Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec-C - won't uninstall and is deleting programmes


  • This topic is locked This topic is locked
18 replies to this topic

#1 Frail

Frail

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 31 March 2012 - 03:03 PM

Hello,

I have recently been having problems very similar to those of this user: http://www.bleepingcomputer.com/forums/topic447830.html

After downloading, initially the only problems I noticed was the download of 'funmoods' programme to my internet - certain words were highlighted which would lead me to other websites to buy certain products etc.
I have tried to uninstall it from my computer but it will not allow me to and I have realised that a lot of programmes (for example Paint among many others)are now missing from my computer.

Any help and guidance would be greatly appreciated,
Thank you very much!

BC AdBot (Login to Remove)

 


#2 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 01 April 2012 - 12:47 PM

Hello,

I have just finished running some logs and thought that these would be beneficial to post:




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Emma at 18:42:52 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1647 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Codec-C Class: {26ab07e2-9562-409c-83f1-d68e0b79169e} - C:\ProgramData\Codec-C\bhoclass.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\bh\funmoods.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Emma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1106A272-521F-470E-9981-77C73794F130} : DhcpNameServer = 139.222.131.203 139.222.131.204
TCP: Interfaces\{7F04F6AD-8062-40E4-B4FA-BE7E0C27AAD7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F04F6AD-8062-40E4-B4FA-BE7E0C27AAD7}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{CDCA73ED-328A-4C2C-AF90-86A8656668F3} : DhcpNameServer = 82.132.254.2 82.132.254.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Codec-C Class: {26AB07E2-9562-409C-83F1-D68E0B79169E} - C:\ProgramData\Codec-C\bhoclass.dll
BHO-X64: Codec-C - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\bh\funmoods.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\jysigtg7.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=bf4
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Emma\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - 262e2ae8000000000000002454f2dd70
FF - user.js: extensions.funmoods_i.instlDay - 15418
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.21:25:30
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-31 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-31 19:10:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-31 19:10:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-30 08:33:55 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5EF20E8-3786-402A-90BF-0FC321BDFCBA}\mpengine.dll
2012-03-29 01:03:07 -------- d-----w- C:\Users\Emma\AppData\Local\{44DF946C-2C8A-4CA1-9AF0-910B32DBDC1C}
2012-03-28 13:00:45 -------- d-----w- C:\Users\Emma\AppData\Local\{5D70FC1F-C31F-418E-9629-387DF2F011E0}
2012-03-28 13:00:36 -------- d-----w- C:\Users\Emma\AppData\Local\{BF31B154-B0D1-46C4-BC63-31BEF5CFA75C}
2012-03-26 09:58:54 -------- d-----w- C:\Users\Emma\AppData\Local\{45BD4D10-CC23-45C9-A92F-CEAEA09AB7D2}
2012-03-25 21:56:51 -------- d-----w- C:\Users\Emma\AppData\Local\{4D3295AC-9679-4486-A91E-520E3DDA0AF7}
2012-03-25 21:56:45 -------- d-----w- C:\Users\Emma\AppData\Local\{E48BFF05-E780-4055-A7BA-4407F9CE501C}
2012-03-25 10:36:47 -------- d-----w- C:\Users\Emma\AppData\Local\{2983BFF0-B59B-46B6-A190-65A54CE01EA9}
2012-03-25 10:31:21 -------- d-----w- C:\Users\Emma\AppData\Local\{FC521F0C-83AD-499D-8740-BE6848C3357F}
2012-03-25 09:51:11 -------- d-----w- C:\Users\Emma\AppData\Local\{4E1B19A3-A1BF-4533-AF2F-4BA763A0A65D}
2012-03-23 16:40:56 -------- d-----w- C:\Users\Emma\AppData\Local\{DBA66603-2821-4772-B0FC-22066C8F29F4}
2012-03-23 15:24:21 -------- d-----w- C:\Users\Emma\AppData\Local\{AAED4C5F-0B7C-440A-BA81-4248969A1EE4}
2012-03-22 15:33:03 -------- d-----w- C:\Users\Emma\AppData\Local\{F23DBF0E-36EA-4161-9ED8-ADE4A74B1E45}
2012-03-22 15:32:56 -------- d-----w- C:\Users\Emma\AppData\Local\{E44C7289-3AC5-41F4-9B4A-A41C7AA7F0E4}
2012-03-20 00:46:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 00:46:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 23:58:49 -------- d-----w- C:\Users\Emma\AppData\Local\{1A2A9F12-068E-40AF-8BD4-44822EFF142F}
2012-03-19 23:58:39 -------- d-----w- C:\Users\Emma\AppData\Local\{2FEC1AC8-D8E5-43DA-ADD7-C2618F381442}
2012-03-19 01:25:30 -------- d-----w- C:\ProgramData\Premium
2012-03-19 01:25:10 -------- d-----w- C:\ProgramData\Codec-C
2012-03-19 01:24:53 -------- d-----w- C:\codec-info
2012-03-19 01:24:40 -------- d-----w- C:\ProgramData\InstallMate
2012-03-13 21:55:28 -------- d-----w- C:\Users\Emma\AppData\Local\{7C8149F0-64CA-433A-9BBB-7FB4AECF91CD}
2012-03-13 21:54:55 -------- d-----w- C:\Users\Emma\AppData\Local\{A42D6596-BA76-4F59-85D2-34FC11CC0384}
2012-03-13 17:25:12 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-03-13 17:24:35 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-03-13 17:24:35 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-03-13 15:40:05 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-03-13 15:34:04 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-03-13 15:34:00 -------- d-----w- C:\Users\Emma\AppData\Roaming\NCH Software
2012-03-12 01:55:07 -------- d-----w- C:\Users\Emma\AppData\Local\{FEEFD7A3-B3C3-4D41-BDE0-2385BC037D57}
2012-03-12 01:54:42 -------- d-----w- C:\Users\Emma\AppData\Local\{15CAEDA9-D61C-4968-B8C9-E4CF11C327F6}
2012-03-09 13:52:40 -------- d-----w- C:\Users\Emma\AppData\Local\{D1050219-39D0-4785-85AB-6DCB96F6956D}
2012-03-08 23:44:48 -------- d-----w- C:\Users\Emma\AppData\Local\{EE76F04D-0258-4A32-9DEA-ED16370B46D7}
2012-03-08 12:29:29 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-08 11:42:38 -------- d-----w- C:\Users\Emma\AppData\Local\{8E1ADD79-D867-4798-8FF3-61BA90F8C0F3}
2012-03-07 23:40:35 -------- d-----w- C:\Users\Emma\AppData\Local\{69644885-2E28-4A9A-9449-9441EEAC5BAE}
2012-03-07 11:38:06 -------- d-----w- C:\Users\Emma\AppData\Local\{CA24645D-2849-4B7F-8334-2B726E0172A0}
2012-03-06 22:38:31 -------- d-----w- C:\Users\Emma\AppData\Local\{0501C6BD-8603-415D-A8F2-AB030DB480F2}
2012-03-06 10:36:19 -------- d-----w- C:\Users\Emma\AppData\Local\{7FC55A5C-7205-462E-B64D-8575F8E34608}
2012-03-05 22:33:22 -------- d-----w- C:\Users\Emma\AppData\Local\{0A4C2A38-8C82-4EDD-97A2-84A582C17560}
2012-03-05 01:15:21 -------- d-----w- C:\Users\Emma\AppData\Local\{6037F336-62D4-48DB-B387-BF780DEDFB83}
2012-03-04 09:34:41 -------- d-----w- C:\Users\Emma\AppData\Local\{016A40CB-C829-4212-92C4-455FBA4466CF}
2012-03-04 09:34:23 -------- d-----w- C:\Users\Emma\AppData\Local\{471B2D2F-2F46-49D0-B38D-07578386FF16}
2012-03-04 09:34:16 -------- d-----w- C:\Users\Emma\AppData\Local\{F984A102-F7D1-42BC-BC14-B44D5D52353D}
2012-03-03 16:28:56 -------- d-----w- C:\Users\Emma\AppData\Local\{198A73A2-B8C8-45C7-916F-F448B7A9B077}
2012-03-03 04:25:53 -------- d-----w- C:\Users\Emma\AppData\Local\{31727B1A-FD03-4744-9CF7-90B14C0B79AF}
.
==================== Find3M ====================
.
2012-02-23 09:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-05 16:46:20 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:43:17.38 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/08/2011 13:55:31
System Uptime: 01/04/2012 11:56:32 (7 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510
Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | U2E1 | 2094/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 29.76 GiB free.
D: is FIXED (NTFS) - 165 GiB total, 148.095 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP187: 30/03/2012 16:11:10 - Scheduled Checkpoint
RP188: 30/03/2012 22:29:48 - Removed Norton Online Backup
RP189: 30/03/2012 22:33:11 - Removed Facebook Video Calling 1.2.0.159
RP190: 30/03/2012 22:44:31 - Removed Spelling Dictionaries Support For Adobe Reader 9.
RP191: 30/03/2012 22:45:17 - Removed Adobe Flash Player 10 ActiveX.
RP192: 31/03/2012 17:58:28 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Reader 9.2
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Atheros Client Installation Program
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
Build-a-lot
Chuzzle Deluxe
Codec-C
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dropbox
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Farm Frenzy
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Earth Plug-in
Google Update Helper
HP Deskjet 1050 J410 series Help
Insaniquarium Deluxe
Intel® Rapid Storage Technology
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Last.fm 1.5.4.27091
Marvell Miniport Driver
McAfee Security Scan Plus
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RescueTime 2.4.0
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Update Plus
SamsungMovie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SISShortcut
Skype™ 5.5
Spotify
Spybot - Search & Destroy
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VLC media player 2.0.0
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
31/03/2012 19:01:29, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
31/03/2012 18:59:06, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
31/03/2012 18:01:24, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070bc9: Update for Windows 7 for x64-based Systems (KB976098).
31/03/2012 18:00:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
30/03/2012 16:03:37, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
28/03/2012 13:43:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26/03/2012 03:01:57, Error: Tcpip [4199] - The system detected an address conflict for IP address 139.222.239.125 with the system having network hardware address 00-1D-D8-5A-74-CA. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 06 April 2012 - 01:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 06 April 2012 - 01:27 PM

Hello!
Since posting this my neighbor has looked at my laptop and managed to removed codec-c from the programs list (which I was struggling to install it from). As he is away for the easter break and then a couple of weeks after I cannot ask him how he managed to do it.
The computer seems to be running fine - my only problem is tracking down the programs that are missing from the start menu and the submenus (for example the accessories folder).

I have run combofix still, and here are my results. Thanks again for your help:


ComboFix 12-04-06.03 - Emma 06/04/2012 18:49:54.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1675 [GMT 1:00]
Running from: c:\users\Emma\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 17:58 . 2012-04-06 17:58 -------- d-----w- c:\users\Mcx1-EMMA-PC\AppData\Local\temp
2012-04-06 17:58 . 2012-04-06 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 17:41 . 2012-04-06 17:41 -------- d-----w- c:\windows\system32\SPReview
2012-04-06 16:41 . 2012-04-06 16:41 0 ----a-w- c:\windows\SysWow64\shoD704.tmp
2012-04-04 22:59 . 2012-04-04 22:59 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:47 . 2012-04-04 22:47 -------- d-----w- c:\windows\en
2012-04-04 22:37 . 2012-04-04 22:37 -------- d-----w- c:\windows\ar
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\bg
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\cs
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\da
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\de
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\el
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\es
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\fi
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\fr
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\he
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\hr
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\hu
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\it
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\ko
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\lt
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\lv
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\nl
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\no
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\pl
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\pt-br
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\pt-pt
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\ro
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\ru
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sk
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sl
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sr-latn-cs
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\sv
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\th
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\tr
2012-04-04 22:27 . 2012-04-04 22:27 -------- d-----w- c:\windows\zh-cn
2012-04-04 22:27 . 2012-04-04 22:27 -------- d-----w- c:\windows\zh-tw
2012-04-04 21:50 . 2012-04-04 21:50 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ff961d6e1cd12ac04\MeshBetaRemover.exe
2012-04-04 21:50 . 2012-04-04 21:50 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\DXSETUP.exe
2012-04-04 21:50 . 2012-04-04 21:50 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\DSETUP.dll
2012-04-04 21:50 . 2012-04-04 21:50 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\dsetup32.dll
2012-04-04 13:18 . 2012-04-04 13:18 -------- d-----w- c:\windows\system32\EventProviders
2012-04-04 00:35 . 2012-04-04 00:35 388096 ----a-r- c:\users\Emma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 00:35 . 2012-04-04 00:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 00:22 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 00:19 . 2012-04-04 00:19 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-04 00:11 . 2012-04-04 00:11 -------- d-----w- c:\program files\CCleaner
2012-04-04 00:08 . 2012-04-04 00:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-04 00:08 . 2012-04-04 00:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 00:08 . 2012-04-04 00:08 -------- d-----w- c:\program files (x86)\Java
2012-04-02 11:05 . 2009-07-14 01:38 918528 ----a-w- c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\calc.exe
2012-04-02 11:05 . 2009-07-14 01:39 6676480 ----a-w- c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\mspaint.exe
2012-03-31 19:10 . 2012-04-04 00:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-31 19:10 . 2012-03-31 19:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-20 00:46 . 2012-03-20 00:46 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 00:46 . 2012-03-20 00:46 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 01:25 . 2012-03-19 01:25 50 ----a-w- C:\user.js
2012-03-19 01:25 . 2012-03-19 01:25 -------- d-----w- c:\programdata\Premium
2012-03-19 01:24 . 2012-03-19 01:25 -------- d-----w- c:\programdata\InstallMate
2012-03-13 21:51 . 2012-03-13 21:51 -------- d-----w- c:\programdata\NCH Swift Sound
2012-03-13 21:51 . 2012-03-13 21:51 -------- d-----w- c:\users\Emma\AppData\Roaming\NCH Swift Sound
2012-03-13 17:25 . 2012-03-13 17:25 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-13 17:24 . 2012-03-13 17:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-13 17:24 . 2012-03-13 17:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-13 17:23 . 2012-03-13 17:25 -------- d-----w- c:\program files (x86)\Real
2012-03-13 15:41 . 2012-03-13 15:41 -------- d-----w- c:\users\Emma\AppData\Roaming\vlc
2012-03-13 15:40 . 2012-03-13 15:40 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-13 15:34 . 2012-03-13 15:34 -------- d-----w- c:\users\Emma\AppData\Roaming\Recordpad
2012-03-13 15:34 . 2012-03-30 21:32 -------- d-----w- c:\program files (x86)\NCH Software
2012-03-13 15:34 . 2012-03-19 03:12 -------- d-----w- c:\programdata\NCH Software
2012-03-13 15:34 . 2012-03-30 21:32 -------- d-----w- c:\users\Emma\AppData\Roaming\NCH Software
2012-03-08 21:20 . 2012-03-08 21:20 -------- d-----w- c:\users\Public\Games
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 12:29 . 2012-03-08 12:29 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:59 . 2012-02-05 16:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 17:02 . 2011-10-25 22:58 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-26 17:02 . 2011-10-25 22:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-26 17:02 . 2011-12-05 00:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-14 03:27 . 2012-04-06 08:54 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA744063-64DB-4ADC-9156-A921B943AF8F}\mpengine.dll
2012-02-23 09:18 . 2011-08-23 13:13 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_16.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-06 17:58 . 2012-04-06 17:58 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-04 01:20 . 2012-04-04 01:20 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-06 17:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-06 17:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 17:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-06 18:01 46380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-23 12:57 . 2012-04-06 18:01 11136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1964744218-1090075281-1278556077-1001_UserData.bin
- 2011-08-23 11:56 . 2012-04-06 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-23 11:56 . 2012-04-06 17:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 11:56 . 2012-04-06 08:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 11:56 . 2012-04-06 17:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 17:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-23 13:04 . 2012-04-06 17:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-23 13:04 . 2012-04-06 17:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 13:04 . 2012-04-06 17:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-23 13:04 . 2012-04-06 17:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-08 01:32 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-08 01:32 . 2012-04-06 17:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 17:59 . 2012-04-06 17:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 16:42 . 2012-04-06 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 17:59 . 2012-04-06 17:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 16:42 . 2012-04-06 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 17:41 . 2012-04-06 17:40 263168 c:\windows\system32\SPReview\spwizui.dll
- 2012-04-04 13:20 . 2012-04-04 13:18 263168 c:\windows\system32\SPReview\spwizui.dll
+ 2012-04-06 17:41 . 2012-04-06 17:40 301568 c:\windows\system32\SPReview\spreview.exe
- 2012-04-04 13:20 . 2012-04-04 13:18 301568 c:\windows\system32\SPReview\spreview.exe
+ 2012-04-06 17:41 . 2012-04-06 17:40 238592 c:\windows\system32\SPReview\sperror.dll
- 2012-04-04 13:20 . 2012-04-04 13:18 238592 c:\windows\system32\SPReview\sperror.dll
+ 2009-07-14 05:01 . 2012-04-06 17:58 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-06 16:41 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-14 06:10 . 2011-01-14 06:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\3819f2.msp
+ 2011-01-14 06:10 . 2011-01-14 06:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-13 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-1-11 2697728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd061a41c4e3e4.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 19:45]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 19:45]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core1cd0619cfda4d91.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 13:56]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 13:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-04-06 19:05:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 18:05
ComboFix2.txt 2012-04-06 17:20
.
Pre-Run: 23,332,093,952 bytes free
Post-Run: 23,300,587,520 bytes free
.
- - End Of File - - 29D5821C6A68BE76F17B02CA8E3193FF

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 06 April 2012 - 03:10 PM

Hello

try this for the default folders and the accessories folder http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe


to replace the shortcuts in the start menu there is no magic bullet for that



In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 06 April 2012 - 03:43 PM

Oh that worked perfectly!
Thanks for all your help Gringo :D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 06 April 2012 - 04:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 06 April 2012 - 04:48 PM

Hello,
Both programs ran fine.
Also I'm not sure if it's anything to do with the virus, but my laptop keeps saying that updates are ready to install but it is not allowing this, even after restarting the computer.

TDSSKiller:

22:21:30.0904 1784 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:21:31.0034 1784 ============================================================
22:21:31.0034 1784 Current date / time: 2012/04/06 22:21:31.0034
22:21:31.0034 1784 SystemInfo:
22:21:31.0034 1784
22:21:31.0034 1784 OS Version: 6.1.7600 ServicePack: 0.0
22:21:31.0034 1784 Product type: Workstation
22:21:31.0034 1784 ComputerName: EMMA-PC
22:21:31.0034 1784 UserName: Emma
22:21:31.0034 1784 Windows directory: C:\windows
22:21:31.0034 1784 System windows directory: C:\windows
22:21:31.0034 1784 Running under WOW64
22:21:31.0034 1784 Processor architecture: Intel x64
22:21:31.0034 1784 Number of processors: 2
22:21:31.0034 1784 Page size: 0x1000
22:21:31.0034 1784 Boot type: Normal boot
22:21:31.0034 1784 ============================================================
22:21:31.0579 1784 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:31.0584 1784 \Device\Harddisk0\DR0:
22:21:31.0584 1784 MBR used
22:21:31.0584 1784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:21:31.0584 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE000000
22:21:31.0607 1784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE033000, BlocksNum 0x14AD9800
22:21:31.0719 1784 Initialize success
22:21:31.0722 1784 ============================================================
22:21:32.0872 0224 ============================================================
22:21:32.0872 0224 Scan started
22:21:32.0872 0224 Mode: Manual;
22:21:32.0872 0224 ============================================================
22:21:33.0770 0224 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
22:21:33.0770 0224 1394ohci - ok
22:21:33.0885 0224 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
22:21:33.0890 0224 ACPI - ok
22:21:34.0030 0224 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
22:21:34.0030 0224 AcpiPmi - ok
22:21:34.0170 0224 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:34.0170 0224 AdobeFlashPlayerUpdateSvc - ok
22:21:34.0312 0224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
22:21:34.0320 0224 adp94xx - ok
22:21:34.0445 0224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
22:21:34.0450 0224 adpahci - ok
22:21:34.0595 0224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
22:21:34.0597 0224 adpu320 - ok
22:21:34.0735 0224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:21:34.0736 0224 AeLookupSvc - ok
22:21:34.0882 0224 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
22:21:34.0888 0224 AFD - ok
22:21:35.0019 0224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
22:21:35.0020 0224 agp440 - ok
22:21:35.0127 0224 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:21:35.0138 0224 ALG - ok
22:21:35.0252 0224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
22:21:35.0252 0224 aliide - ok
22:21:35.0341 0224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
22:21:35.0342 0224 amdide - ok
22:21:35.0449 0224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
22:21:35.0450 0224 AmdK8 - ok
22:21:35.0544 0224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:21:35.0545 0224 AmdPPM - ok
22:21:35.0695 0224 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
22:21:35.0697 0224 amdsata - ok
22:21:35.0792 0224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
22:21:35.0795 0224 amdsbs - ok
22:21:35.0934 0224 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
22:21:35.0935 0224 amdxata - ok
22:21:36.0064 0224 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
22:21:36.0065 0224 AppID - ok
22:21:36.0173 0224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:21:36.0174 0224 AppIDSvc - ok
22:21:36.0280 0224 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
22:21:36.0281 0224 Appinfo - ok
22:21:36.0511 0224 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:36.0512 0224 Apple Mobile Device - ok
22:21:36.0666 0224 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
22:21:36.0667 0224 arc - ok
22:21:36.0805 0224 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
22:21:36.0806 0224 arcsas - ok
22:21:36.0895 0224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:21:36.0895 0224 AsyncMac - ok
22:21:37.0160 0224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
22:21:37.0160 0224 atapi - ok
22:21:37.0310 0224 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\windows\system32\DRIVERS\athrx.sys
22:21:37.0350 0224 athr - ok
22:21:37.0490 0224 AudioEndpointBuilder (4e7f607a185b2ffdcd0a60f9673c42a8) C:\windows\System32\Audiosrv.dll
22:21:37.0500 0224 AudioEndpointBuilder - ok
22:21:37.0530 0224 AudioSrv (4e7f607a185b2ffdcd0a60f9673c42a8) C:\windows\System32\Audiosrv.dll
22:21:37.0540 0224 AudioSrv - ok
22:21:37.0690 0224 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
22:21:37.0690 0224 AxInstSV - ok
22:21:37.0850 0224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
22:21:37.0860 0224 b06bdrv - ok
22:21:38.0000 0224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:21:38.0000 0224 b57nd60a - ok
22:21:38.0140 0224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:21:38.0150 0224 BDESVC - ok
22:21:38.0290 0224 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:21:38.0290 0224 Beep - ok
22:21:38.0430 0224 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
22:21:38.0430 0224 BFE - ok
22:21:38.0540 0224 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
22:21:38.0550 0224 BITS - ok
22:21:38.0680 0224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:21:38.0690 0224 blbdrive - ok
22:21:38.0801 0224 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:21:38.0801 0224 Bonjour Service - ok
22:21:38.0951 0224 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
22:21:38.0951 0224 bowser - ok
22:21:39.0091 0224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:21:39.0091 0224 BrFiltLo - ok
22:21:39.0221 0224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:21:39.0221 0224 BrFiltUp - ok
22:21:39.0341 0224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:21:39.0351 0224 BridgeMP - ok
22:21:39.0481 0224 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
22:21:39.0481 0224 Browser - ok
22:21:39.0631 0224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:21:39.0631 0224 Brserid - ok
22:21:39.0741 0224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:21:39.0741 0224 BrSerWdm - ok
22:21:39.0871 0224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:21:39.0871 0224 BrUsbMdm - ok
22:21:40.0001 0224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:21:40.0001 0224 BrUsbSer - ok
22:21:40.0111 0224 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
22:21:40.0111 0224 BthEnum - ok
22:21:40.0271 0224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:21:40.0272 0224 BTHMODEM - ok
22:21:40.0378 0224 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:21:40.0379 0224 BthPan - ok
22:21:40.0517 0224 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
22:21:40.0523 0224 BTHPORT - ok
22:21:40.0666 0224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:21:40.0667 0224 bthserv - ok
22:21:40.0772 0224 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
22:21:40.0773 0224 BTHUSB - ok
22:21:40.0796 0224 catchme - ok
22:21:40.0902 0224 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:21:40.0903 0224 cdfs - ok
22:21:41.0021 0224 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
22:21:41.0023 0224 cdrom - ok
22:21:41.0121 0224 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
22:21:41.0123 0224 CertPropSvc - ok
22:21:41.0239 0224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
22:21:41.0240 0224 circlass - ok
22:21:41.0357 0224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:21:41.0362 0224 CLFS - ok
22:21:41.0455 0224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:41.0456 0224 clr_optimization_v2.0.50727_32 - ok
22:21:41.0544 0224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:41.0544 0224 clr_optimization_v2.0.50727_64 - ok
22:21:41.0704 0224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:41.0714 0224 clr_optimization_v4.0.30319_32 - ok
22:21:41.0854 0224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:41.0854 0224 clr_optimization_v4.0.30319_64 - ok
22:21:41.0954 0224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:21:41.0954 0224 CmBatt - ok
22:21:42.0054 0224 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
22:21:42.0054 0224 cmdide - ok
22:21:42.0154 0224 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
22:21:42.0164 0224 CNG - ok
22:21:42.0264 0224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:21:42.0264 0224 Compbatt - ok
22:21:42.0414 0224 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
22:21:42.0414 0224 CompositeBus - ok
22:21:42.0474 0224 COMSysApp - ok
22:21:42.0584 0224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
22:21:42.0584 0224 crcdisk - ok
22:21:42.0704 0224 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
22:21:42.0704 0224 CryptSvc - ok
22:21:42.0824 0224 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:21:42.0834 0224 cvhsvc - ok
22:21:42.0944 0224 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
22:21:42.0944 0224 DcomLaunch - ok
22:21:43.0054 0224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:21:43.0064 0224 defragsvc - ok
22:21:43.0164 0224 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
22:21:43.0164 0224 DfsC - ok
22:21:43.0254 0224 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
22:21:43.0264 0224 Dhcp - ok
22:21:43.0374 0224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:21:43.0374 0224 discache - ok
22:21:43.0474 0224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
22:21:43.0474 0224 Disk - ok
22:21:43.0564 0224 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
22:21:43.0574 0224 Dnscache - ok
22:21:43.0674 0224 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
22:21:43.0684 0224 dot3svc - ok
22:21:43.0774 0224 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
22:21:43.0774 0224 DPS - ok
22:21:43.0874 0224 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:21:43.0874 0224 drmkaud - ok
22:21:44.0024 0224 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
22:21:44.0034 0224 DXGKrnl - ok
22:21:44.0134 0224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:21:44.0134 0224 EapHost - ok
22:21:44.0244 0224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
22:21:44.0304 0224 ebdrv - ok
22:21:44.0414 0224 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\System32\lsass.exe
22:21:44.0414 0224 EFS - ok
22:21:44.0494 0224 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
22:21:44.0504 0224 ehRecvr - ok
22:21:44.0594 0224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:21:44.0604 0224 ehSched - ok
22:21:44.0724 0224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
22:21:44.0724 0224 elxstor - ok
22:21:44.0824 0224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
22:21:44.0824 0224 ErrDev - ok
22:21:44.0924 0224 ETD (b73181411523d264ad7bec35b84716ab) C:\windows\system32\DRIVERS\ETD.sys
22:21:44.0924 0224 ETD - ok
22:21:45.0034 0224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:21:45.0044 0224 EventSystem - ok
22:21:45.0151 0224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:21:45.0154 0224 exfat - ok
22:21:45.0255 0224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:21:45.0257 0224 fastfat - ok
22:21:45.0368 0224 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
22:21:45.0376 0224 Fax - ok
22:21:45.0486 0224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
22:21:45.0487 0224 fdc - ok
22:21:45.0744 0224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:21:45.0760 0224 fdPHost - ok
22:21:45.0844 0224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:21:45.0847 0224 FDResPub - ok
22:21:45.0893 0224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:21:45.0894 0224 FileInfo - ok
22:21:45.0921 0224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:21:45.0925 0224 Filetrace - ok
22:21:45.0952 0224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
22:21:45.0953 0224 flpydisk - ok
22:21:45.0980 0224 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
22:21:45.0984 0224 FltMgr - ok
22:21:46.0032 0224 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
22:21:46.0046 0224 FontCache - ok
22:21:46.0173 0224 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:46.0175 0224 FontCache3.0.0.0 - ok
22:21:46.0250 0224 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:21:46.0251 0224 FsDepends - ok
22:21:46.0276 0224 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
22:21:46.0277 0224 Fs_Rec - ok
22:21:46.0348 0224 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
22:21:46.0350 0224 fvevol - ok
22:21:46.0474 0224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
22:21:46.0474 0224 gagp30kx - ok
22:21:46.0584 0224 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
22:21:46.0584 0224 GameConsoleService - ok
22:21:46.0710 0224 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:46.0711 0224 GEARAspiWDM - ok
22:21:46.0825 0224 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
22:21:46.0834 0224 gpsvc - ok
22:21:46.0980 0224 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:46.0982 0224 gupdate - ok
22:21:47.0010 0224 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:47.0012 0224 gupdatem - ok
22:21:47.0111 0224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:21:47.0112 0224 hcw85cir - ok
22:21:47.0158 0224 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
22:21:47.0165 0224 HdAudAddService - ok
22:21:47.0203 0224 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:21:47.0205 0224 HDAudBus - ok
22:21:47.0245 0224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
22:21:47.0246 0224 HidBatt - ok
22:21:47.0299 0224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
22:21:47.0300 0224 HidBth - ok
22:21:47.0324 0224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
22:21:47.0325 0224 HidIr - ok
22:21:47.0368 0224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:21:47.0370 0224 hidserv - ok
22:21:47.0453 0224 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
22:21:47.0454 0224 HidUsb - ok
22:21:47.0500 0224 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
22:21:47.0503 0224 hkmsvc - ok
22:21:47.0548 0224 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
22:21:47.0551 0224 HomeGroupListener - ok
22:21:47.0582 0224 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
22:21:47.0586 0224 HomeGroupProvider - ok
22:21:47.0614 0224 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
22:21:47.0616 0224 HpSAMD - ok
22:21:47.0650 0224 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
22:21:47.0658 0224 HTTP - ok
22:21:47.0685 0224 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
22:21:47.0685 0224 hwpolicy - ok
22:21:47.0719 0224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:21:47.0720 0224 i8042prt - ok
22:21:47.0770 0224 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
22:21:47.0774 0224 iaStor - ok
22:21:47.0829 0224 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
22:21:47.0836 0224 iaStorV - ok
22:21:47.0920 0224 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:47.0934 0224 idsvc - ok
22:21:48.0162 0224 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\windows\system32\DRIVERS\igdkmd64.sys
22:21:48.0305 0224 igfx - ok
22:21:48.0429 0224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
22:21:48.0430 0224 iirsp - ok
22:21:48.0494 0224 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
22:21:48.0505 0224 IKEEXT - ok
22:21:48.0642 0224 IntcAzAudAddService (bbda43f02a2c642a2df191fa8c0b0052) C:\windows\system32\drivers\RTKVHD64.sys
22:21:48.0669 0224 IntcAzAudAddService - ok
22:21:48.0796 0224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
22:21:48.0798 0224 intelide - ok
22:21:48.0835 0224 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:21:48.0837 0224 intelppm - ok
22:21:48.0890 0224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:21:48.0892 0224 IPBusEnum - ok
22:21:48.0914 0224 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:21:48.0915 0224 IpFilterDriver - ok
22:21:48.0940 0224 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
22:21:48.0947 0224 iphlpsvc - ok
22:21:48.0974 0224 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:21:48.0976 0224 IPMIDRV - ok
22:21:48.0985 0224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:21:48.0989 0224 IPNAT - ok
22:21:49.0074 0224 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
22:21:49.0084 0224 iPod Service - ok
22:21:49.0120 0224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:21:49.0121 0224 IRENUM - ok
22:21:49.0144 0224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
22:21:49.0145 0224 isapnp - ok
22:21:49.0171 0224 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
22:21:49.0174 0224 iScsiPrt - ok
22:21:49.0205 0224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:21:49.0206 0224 kbdclass - ok
22:21:49.0241 0224 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
22:21:49.0242 0224 kbdhid - ok
22:21:49.0285 0224 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
22:21:49.0286 0224 KeyIso - ok
22:21:49.0299 0224 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
22:21:49.0301 0224 KSecDD - ok
22:21:49.0348 0224 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
22:21:49.0350 0224 KSecPkg - ok
22:21:49.0363 0224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:21:49.0364 0224 ksthunk - ok
22:21:49.0387 0224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:21:49.0393 0224 KtmRm - ok
22:21:49.0429 0224 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
22:21:49.0434 0224 LanmanServer - ok
22:21:49.0484 0224 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
22:21:49.0484 0224 LanmanWorkstation - ok
22:21:49.0564 0224 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:21:49.0574 0224 lltdio - ok
22:21:49.0624 0224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:21:49.0624 0224 lltdsvc - ok
22:21:49.0644 0224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:21:49.0654 0224 lmhosts - ok
22:21:49.0684 0224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
22:21:49.0684 0224 LSI_FC - ok
22:21:49.0704 0224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
22:21:49.0714 0224 LSI_SAS - ok
22:21:49.0734 0224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:21:49.0734 0224 LSI_SAS2 - ok
22:21:49.0754 0224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:21:49.0754 0224 LSI_SCSI - ok
22:21:49.0774 0224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:21:49.0784 0224 luafv - ok
22:21:49.0884 0224 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:21:49.0884 0224 McComponentHostService - ok
22:21:49.0924 0224 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
22:21:49.0924 0224 Mcx2Svc - ok
22:21:49.0974 0224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
22:21:49.0974 0224 megasas - ok
22:21:50.0004 0224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
22:21:50.0004 0224 MegaSR - ok
22:21:50.0094 0224 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:21:50.0094 0224 Microsoft Office Groove Audit Service - ok
22:21:50.0138 0224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:21:50.0140 0224 MMCSS - ok
22:21:50.0160 0224 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:21:50.0161 0224 Modem - ok
22:21:50.0198 0224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:21:50.0198 0224 monitor - ok
22:21:50.0215 0224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:21:50.0216 0224 mouclass - ok
22:21:50.0239 0224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:21:50.0240 0224 mouhid - ok
22:21:50.0270 0224 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
22:21:50.0271 0224 mountmgr - ok
22:21:50.0296 0224 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
22:21:50.0299 0224 mpio - ok
22:21:50.0334 0224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:21:50.0347 0224 mpsdrv - ok
22:21:50.0432 0224 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
22:21:50.0442 0224 MpsSvc - ok
22:21:50.0471 0224 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
22:21:50.0473 0224 MRxDAV - ok
22:21:50.0512 0224 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
22:21:50.0515 0224 mrxsmb - ok
22:21:50.0555 0224 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:21:50.0558 0224 mrxsmb10 - ok
22:21:50.0609 0224 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:21:50.0611 0224 mrxsmb20 - ok
22:21:50.0632 0224 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
22:21:50.0633 0224 msahci - ok
22:21:50.0655 0224 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
22:21:50.0657 0224 msdsm - ok
22:21:50.0688 0224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:21:50.0696 0224 MSDTC - ok
22:21:50.0727 0224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:21:50.0728 0224 Msfs - ok
22:21:50.0752 0224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:21:50.0753 0224 mshidkmdf - ok
22:21:50.0777 0224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
22:21:50.0778 0224 msisadrv - ok
22:21:50.0819 0224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:21:50.0822 0224 MSiSCSI - ok
22:21:50.0830 0224 msiserver - ok
22:21:50.0877 0224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:21:50.0877 0224 MSKSSRV - ok
22:21:50.0913 0224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:21:50.0914 0224 MSPCLOCK - ok
22:21:50.0937 0224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:21:50.0938 0224 MSPQM - ok
22:21:50.0968 0224 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
22:21:50.0972 0224 MsRPC - ok
22:21:51.0004 0224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:21:51.0004 0224 mssmbios - ok
22:21:51.0024 0224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:21:51.0025 0224 MSTEE - ok
22:21:51.0045 0224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
22:21:51.0045 0224 MTConfig - ok
22:21:51.0066 0224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:21:51.0067 0224 Mup - ok
22:21:51.0099 0224 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
22:21:51.0105 0224 napagent - ok
22:21:51.0162 0224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:21:51.0166 0224 NativeWifiP - ok
22:21:51.0227 0224 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\windows\system32\drivers\ndis.sys
22:21:51.0237 0224 NDIS - ok
22:21:51.0283 0224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:21:51.0285 0224 NdisCap - ok
22:21:51.0325 0224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:21:51.0326 0224 NdisTapi - ok
22:21:51.0349 0224 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
22:21:51.0350 0224 Ndisuio - ok
22:21:51.0370 0224 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
22:21:51.0373 0224 NdisWan - ok
22:21:51.0393 0224 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
22:21:51.0395 0224 NDProxy - ok
22:21:51.0438 0224 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\windows\system32\DRIVERS\netaapl64.sys
22:21:51.0439 0224 Netaapl - ok
22:21:51.0471 0224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:21:51.0472 0224 NetBIOS - ok
22:21:51.0497 0224 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
22:21:51.0500 0224 NetBT - ok
22:21:51.0552 0224 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
22:21:51.0553 0224 Netlogon - ok
22:21:51.0601 0224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:21:51.0606 0224 Netman - ok
22:21:51.0635 0224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:21:51.0641 0224 netprofm - ok
22:21:51.0743 0224 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:51.0745 0224 NetTcpPortSharing - ok
22:21:51.0815 0224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
22:21:51.0816 0224 nfrd960 - ok
22:21:51.0855 0224 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
22:21:51.0859 0224 NlaSvc - ok
22:21:51.0878 0224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:21:51.0880 0224 Npfs - ok
22:21:51.0893 0224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:21:51.0895 0224 nsi - ok
22:21:51.0909 0224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:21:51.0910 0224 nsiproxy - ok
22:21:51.0990 0224 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
22:21:52.0008 0224 Ntfs - ok
22:21:52.0043 0224 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:21:52.0044 0224 Null - ok
22:21:52.0096 0224 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
22:21:52.0098 0224 nvraid - ok
22:21:52.0123 0224 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
22:21:52.0125 0224 nvstor - ok
22:21:52.0177 0224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
22:21:52.0179 0224 nv_agp - ok
22:21:52.0293 0224 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:21:52.0298 0224 odserv - ok
22:21:52.0325 0224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
22:21:52.0327 0224 ohci1394 - ok
22:21:52.0394 0224 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:52.0396 0224 ose - ok
22:21:52.0554 0224 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:21:52.0695 0224 osppsvc - ok
22:21:52.0816 0224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:21:52.0821 0224 p2pimsvc - ok
22:21:52.0858 0224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:21:52.0864 0224 p2psvc - ok
22:21:52.0928 0224 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
22:21:52.0929 0224 Parport - ok
22:21:52.0946 0224 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
22:21:52.0948 0224 partmgr - ok
22:21:52.0978 0224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:21:52.0981 0224 PcaSvc - ok
22:21:52.0998 0224 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
22:21:53.0000 0224 pci - ok
22:21:53.0025 0224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:21:53.0026 0224 pciide - ok
22:21:53.0047 0224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
22:21:53.0050 0224 pcmcia - ok
22:21:53.0083 0224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:21:53.0084 0224 pcw - ok
22:21:53.0125 0224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:21:53.0132 0224 PEAUTH - ok
22:21:53.0199 0224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:21:53.0201 0224 PerfHost - ok
22:21:53.0269 0224 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
22:21:53.0285 0224 pla - ok
22:21:53.0325 0224 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
22:21:53.0331 0224 PlugPlay - ok
22:21:53.0365 0224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:21:53.0367 0224 PNRPAutoReg - ok
22:21:53.0393 0224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:21:53.0396 0224 PNRPsvc - ok
22:21:53.0437 0224 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
22:21:53.0443 0224 PolicyAgent - ok
22:21:53.0473 0224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:21:53.0476 0224 Power - ok
22:21:53.0530 0224 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
22:21:53.0531 0224 PptpMiniport - ok
22:21:53.0549 0224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
22:21:53.0550 0224 Processor - ok
22:21:53.0582 0224 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
22:21:53.0585 0224 ProfSvc - ok
22:21:53.0611 0224 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
22:21:53.0612 0224 ProtectedStorage - ok
22:21:53.0643 0224 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
22:21:53.0644 0224 Psched - ok
22:21:53.0711 0224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
22:21:53.0730 0224 ql2300 - ok
22:21:53.0757 0224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
22:21:53.0759 0224 ql40xx - ok
22:21:53.0791 0224 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:21:53.0795 0224 QWAVE - ok
22:21:53.0820 0224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:21:53.0821 0224 QWAVEdrv - ok
22:21:53.0846 0224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:21:53.0847 0224 RasAcd - ok
22:21:53.0881 0224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:21:53.0883 0224 RasAgileVpn - ok
22:21:53.0902 0224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:21:53.0905 0224 RasAuto - ok
22:21:53.0926 0224 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
22:21:53.0927 0224 Rasl2tp - ok
22:21:53.0951 0224 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
22:21:53.0956 0224 RasMan - ok
22:21:53.0971 0224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:21:53.0972 0224 RasPppoe - ok
22:21:53.0990 0224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:21:53.0991 0224 RasSstp - ok
22:21:54.0015 0224 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
22:21:54.0019 0224 rdbss - ok
22:21:54.0040 0224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:21:54.0041 0224 rdpbus - ok
22:21:54.0067 0224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:21:54.0067 0224 RDPCDD - ok
22:21:54.0097 0224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:21:54.0098 0224 RDPENCDD - ok
22:21:54.0116 0224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:21:54.0117 0224 RDPREFMP - ok
22:21:54.0139 0224 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
22:21:54.0142 0224 RDPWD - ok
22:21:54.0171 0224 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
22:21:54.0173 0224 rdyboost - ok
22:21:54.0207 0224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:21:54.0210 0224 RemoteAccess - ok
22:21:54.0253 0224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:21:54.0257 0224 RemoteRegistry - ok
22:21:54.0292 0224 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:21:54.0294 0224 RFCOMM - ok
22:21:54.0317 0224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:21:54.0320 0224 RpcEptMapper - ok
22:21:54.0343 0224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:21:54.0345 0224 RpcLocator - ok
22:21:54.0382 0224 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
22:21:54.0387 0224 RpcSs - ok
22:21:54.0420 0224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:21:54.0421 0224 rspndr - ok
22:21:54.0461 0224 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
22:21:54.0464 0224 RTL8167 - ok
22:21:54.0543 0224 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
22:21:54.0543 0224 rtport - ok
22:21:54.0589 0224 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
22:21:54.0590 0224 SABI - ok
22:21:54.0631 0224 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
22:21:54.0632 0224 SamSs - ok
22:21:54.0674 0224 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
22:21:54.0678 0224 Samsung UPD Service - ok
22:21:54.0707 0224 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
22:21:54.0709 0224 sbp2port - ok
22:21:54.0835 0224 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:21:54.0845 0224 SBSDWSCService - ok
22:21:54.0922 0224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:21:54.0926 0224 SCardSvr - ok
22:21:54.0967 0224 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
22:21:54.0968 0224 scfilter - ok
22:21:55.0025 0224 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
22:21:55.0039 0224 Schedule - ok
22:21:55.0064 0224 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
22:21:55.0065 0224 SCPolicySvc - ok
22:21:55.0099 0224 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
22:21:55.0102 0224 SDRSVC - ok
22:21:55.0158 0224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:21:55.0159 0224 secdrv - ok
22:21:55.0179 0224 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
22:21:55.0181 0224 seclogon - ok
22:21:55.0196 0224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
22:21:55.0198 0224 SENS - ok
22:21:55.0230 0224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:21:55.0232 0224 SensrSvc - ok
22:21:55.0270 0224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:21:55.0272 0224 Serenum - ok
22:21:55.0307 0224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
22:21:55.0309 0224 Serial - ok
22:21:55.0330 0224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
22:21:55.0331 0224 sermouse - ok
22:21:55.0363 0224 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
22:21:55.0366 0224 SessionEnv - ok
22:21:55.0393 0224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
22:21:55.0394 0224 sffdisk - ok
22:21:55.0402 0224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:21:55.0404 0224 sffp_mmc - ok
22:21:55.0415 0224 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
22:21:55.0417 0224 sffp_sd - ok
22:21:55.0429 0224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
22:21:55.0431 0224 sfloppy - ok
22:21:55.0493 0224 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
22:21:55.0502 0224 Sftfs - ok
22:21:55.0589 0224 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:21:55.0593 0224 sftlist - ok
22:21:55.0617 0224 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
22:21:55.0621 0224 Sftplay - ok
22:21:55.0673 0224 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
22:21:55.0675 0224 Sftredir - ok
22:21:55.0715 0224 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
22:21:55.0716 0224 Sftvol - ok
22:21:55.0813 0224 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:21:55.0816 0224 sftvsa - ok
22:21:55.0847 0224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:21:55.0852 0224 SharedAccess - ok
22:21:55.0896 0224 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
22:21:55.0901 0224 ShellHWDetection - ok
22:21:55.0956 0224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:21:55.0957 0224 SiSRaid2 - ok
22:21:55.0978 0224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
22:21:55.0979 0224 SiSRaid4 - ok
22:21:56.0007 0224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:21:56.0009 0224 Smb - ok
22:21:56.0092 0224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:21:56.0094 0224 SNMPTRAP - ok
22:21:56.0111 0224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:21:56.0112 0224 spldr - ok
22:21:56.0146 0224 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
22:21:56.0153 0224 Spooler - ok
22:21:56.0242 0224 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
22:21:56.0291 0224 sppsvc - ok
22:21:56.0399 0224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:21:56.0402 0224 sppuinotify - ok
22:21:56.0477 0224 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
22:21:56.0483 0224 srv - ok
22:21:56.0507 0224 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
22:21:56.0511 0224 srv2 - ok
22:21:56.0533 0224 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
22:21:56.0535 0224 srvnet - ok
22:21:56.0566 0224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:21:56.0570 0224 SSDPSRV - ok
22:21:56.0590 0224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:21:56.0592 0224 SstpSvc - ok
22:21:56.0636 0224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
22:21:56.0637 0224 stexstor - ok
22:21:56.0682 0224 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
22:21:56.0690 0224 stisvc - ok
22:21:56.0716 0224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:21:56.0717 0224 swenum - ok
22:21:56.0772 0224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:21:56.0779 0224 swprv - ok
22:21:56.0837 0224 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
22:21:56.0857 0224 SysMain - ok
22:21:56.0883 0224 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
22:21:56.0886 0224 TabletInputService - ok
22:21:56.0904 0224 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
22:21:56.0909 0224 TapiSrv - ok
22:21:56.0943 0224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:21:56.0946 0224 TBS - ok
22:21:57.0065 0224 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
22:21:57.0085 0224 Tcpip - ok
22:21:57.0255 0224 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
22:21:57.0265 0224 TCPIP6 - ok
22:21:57.0365 0224 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
22:21:57.0365 0224 tcpipreg - ok
22:21:57.0395 0224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:21:57.0395 0224 TDPIPE - ok
22:21:57.0425 0224 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
22:21:57.0425 0224 TDTCP - ok
22:21:57.0455 0224 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
22:21:57.0455 0224 tdx - ok
22:21:57.0475 0224 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
22:21:57.0485 0224 TermDD - ok
22:21:57.0515 0224 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
22:21:57.0527 0224 TermService - ok
22:21:57.0552 0224 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:21:57.0554 0224 Themes - ok
22:21:57.0576 0224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:21:57.0578 0224 THREADORDER - ok
22:21:57.0615 0224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:21:57.0618 0224 TrkWks - ok
22:21:57.0659 0224 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
22:21:57.0662 0224 TrustedInstaller - ok
22:21:57.0710 0224 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
22:21:57.0711 0224 tssecsrv - ok
22:21:57.0753 0224 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
22:21:57.0754 0224 tunnel - ok
22:21:57.0773 0224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
22:21:57.0775 0224 uagp35 - ok
22:21:57.0808 0224 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
22:21:57.0812 0224 udfs - ok
22:21:57.0855 0224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:21:57.0857 0224 UI0Detect - ok
22:21:57.0899 0224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
22:21:57.0901 0224 uliagpkx - ok
22:21:57.0926 0224 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
22:21:57.0927 0224 umbus - ok
22:21:57.0973 0224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:21:57.0974 0224 UmPass - ok
22:21:57.0997 0224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:21:58.0003 0224 upnphost - ok
22:21:58.0038 0224 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
22:21:58.0040 0224 USBAAPL64 - ok
22:21:58.0075 0224 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
22:21:58.0077 0224 usbccgp - ok
22:21:58.0105 0224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
22:21:58.0106 0224 usbcir - ok
22:21:58.0144 0224 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
22:21:58.0145 0224 usbehci - ok
22:21:58.0169 0224 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
22:21:58.0174 0224 usbhub - ok
22:21:58.0212 0224 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
22:21:58.0213 0224 usbohci - ok
22:21:58.0231 0224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:21:58.0232 0224 usbprint - ok
22:21:58.0264 0224 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:21:58.0266 0224 usbscan - ok
22:21:58.0307 0224 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:21:58.0308 0224 USBSTOR - ok
22:21:58.0341 0224 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
22:21:58.0342 0224 usbuhci - ok
22:21:58.0377 0224 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
22:21:58.0379 0224 usbvideo - ok
22:21:58.0406 0224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:21:58.0408 0224 UxSms - ok
22:21:58.0437 0224 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
22:21:58.0438 0224 VaultSvc - ok
22:21:58.0483 0224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
22:21:58.0484 0224 vdrvroot - ok
22:21:58.0523 0224 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
22:21:58.0523 0224 vds - ok
22:21:58.0553 0224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:21:58.0553 0224 vga - ok
22:21:58.0573 0224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:21:58.0573 0224 VgaSave - ok
22:21:58.0603 0224 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
22:21:58.0603 0224 vhdmp - ok
22:21:58.0623 0224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
22:21:58.0623 0224 viaide - ok
22:21:58.0653 0224 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
22:21:58.0653 0224 volmgr - ok
22:21:58.0693 0224 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
22:21:58.0703 0224 volmgrx - ok
22:21:58.0723 0224 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
22:21:58.0723 0224 volsnap - ok
22:21:58.0763 0224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
22:21:58.0763 0224 vsmraid - ok
22:21:58.0853 0224 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
22:21:58.0873 0224 VSS - ok
22:21:58.0939 0224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:21:58.0939 0224 vwifibus - ok
22:21:58.0986 0224 vwififlt (33cec36f6f6219fcb554f61370efbdbc) C:\windows\system32\DRIVERS\vwififlt.sys
22:21:58.0986 0224 vwififlt - ok
22:21:59.0033 0224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:21:59.0049 0224 W32Time - ok
22:21:59.0080 0224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
22:21:59.0081 0224 WacomPen - ok
22:21:59.0114 0224 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:21:59.0115 0224 WANARP - ok
22:21:59.0120 0224 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:21:59.0121 0224 Wanarpv6 - ok
22:21:59.0206 0224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:21:59.0219 0224 WatAdminSvc - ok
22:21:59.0285 0224 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
22:21:59.0302 0224 wbengine - ok
22:21:59.0328 0224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:21:59.0332 0224 WbioSrvc - ok
22:21:59.0374 0224 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
22:21:59.0380 0224 wcncsvc - ok
22:21:59.0399 0224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:21:59.0402 0224 WcsPlugInService - ok
22:21:59.0451 0224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
22:21:59.0452 0224 Wd - ok
22:21:59.0483 0224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:21:59.0491 0224 Wdf01000 - ok
22:21:59.0505 0224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:21:59.0508 0224 WdiServiceHost - ok
22:21:59.0515 0224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:21:59.0517 0224 WdiSystemHost - ok
22:21:59.0550 0224 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
22:21:59.0555 0224 WebClient - ok
22:21:59.0575 0224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:21:59.0579 0224 Wecsvc - ok
22:21:59.0604 0224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:21:59.0608 0224 wercplsupport - ok
22:21:59.0644 0224 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:21:59.0647 0224 WerSvc - ok
22:21:59.0698 0224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:21:59.0699 0224 WfpLwf - ok
22:21:59.0722 0224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:21:59.0723 0224 WIMMount - ok
22:21:59.0765 0224 WinDefend - ok
22:21:59.0775 0224 WinHttpAutoProxySvc - ok
22:21:59.0843 0224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:21:59.0846 0224 Winmgmt - ok
22:21:59.0912 0224 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
22:21:59.0935 0224 WinRM - ok
22:21:59.0992 0224 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
22:21:59.0993 0224 WinUsb - ok
22:22:00.0047 0224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:22:00.0057 0224 Wlansvc - ok
22:22:00.0120 0224 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:00.0120 0224 wlcrasvc - ok
22:22:00.0265 0224 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:00.0289 0224 wlidsvc - ok
22:22:00.0390 0224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:22:00.0391 0224 WmiAcpi - ok
22:22:00.0459 0224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:22:00.0462 0224 wmiApSrv - ok
22:22:00.0501 0224 WMPNetworkSvc - ok
22:22:00.0531 0224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:22:00.0534 0224 WPCSvc - ok
22:22:00.0554 0224 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
22:22:00.0557 0224 WPDBusEnum - ok
22:22:00.0600 0224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:22:00.0600 0224 ws2ifsl - ok
22:22:00.0631 0224 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
22:22:00.0635 0224 wscsvc - ok
22:22:00.0642 0224 WSearch - ok
22:22:00.0712 0224 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
22:22:00.0740 0224 wuauserv - ok
22:22:00.0835 0224 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
22:22:00.0837 0224 WudfPf - ok
22:22:00.0870 0224 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
22:22:00.0872 0224 WUDFRd - ok
22:22:00.0905 0224 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
22:22:00.0907 0224 wudfsvc - ok
22:22:00.0933 0224 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:22:00.0938 0224 WwanSvc - ok
22:22:00.0997 0224 yukonw7 (4647fda6e21b18824d6073801177f4f7) C:\windows\system32\DRIVERS\yk62x64.sys
22:22:01.0002 0224 yukonw7 - ok
22:22:01.0053 0224 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:22:01.0270 0224 \Device\Harddisk0\DR0 - ok
22:22:01.0275 0224 Boot (0x1200) (27b1a40bcfcf4154ec37de48542cf0e4) \Device\Harddisk0\DR0\Partition0
22:22:01.0276 0224 \Device\Harddisk0\DR0\Partition0 - ok
22:22:01.0295 0224 Boot (0x1200) (c72a2dc33f4b20517459f051835d13db) \Device\Harddisk0\DR0\Partition1
22:22:01.0296 0224 \Device\Harddisk0\DR0\Partition1 - ok
22:22:01.0315 0224 Boot (0x1200) (03a8d14a37997777670159676b677bc0) \Device\Harddisk0\DR0\Partition2
22:22:01.0316 0224 \Device\Harddisk0\DR0\Partition2 - ok
22:22:01.0317 0224 ============================================================
22:22:01.0317 0224 Scan finished
22:22:01.0317 0224 ============================================================
22:22:01.0332 0864 Detected object count: 0
22:22:01.0332 0864 Actual detected object count: 0


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 22:23:20
-----------------------------
22:23:20.910 OS Version: Windows x64 6.1.7600
22:23:20.910 Number of processors: 2 586 0x170A
22:23:20.911 ComputerName: EMMA-PC UserName: Emma
22:23:21.366 Initialize success
22:33:16.322 AVAST engine defs: 12040601
22:35:34.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:35:34.952 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
22:35:34.961 Disk 0 MBR read successfully
22:35:34.964 Disk 0 MBR scan
22:35:34.969 Disk 0 unknown MBR code
22:35:34.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:35:34.992 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114688 MB offset 206848
22:35:34.998 Disk 0 Partition - 00 0F Extended LBA 169396 MB offset 235087872
22:35:35.033 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 21058 MB offset 582010880
22:35:35.112 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169395 MB offset 235089920
22:35:35.141 Disk 0 scanning C:\windows\system32\drivers
22:35:45.586 Service scanning
22:36:09.812 Modules scanning
22:36:10.158 Disk 0 trace - called modules:
22:36:10.181 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:36:10.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005154410]
22:36:10.197 3 CLASSPNP.SYS[fffff88001b0643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e70050]
22:36:10.880 AVAST engine scan C:\windows
22:36:14.560 AVAST engine scan C:\windows\system32
22:39:11.269 AVAST engine scan C:\windows\system32\drivers
22:39:41.404 AVAST engine scan C:\Users\Emma
22:46:47.660 AVAST engine scan C:\ProgramData
22:48:13.146 Scan finished successfully
22:48:32.704 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"
22:48:32.704 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 06 April 2012 - 05:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 06 April 2012 - 07:28 PM

Hello,
I didn't seem to encounter any problems when running it and the computer appears to be running well - no problems as of yet.


ComboFix 12-04-06.03 - Emma 07/04/2012 1:04.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1345 [GMT 1:00]
Running from: c:\users\Emma\Desktop\ComboFix.exe
Command switches used :: c:\users\Emma\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emma\Documents\mspaint.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 00:13 . 2012-04-07 00:13 -------- d-----w- c:\users\Mcx1-EMMA-PC\AppData\Local\temp
2012-04-07 00:13 . 2012-04-07 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 22:19 . 2012-04-06 22:20 -------- d-----w- c:\users\Emma\AppData\Roaming\AVG
2012-04-06 22:08 . 2012-04-06 22:08 -------- d--h--w- c:\programdata\Common Files
2012-04-06 22:08 . 2012-04-06 22:08 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-06 22:07 . 2012-04-06 22:19 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-06 22:07 . 2012-04-06 22:19 -------- d-----w- c:\programdata\AVG2012
2012-04-06 22:07 . 2012-04-06 22:07 -------- d-----w- C:\$AVG
2012-04-06 22:05 . 2012-04-06 22:18 -------- d-----w- c:\program files (x86)\AVG
2012-04-06 21:51 . 2012-04-07 00:00 -------- d-----w- c:\programdata\MFAData
2012-04-06 21:08 . 2012-04-06 21:08 -------- d-----w- c:\windows\system32\SPReview
2012-04-06 16:41 . 2012-04-06 16:41 0 ----a-w- c:\windows\SysWow64\shoD704.tmp
2012-04-04 22:59 . 2012-04-04 22:59 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 22:47 . 2012-04-04 22:47 -------- d-----w- c:\windows\en
2012-04-04 22:37 . 2012-04-04 22:37 -------- d-----w- c:\windows\ar
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\bg
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\cs
2012-04-04 22:36 . 2012-04-04 22:36 -------- d-----w- c:\windows\da
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\de
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\el
2012-04-04 22:35 . 2012-04-04 22:35 -------- d-----w- c:\windows\es
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\fi
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\fr
2012-04-04 22:34 . 2012-04-04 22:34 -------- d-----w- c:\windows\he
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\hr
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\hu
2012-04-04 22:33 . 2012-04-04 22:33 -------- d-----w- c:\windows\it
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\ko
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\lt
2012-04-04 22:32 . 2012-04-04 22:32 -------- d-----w- c:\windows\lv
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\nl
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\no
2012-04-04 22:31 . 2012-04-04 22:31 -------- d-----w- c:\windows\pl
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\pt-br
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\pt-pt
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\ro
2012-04-04 22:30 . 2012-04-04 22:30 -------- d-----w- c:\windows\ru
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sk
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sl
2012-04-04 22:29 . 2012-04-04 22:29 -------- d-----w- c:\windows\sr-latn-cs
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\sv
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\th
2012-04-04 22:28 . 2012-04-04 22:28 -------- d-----w- c:\windows\tr
2012-04-04 22:27 . 2012-04-04 22:27 -------- d-----w- c:\windows\zh-cn
2012-04-04 22:27 . 2012-04-04 22:27 -------- d-----w- c:\windows\zh-tw
2012-04-04 21:50 . 2012-04-04 21:50 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ff961d6e1cd12ac04\MeshBetaRemover.exe
2012-04-04 21:50 . 2012-04-04 21:50 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\DXSETUP.exe
2012-04-04 21:50 . 2012-04-04 21:50 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\DSETUP.dll
2012-04-04 21:50 . 2012-04-04 21:50 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbeb090e1cd12ac03\dsetup32.dll
2012-04-04 13:18 . 2012-04-04 13:18 -------- d-----w- c:\windows\system32\EventProviders
2012-04-04 00:35 . 2012-04-04 00:35 388096 ----a-r- c:\users\Emma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 00:35 . 2012-04-04 00:35 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\users\Emma\AppData\Roaming\Malwarebytes
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 00:22 . 2012-04-04 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 00:22 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 00:19 . 2012-04-04 00:19 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-04 00:11 . 2012-04-04 00:11 -------- d-----w- c:\program files\CCleaner
2012-04-04 00:08 . 2012-04-04 00:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-04 00:08 . 2012-04-04 00:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 00:08 . 2012-04-04 00:08 -------- d-----w- c:\program files (x86)\Java
2012-04-02 11:05 . 2009-07-14 01:38 918528 ----a-w- c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\calc.exe
2012-04-02 11:05 . 2009-07-14 01:39 6676480 ----a-w- c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\mspaint.exe
2012-03-31 19:10 . 2012-04-04 00:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-31 19:10 . 2012-03-31 19:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-20 00:46 . 2012-03-20 00:46 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 00:46 . 2012-03-20 00:46 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 01:25 . 2012-03-19 01:25 50 ----a-w- C:\user.js
2012-03-19 01:25 . 2012-03-19 01:25 -------- d-----w- c:\programdata\Premium
2012-03-19 01:24 . 2012-03-19 01:25 -------- d-----w- c:\programdata\InstallMate
2012-03-13 21:51 . 2012-03-13 21:51 -------- d-----w- c:\programdata\NCH Swift Sound
2012-03-13 21:51 . 2012-03-13 21:51 -------- d-----w- c:\users\Emma\AppData\Roaming\NCH Swift Sound
2012-03-13 17:25 . 2012-03-13 17:25 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-13 17:24 . 2012-03-13 17:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-13 17:24 . 2012-03-13 17:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-13 17:23 . 2012-03-13 17:25 -------- d-----w- c:\program files (x86)\Real
2012-03-13 15:41 . 2012-03-13 15:41 -------- d-----w- c:\users\Emma\AppData\Roaming\vlc
2012-03-13 15:40 . 2012-03-13 15:40 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-13 15:34 . 2012-03-13 15:34 -------- d-----w- c:\users\Emma\AppData\Roaming\Recordpad
2012-03-13 15:34 . 2012-03-30 21:32 -------- d-----w- c:\program files (x86)\NCH Software
2012-03-13 15:34 . 2012-03-19 03:12 -------- d-----w- c:\programdata\NCH Software
2012-03-13 15:34 . 2012-03-30 21:32 -------- d-----w- c:\users\Emma\AppData\Roaming\NCH Software
2012-03-08 21:20 . 2012-03-08 21:20 -------- d-----w- c:\users\Public\Games
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 12:29 . 2012-03-08 12:29 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:59 . 2012-02-05 16:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-26 17:02 . 2011-10-25 22:58 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-26 17:02 . 2011-10-25 22:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-26 17:02 . 2011-12-05 00:06 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-03-14 03:27 . 2012-04-06 08:54 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA744063-64DB-4ADC-9156-A921B943AF8F}\mpengine.dll
2012-02-23 09:18 . 2011-08-23 13:13 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_16.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:34 . 2010-11-20 12:17 26624 c:\windows\SysWOW64\userinit.exe
- 2012-04-04 01:20 . 2012-04-04 01:20 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-04-07 00:14 . 2012-04-07 00:14 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 12:16 . 2012-04-07 00:17 41888 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 00:17 46878 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-23 12:57 . 2012-04-07 00:17 11730 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1964744218-1090075281-1278556077-1001_UserData.bin
+ 2011-12-23 12:32 . 2011-12-23 12:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 26704 c:\windows\system32\drivers\avgidseha.sys
- 2011-08-23 11:56 . 2012-04-06 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-23 11:56 . 2012-04-07 00:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 11:56 . 2012-04-06 08:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 11:56 . 2012-04-07 00:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 08:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-23 13:04 . 2012-04-07 00:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 13:04 . 2012-04-07 00:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 13:04 . 2012-04-07 00:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-23 13:04 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-23 13:04 . 2012-04-07 00:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-08 01:32 . 2012-04-07 00:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-08 01:32 . 2012-04-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 16:42 . 2012-04-06 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 00:15 . 2012-04-07 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 00:15 . 2012-04-07 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 16:42 . 2012-04-06 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 21:08 . 2012-04-06 21:08 263168 c:\windows\system32\SPReview\spwizui.dll
- 2012-04-04 13:20 . 2012-04-04 13:18 263168 c:\windows\system32\SPReview\spwizui.dll
- 2012-04-04 13:20 . 2012-04-04 13:18 301568 c:\windows\system32\SPReview\spreview.exe
+ 2012-04-06 21:08 . 2012-04-06 21:08 301568 c:\windows\system32\SPReview\spreview.exe
- 2012-04-04 13:20 . 2012-04-04 13:18 238592 c:\windows\system32\SPReview\sperror.dll
+ 2012-04-06 21:08 . 2012-04-06 21:08 238592 c:\windows\system32\SPReview\sperror.dll
+ 2011-12-23 12:31 . 2011-12-23 12:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
- 2009-07-14 05:01 . 2012-04-06 16:41 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-07 00:14 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-14 06:10 . 2011-01-14 06:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2012-04-06 21:51 . 2012-04-06 21:51 8398336 c:\windows\Installer\4f0ac9.msi
+ 2012-04-06 22:05 . 2012-04-06 22:05 2872832 c:\windows\Installer\4f0ac5.msi
+ 2012-04-06 22:05 . 2012-04-06 22:05 8544256 c:\windows\Installer\4f0ac1.msi
+ 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\3819f2.msp
+ 2011-01-14 06:10 . 2011-01-14 06:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 06:10 . 2011-01-14 06:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-13 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2012-1-11 2697728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSEH
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd061a41c4e3e4.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 19:45]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 19:45]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core1cd0619cfda4d91.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 13:56]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 13:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-04-07 01:23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 00:23
ComboFix2.txt 2012-04-06 18:05
ComboFix3.txt 2012-04-06 17:20
.
Pre-Run: 22,032,429,056 bytes free
Post-Run: 22,008,950,784 bytes free
.
- - End Of File - - F294BA9EA886F412562F43E2C7D0A396

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 06 April 2012 - 08:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.2
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 07 April 2012 - 08:55 AM

Hello,

I could not find Adobe Reader 9.2 to uninstall it. The computer seems to be running well with no problems that I can see.

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.12

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Emma :: EMMA-PC [administrator]

07/04/2012 14:14:59
mbam-log-2012-04-07 (14-14-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217222
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


My report from Hijackthis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:50:44, on 07/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: Dropbox.lnk = Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10965 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:07 PM

Posted 07 April 2012 - 11:28 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
      O4 - Startup: Dropbox.lnk = Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

Edited by gringo_pr, 07 April 2012 - 11:28 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 07 April 2012 - 05:25 PM

Hello,

Sorry this has taken so long, I was running Eset and accidentally closed it. I ran it again, it took 02:39:36 to complete but no log came up that I could see. I am running it again in case the below is not what you wanted.
I did go into the folder and find a file called 'log' created about the time that the scan ended though, and so I have pasted that below (although I am not sure that this is what you wanted). I will post the result of this next scan afterwards.
Computer still appears to be running well, no noticeable problems.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-07 09:37:15
# local_time=2012-04-07 10:37:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 18975 18975 0 0
# compatibility_mode=1024 16777215 100 0 74358 74358 0 0
# compatibility_mode=5893 16776574 100 94 122575 86290119 0 0
# compatibility_mode=8192 67108863 100 0 7245 7245 0 0
# scanned=219199
# found=0
# cleaned=0
# scan_time=9566
esets_scanner_update returned -1 esets_gle=53251

Edited by Frail, 07 April 2012 - 05:27 PM.


#15 Frail

Frail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 07 April 2012 - 07:49 PM

Hello,
I have completed the second scan (I tried to print screen but it wouldn't let me attach).
The screen says:

No Threats Found.
Scanned Files: 219180
Infected Files: 0
Cleaned Files: 0
Total scan time: 02:09:31
Scan status: Finished

--------------------------

Select Uninstall if you want to remove all ESET Online Scanner files from your computer. The next time you run the ESET Online Scanner, they will need to be downloaded again.

[] Uninstall application on close

Finish




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users