05 April 2012 - 12:41 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 05 April 2012 - 03:21 PM

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
D3DX10
DisplayFusion 3.3.1
Dropbox
eDrawings 2011 API SDK
escv
FileZilla Client 3.5.1
GIMP 2.6.9
GNU Octave 3.0.1
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
iCloud
InFlac 1.1.1
iTunes
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
MATLAB R2010a
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2003 Web Components
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVCRT
National Instruments Software
NI-653x Installer 1.9.3
NI-APAL 2.0 Error Files
NI-BROADCOM57XX for Phar Lap ETS
NI-DAQ C and VB6 API 2.2.0
NI-DAQ Document Set 9.2.3
NI-DAQ INF Files 19.2.3
NI-DAQmx 9.2.3
NI-DAQmx ADE Support 9.2.3
NI-DAQmx Documentation 9.2.0
NI-DAQmx MAX Configuration Support 9.2.3
NI-DAQmx support for LabVIEW 1.15.0
NI-DAQmx Switch Core 2.1.0
NI-DAQmx/LabVIEW shared documentation 1.8.0
NI-DIM 1.11.0f0
NI-DIM 1.11.0f0 for Phar Lap ETS
NI-IMAQ .NET Support
NI-IMAQ 32-bit Driver Support
NI-IMAQ 4.5
NI-IMAQ Camera Files
NI-IMAQ Configuration 3.0.1
NI-IMAQ IO .NET Support
NI-IMAQ IO 2.4.0
NI-IMAQ LabVIEW 2010 Examples for NI FlexRIO
NI-IMAQ Provider for MAX
NI-IMAQ Support for NI FlexRIO
NI-IMAQdx .NET Support
NI-IMAQdx 3.7
NI-IMAQdx 32-bit Driver Support
NI-Intel1000e for LabVIEW Real-Time
NI-Intel8254x for LabVIEW Real-Time
NI-Intel8255x for LabVIEW Real-Time
NI-MDBG 1.10.0f0
NI-MDBG 1.10.0f0 for Phar Lap ETS
NI-MRU 2.11.1f0
NI-MX Expert Framework 2.6.2
NI-MXDF 1.11.5f1
NI-MXDF 1.11.5f1 for Phar Lap ETS
NI-MXLC Core (32-bit)
NI-MXLC LabVIEW 2009 Support
NI-MXLC LabVIEW 2010 Support
NI-MXLC LabVIEW 8.5 Support
NI-MXLC LabVIEW 8.6 Support
NI-NVIDIA Gigabit Ethernet Driver for LabVIEW Real-Time
NI-ORB 1.9.3f0
NI-ORB 1.9.3f0 for Phar Lap ETS
NI-P2P 1.1.0
NI-P2P 1.1.0 Support for LabVIEW 2010 (32-bit)
NI-P2P 1.1.0 Support for LabVIEW Real-Time
NI-PAL 2.5.4f0 for Phar Lap ETS
NI-PAL 2.6.2f0
NI-RIO 3.5.0
NI-RIO 3.5.0 driver for Real-Time Embedded Targets
NI-RIO Common Files for LabVIEW 2010
NI-RIO for 32-bit Windows
NI-RIO I/O Control for LabVIEW 2009
NI-RIO I/O Control for LabVIEW 2010
NI-RIO I/O Control for LabVIEW 8.5
NI-RIO I/O Control for LabVIEW 8.6
NI-RPC 4.2.0f0
NI-RPC 4.2.0f0 for Phar Lap ETS
NI-Serial 3.6
NI-Serial 3.6 for LabVIEW Real-Time
NI-Serial 3.6 MAX Provider
NI-SMC9 1.2.0f0 for Phar Lap ETS
NI-STE10/100A for Phar Lap ETS
NI-TNF 1.4.4f0 for Phar Lap ETS
NI-VISA 5.0.0
NI-VISA 5.0.0 for LabVIEW Real-Time
NI-VISA 5.0.0 MAX Provider
NI-VISA Runtime 5.0.0
NI-VISA Server 5.0.0
NI AFW Channel Configuration Tool
NI AFW Custom UI
NI AFW Custom UI Assemblies
NI AFW UI Assemblies
NI Assistant Framework
NI Assistant Framework LabVIEW 2010 Support
NI Assistant Framework LabVIEW Code Generator 2009
NI Assistant Framework LabVIEW Code Generator 2010
NI Atomic PXIe Peripheral Module Driver 1.2.1
NI Atomic PXIe Peripheral Module Driver 1.2.1 for Phar Lap ETS
NI Atomic PXIe Peripheral Module Driver 1.3.0
NI Atomic PXIe Peripheral Module Driver 1.3.0 for Phar Lap ETS
NI Authentication 1.0
NI BIOS Updater
NI Calibration Provider for MAX 4.7.0
NI Certificates Deployment Support
NI CodeSignAPI
NI Common Digital 1.12.0
NI Curl 1.0
NI CVS-1450 Series Remote Provider
NI DAQ Assistant 1.14.0
NI DataSocket 4.8
NI Distributed System Manager 2010
NI DN 2.0 Language Pack installer
NI DN 2.0 SP1 installer
NI Dynamic Signal Acquisition Installer 2.1.2
NI Ethernet Device Enumerator
NI EULA Depot
NI EVS-1460 Series Remote Provider
NI Example Finder 10.0
NI FlexRIO support for Real-Time Embedded Targets
NI FSL Installer 1.11.0
NI GigE Vision 32-bit Driver Support
NI Help Assistant
NI IMAQ Vision for Measurement Studio Upgrade Manager
NI Instrument IO Assistant for LabVIEW 2010 32-bit
NI LabVIEW 2009 Real-Time MSVS71 Support
NI LabVIEW 2009 SP1 Run-Time Engine Web Services
NI LabVIEW 2010
NI LabVIEW 2010 Deployable License
NI LabVIEW 2010 Deployment Framework
NI LabVIEW 2010 FPGA Elemental IO Common
NI LabVIEW 2010 FPGA Realtime Support
NI LabVIEW 2010 FPGA Support for Host Analysis
NI LabVIEW 2010 FPGA Support for Host Communication
NI LabVIEW 2010 Help
NI LabVIEW 2010 Help File
NI LabVIEW 2010 Integer Math and Analysis
NI LabVIEW 2010 License
NI LabVIEW 2010 Manuals
NI LabVIEW 2010 MeasAppChm File
NI LabVIEW 2010 Real-Time Error Dialog
NI LabVIEW 2010 Real-Time FTP Server
NI LabVIEW 2010 Real-Time Legacy Support
NI LabVIEW 2010 Real-Time MSVS90 Support
NI LabVIEW 2010 Real-Time NBFifo
NI LabVIEW 2010 Real-Time Pharlap Base
NI LabVIEW 2010 Real-Time Registry
NI LabVIEW 2010 Real-Time Support for cRIO
NI LabVIEW 2010 Real-Time Support for Desktop
NI LabVIEW 2010 Real-Time Support for FieldPoint
NI LabVIEW 2010 Real-Time Support for Hypervisor
NI LabVIEW 2010 Real-Time Support for IMAQ
NI LabVIEW 2010 Real-Time Support for Industrial Controllers
NI LabVIEW 2010 Real-Time Support for PXI
NI LabVIEW 2010 Real-Time VxWorks Base
NI LabVIEW 2010 Real-Time VxWorks Floating Point
NI LabVIEW 2010 Search
NI LabVIEW 2010 Simulation
NI LabVIEW 2010 Web Server
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Compare Utility 10.0.0
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 10.0.0
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009 SP1
NI LabVIEW Run-Time Engine 2010
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.5.1
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Interop 2010
NI LabVIEW SignalExpress 2010 Datatypes
NI LabVIEW SignalExpress 2010 Datatypes LabVIEW 2010 Support
NI LabVIEW SignalExpress 2010 Tools
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2009 Run-Time Engine
NI LabWindows/CVI 2010 Code Generator
NI LabWindows/CVI DLL Builder for LabVIEW
NI LibiConv 2010
NI License Manager
NI Logos 5.2.0
NI Logos LabVIEW 2010 Support
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI LVBrokerAux 8.6.0
NI Math Kernel Libraries
NI MAX Remote Configuration Installer 4.7.6
NI MDF Support
NI mDNS Responder 1.3 for LabVIEW Real-Time
NI mDNS Responder 1.4.0
NI Measurement & Automation Explorer 4.7.6
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Assemblies for .NET 2.0
NI Measurement Studio Common .NET Assemblies for .NET 3.5
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MIO Device Drivers 2.5.7
NI MXS 4.7.0
NI MXS 4.7.0f0 for LabVIEW Real-Time
NI OCR Upgrade Manager
NI OPC Support
NI Portable Configuration 4.7.0
NI PXI DIH 1.2.1 for Phar Lap ETS
NI PXI Platform Framework 1.3.0
NI PXI Platform Framework 1.3.0 for Phar Lap ETS
NI PXI Platform Services 2.5.6
NI PXI Platform Services 2.5.6 Configuration Support
NI PXI Platform Services 2.5.6 Expert
NI PXI Platform Services 2.5.6 Expert for LabVIEW Real-Time
NI PXI Platform Services 2.5.6 for LabVIEW Real-Time
NI PXI SystemAPI Expert 2.5.6
NI Real-Time Device Manager
NI Registration Wizard
NI Remote Provider for MAX 4.7.6
NI Remote PXI Provider for MAX 4.7.6
NI SCXI 1.14.0
NI Smart Camera Remote Provider
NI Software Provider for MAX 4.7.0
NI Spy 2.7.2
NI Spy API LV2010
NI SSL LabVIEW 2010 Support
NI SSL Support
NI STC 1.9.0
NI System API RT 1.1.0
NI System API Web-Servce 32-bit 1.1.0
NI System API Windows 32-bit 1.1.6
NI System Configuration 1.1.3
NI System Configuration 1.1.3 LabVIEW Support
NI System Configuration LV2010 1.1.3
NI System State Publisher
NI System Web Server 1.0.1
NI System Web Server Base 1.0.1
NI System Web Server Real-Time 2010 Support
NI TDM Excel Add-In 3.2
NI TDMS
NI Timing Installer 2.2.5
NI Trace Engine
NI Uninstaller
NI Update Service
NI Update Service Full
NI USI 1.8.0
NI Variable Engine 2.4.0
NI Variable Engine LabVIEW 2010 Support
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Vision .NET 2010 SP1
NI Vision .NET Run-Time Engine 2010 SP1
NI Vision 2010 SP1
NI Vision Acq Remote Provider LV2010
NI Vision Acquisition Express VI
NI Vision Acquisition Express VI LabVIEW 2010
NI Vision Assistant 2010 SP1
NI Vision Assistant 2010 SP1 .NET
NI Vision Common Resources 2010 SP1
NI Vision Run-Time Engine 2010 SP1
NI Web Application Server 1.0
NI Web Interface Framework 1.0
NI Web Pipeline 2.0.1
NI Xalan Delay Load 1.10.1
NI Xerces Delay Load 2.7.2
Nuance
NVIDIA Display Control Panel
NVIDIA Drivers
Power Tab Editor 1.7
PowerISO
QuickTime
Racket v5.1.1
Realtek AC'97 Audio
Safari
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Skype™ 5.5
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
StarCraft
StarCraft II
UltraISO Premium V9.36
UltraMon
VISA Shared Components
VLC media player 1.1.11
VMD 1.9
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 05 April 2012 - 03:25 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.7
BitTorrent
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BSFD

BSFD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 05 April 2012 - 05:36 PM

1. Log From MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.10

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Paul :: PAUL-PC [administrator]

4/5/2012 3:01:22 PM
mbam-log-2012-04-05 (15-01-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210787
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



2. report from Hijackthis:

C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: CrypKey License - CrypKey (Canada) Ltd. - C:\Windows\system32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: National Instruments LXI Discovery Service (niLXIDiscovery) - National Instruments Corporation - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI PXI Resource Manager Service (nipxirmu) - National Instruments Corporation - C:\Windows\system32\nipxism.exe
O23 - Service: National Instruments RIO Server (NiRioRpc) - National Instruments Corporation - C:\Windows\system32\NiRioRpc.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 7647 bytes


3. let me know of any problems you may have had

No real problems I could discern but I noticed that when I go to program folders via the start icon on the bottom left of the screen, many of the programs state that the folders are empty. (However I can get to programs through MyComputer icon on the desktop and the items are located in the appropriate places) I was just wondering why that might have occurred?

4. How is the computer doing now?

Seems to be back up to speed. :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 05 April 2012 - 06:56 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe
      O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users