Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili messing with my computer again


  • This topic is locked This topic is locked
19 replies to this topic

#1 Dork251

Dork251

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 06 April 2012 - 07:33 AM

Been working on this for a few days attached is my GMER and DDS logs. After I had completed a few steps prior to going the GMER and DDS route I figured it was going to be good to go. Well first thing I google searched turned this up

Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/happili.com/php/comm_includes/mysql.php on line 5

last week I was infected with quite a few things that MWB seemed to fix, apparently not. The computer is still usable however I figure its only a matter of time before it gets worse.

Thanks for the help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by espotswood at 21:40:26 on 2012-04-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.890 [GMT -7:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\lonworks\bin\LnsMtsSvc.exe
C:\niagara\r2.301.522\nre\bin\niagarad.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vlonax.exe
C:\Windows\system32\vserax.exe
C:\Windows\system32\vlonnet.exe
C:\Windows\system32\vserialnet.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\explorer.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\espotswood\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.controltechinc.com/exchange/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [AdobeBridge]
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.smwd.com/XTSAC.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.ladwp.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.smwd.com/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.smwd.com/MLWebCacheCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} - hxxp://network.construction.com/ActiveX/FileDownloader2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.csusb.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0FFBF8F9-1A95-4607-9F73-F9A0092F08F6} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0FFBF8F9-1A95-4607-9F73-F9A0092F08F6}\344594F5548435 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{0FFBF8F9-1A95-4607-9F73-F9A0092F08F6}\7455543545 : DhcpNameServer = 134.71.247.170 134.71.247.100 134.71.247.190
TCP: Interfaces\{0FFBF8F9-1A95-4607-9F73-F9A0092F08F6}\849716474702C4F62626970275962756C6563737 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{0FFBF8F9-1A95-4607-9F73-F9A0092F08F6}\C496E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{415C9E0F-695F-4123-8282-8936DBF08D43} : DhcpNameServer = 139.182.2.1 139.182.2.6
TCP: Interfaces\{5D905094-3CFD-4317-A032-40BB7F3EA370} : DhcpNameServer = 192.168.1.200
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\espotswood\appdata\roaming\mozilla\firefox\profiles\98im1pqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vlonax;NiagaraAX Lon Kernel;c:\windows\system32\drivers\vlonax.sys [2011-9-26 15456]
R0 vserax;NiagaraAX Serial Kernel;c:\windows\system32\drivers\vserax.sys [2011-9-26 19808]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_450b431403c091e3\AEstSrv.exe [2010-1-18 81920]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\lonworks\bin\LnsMtsSvc.exe [2007-9-21 62776]
R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 Niagara LON Tunnel;Niagara LON Tunnel;c:\windows\system32\vlonnet.exe [2010-1-20 45056]
R2 Niagara Serial Tunnel;Niagara Serial Tunnel;c:\windows\system32\vserialnet.exe [2010-1-20 49152]
R2 Niagara;Niagara;c:\niagara\r2.301.522\nre\bin\niagarad.exe [2010-1-20 163840]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2012-1-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 vlon;vlon;c:\windows\system32\drivers\vlon.sys [2010-1-20 13856]
R2 vlonaxSvc;NiagaraAX Lon Tunnel;c:\windows\system32\vlonax.exe [2011-9-26 38912]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-8-16 592120]
R2 vseraxSvc;NiagaraAX Serial Tunnel;c:\windows\system32\vserax.exe [2011-9-26 45056]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-18 29472]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-1-19 221912]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-9-27 13312]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2012-1-17 72312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2012-1-19 173424]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2007-9-21 29404]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-7-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S3 LdvxBroker;Echelon xDriver Connection Broker;c:\lonworks\bin\LdvxBroker.exe [2007-9-21 66872]
S3 nBacES60;NDIS 6.0 SPR Protocol Driver for Niagara;c:\windows\system32\drivers\nBacES60.sys [2012-3-13 28160]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 PCANDIS4;PCANDIS4 Protocol Driver;c:\niagara\r2301~1.522\nre\bin\PCANDIS4.SYS [2010-1-20 16048]
S3 pnplon;LonWorks PCLTA;c:\windows\system32\drivers\pnplon.sys [2007-9-21 21959]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-27 52224]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-9-27 12800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-28 1343400]
.
=============== Created Last 30 ================
.
2012-04-04 18:01:15 -------- d-----w- c:\windows\system32\drivers\VDD
2012-04-04 18:00:58 -------- d-----w- c:\programdata\GFI Software
2012-04-04 18:00:33 -------- d-----w- c:\programdata\Downloaded Installations
2012-04-04 18:00:22 -------- d-----w- c:\program files\GFI Software
2012-04-04 18:00:18 -------- d-----w- c:\users\espotswood\appdata\roaming\GFI Software
2012-04-04 17:51:07 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-04 17:50:39 -------- d-----w- c:\users\espotswood\appdata\local\Sunbelt Software
2012-04-03 18:27:06 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6de3208-7d1c-4950-8f48-22ced7ce0407}\mpengine.dll
2012-03-30 14:07:59 -------- d-----w- c:\users\espotswood\appdata\local\CrashDumps
2012-03-30 14:05:50 -------- d-----w- c:\users\espotswood\appdata\local\NPE
2012-03-30 14:05:50 -------- d-----w- c:\programdata\Norton
2012-03-27 14:27:35 -------- d-----w- c:\users\espotswood\appdata\local\{9D80AF72-7818-11E1-826D-B8AC6F996F26}
2012-03-27 14:26:54 -------- d-----w- c:\programdata\F4D55F3B01AB29D50134D65DB4EB238B
2012-03-14 12:20:51 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:20:51 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:20:50 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:20:50 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:20:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:20:45 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:20:45 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 12:20:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:13:09 28160 ----a-w- c:\windows\system32\drivers\nBacES60.sys
.
==================== Find3M ====================
.
2012-02-23 16:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 23:13:16 11632 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
2012-01-19 23:12:58 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-01-17 16:24:04 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83238000]<< >>UNKNOWN [0x893D5000]<< >>UNKNOWN [0x89600000]<< >>UNKNOWN [0x8940D000]<< >>UNKNOWN [0x83201000]<< >>UNKNOWN [0x89501000]<< >>UNKNOWN [0x9223A000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8326F52A] -> \Device\Harddisk0\DR0[0x8698C030]
\Driver\Disk[0x869895A8] -> IRP_MJ_CREATE -> 0x893D939F
3 [0x893D959E] -> ntkrnlpa!IofCallDriver[0x8326F52A] -> \Device\Ide\IAAStorageDevice-1[0x85B50028]
\Driver\iaStor[0x85B389A0] -> IRP_MJ_CREATE -> 0x89451954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:41:16.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 07 April 2012 - 03:50 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 07 April 2012 - 04:28 PM

Hello, this is how things went combofix ran alright, there were a few things that popped up there was a program that failed twice i named pev.3xe so other than that here you go. Im not going to do anything with or on the computer till i hear from you. Thanks, -Evan


ComboFix 12-04-07.03 - espotswood 04/07/2012 14:05:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1140 [GMT -7:00]
Running from: c:\users\espotswood\Downloads\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\atran\g2mdlhlpx.exe
c:\users\espotswood\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-06 11:54 . 2012-04-06 11:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6DE3208-7D1C-4950-8F48-22CED7CE0407}\offreg.dll
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\users\tridium\AppData\Roaming\GFI Software
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\users\atran\AppData\Roaming\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\programdata\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\programdata\Downloaded Installations
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\program files\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\users\espotswood\AppData\Roaming\GFI Software
2012-04-04 17:51 . 2012-04-04 17:52 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-04 17:50 . 2012-04-04 17:50 -------- d-----w- c:\users\espotswood\AppData\Local\Sunbelt Software
2012-04-03 18:27 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6DE3208-7D1C-4950-8F48-22CED7CE0407}\mpengine.dll
2012-03-30 14:07 . 2012-04-07 21:06 -------- d-----w- c:\users\espotswood\AppData\Local\CrashDumps
2012-03-30 14:05 . 2012-04-04 15:16 -------- d-----w- c:\users\espotswood\AppData\Local\NPE
2012-03-30 14:05 . 2012-03-30 14:05 -------- d-----w- c:\programdata\Norton
2012-03-27 14:27 . 2012-03-27 14:27 -------- d-----w- c:\users\espotswood\AppData\Local\{9D80AF72-7818-11E1-826D-B8AC6F996F26}
2012-03-27 14:26 . 2012-03-27 14:26 -------- d-----w- c:\programdata\F4D55F3B01AB29D50134D65DB4EB238B
2012-03-14 12:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:20 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:20 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:20 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:20 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:20 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:20 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:13 . 2012-03-13 21:13 28160 ----a-w- c:\windows\system32\drivers\nBacES60.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2010-01-19 06:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 23:13 . 2012-01-19 23:13 11632 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2012-01-19 23:12 . 2012-01-19 23:12 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-01-17 16:24 . 2012-01-17 16:24 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2012-01-09 20:00 . 2011-11-10 14:18 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-26 20:28 . 2010-07-26 20:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2010-01-20 4562944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 3050352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-4-30 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\0\0]
"Script"=\\controltechinc.com\SysVol\controltechinc.com\scripts\migrate_printers_from_one_server_to_another.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\1\0]
"Script"=Move printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\1\1]
"Script"=Move printers 2 los201.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3412\Scripts\Logon\0\0]
"Script"=Move printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3412\Scripts\Logon\0\1]
"Script"=Move printers 2 los201.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R2 Niagara LON Tunnel;Niagara LON Tunnel;c:\windows\system32\vlonnet.exe [2004-09-15 45056]
R2 Niagara Serial Tunnel;Niagara Serial Tunnel;c:\windows\system32\vserialnet.exe [2004-09-15 49152]
R2 Niagara;Niagara;c:\niagara\r2.301.522\nre\bin\niagarad.exe [2010-01-21 163840]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [2012-01-19 3289032]
R2 vlonaxSvc;NiagaraAX Lon Tunnel;c:\windows\system32\vlonax.exe [2006-06-28 38912]
R2 vseraxSvc;NiagaraAX Serial Tunnel;c:\windows\system32\vserax.exe [2006-06-28 45056]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2007-09-21 29404]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 LdvxBroker;Echelon xDriver Connection Broker;c:\lonworks\bin\LdvxBroker.exe [2007-09-21 66872]
R3 nBacES60;NDIS 6.0 SPR Protocol Driver for Niagara;c:\windows\system32\DRIVERS\nBacES60.sys [2012-03-13 28160]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\niagara\R2301~1.522\nre\bin\PCANDIS4.SYS [2010-01-21 16048]
R3 pnplon;LonWorks PCLTA;c:\windows\system32\drivers\pnplon.sys [2007-09-21 21959]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [x]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [x]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [x]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [x]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-01-17 72312]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1343400]
S0 vlonax;NiagaraAX Lon Kernel;c:\windows\system32\drivers\vlonax.sys [2006-06-28 15456]
S0 vserax;NiagaraAX Serial Kernel;c:\windows\system32\drivers\vserax.sys [2005-04-04 19808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe [2009-03-02 81920]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-06-26 812392]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-06-26 26984]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\lonworks\bin\LnsMtsSvc.exe [2007-09-21 62776]
S2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [2012-01-19 173424]
S2 vlon;vlon; [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-04-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-04-30 12184]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 16:19]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 16:19]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309799623-115700604-1846952604-3368Core.job
- c:\users\atran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 18:28]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309799623-115700604-1846952604-3368UA.job
- c:\users\atran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.controltechinc.com/exchange/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.ladwp.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.smwd.com/MLWebCacheCleaner.cab
DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} - hxxp://network.construction.com/ActiveX/FileDownloader2.cab
FF - ProfilePath - c:\users\espotswood\AppData\Roaming\Mozilla\Firefox\Profiles\98im1pqt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-07 14:14:57
ComboFix-quarantined-files.txt 2012-04-07 21:14
.
Pre-Run: 174,030,196,736 bytes free
Post-Run: 174,128,693,248 bytes free
.
- - End Of File - - 95B061897D8F9D70A155209EF39E73DF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 07 April 2012 - 05:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 07 April 2012 - 06:16 PM

ok here you go, TDSS found nothing, COMBOFIX didnt fix anything either as I searched for bleeping computer and ended up back @ happili. ASWMBR found nothing as well. here are the logs.


15:47:02.0926 5972 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
15:47:03.0425 5972 ============================================================
15:47:03.0425 5972 Current date / time: 2012/04/07 15:47:03.0425
15:47:03.0425 5972 SystemInfo:
15:47:03.0425 5972
15:47:03.0425 5972 OS Version: 6.1.7601 ServicePack: 1.0
15:47:03.0425 5972 Product type: Workstation
15:47:03.0425 5972 ComputerName: LOS004-TECH
15:47:03.0425 5972 UserName: espotswood
15:47:03.0425 5972 Windows directory: C:\Windows
15:47:03.0426 5972 System windows directory: C:\Windows
15:47:03.0426 5972 Processor architecture: Intel x86
15:47:03.0426 5972 Number of processors: 2
15:47:03.0426 5972 Page size: 0x1000
15:47:03.0426 5972 Boot type: Normal boot
15:47:03.0426 5972 ============================================================
15:47:03.0932 5972 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:47:03.0934 5972 \Device\Harddisk0\DR0:
15:47:03.0934 5972 MBR used
15:47:03.0934 5972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x32F8E
15:47:03.0934 5972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D1915B4
15:47:03.0956 5972 Initialize success
15:47:03.0956 5972 ============================================================
15:47:05.0411 5868 ============================================================
15:47:05.0411 5868 Scan started
15:47:05.0411 5868 Mode: Manual;
15:47:05.0411 5868 ============================================================
15:47:05.0877 5868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:47:05.0879 5868 1394ohci - ok
15:47:05.0972 5868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:47:05.0975 5868 ACPI - ok
15:47:06.0052 5868 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
15:47:06.0053 5868 acpials - ok
15:47:06.0151 5868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:47:06.0152 5868 AcpiPmi - ok
15:47:06.0292 5868 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
15:47:06.0294 5868 adfs - ok
15:47:06.0400 5868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:47:06.0405 5868 adp94xx - ok
15:47:06.0629 5868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:47:06.0634 5868 adpahci - ok
15:47:06.0746 5868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:47:06.0755 5868 adpu320 - ok
15:47:06.0846 5868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:47:06.0859 5868 AeLookupSvc - ok
15:47:06.0969 5868 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe
15:47:06.0970 5868 AESTFilters - ok
15:47:07.0131 5868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:47:07.0142 5868 AFD - ok
15:47:07.0271 5868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:47:07.0293 5868 agp440 - ok
15:47:07.0420 5868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:47:07.0421 5868 aic78xx - ok
15:47:07.0499 5868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:47:07.0500 5868 ALG - ok
15:47:07.0571 5868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:47:07.0572 5868 aliide - ok
15:47:07.0625 5868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:47:07.0626 5868 amdagp - ok
15:47:07.0738 5868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:47:07.0747 5868 amdide - ok
15:47:07.0849 5868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:47:07.0851 5868 AmdK8 - ok
15:47:07.0946 5868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:47:07.0947 5868 AmdPPM - ok
15:47:08.0060 5868 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:47:08.0062 5868 amdsata - ok
15:47:08.0137 5868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:47:08.0139 5868 amdsbs - ok
15:47:08.0275 5868 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:47:08.0275 5868 amdxata - ok
15:47:08.0579 5868 ApfiltrService (c51ec0615ef781b00b7389521f397132) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:47:08.0581 5868 ApfiltrService - ok
15:47:08.0819 5868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:47:08.0821 5868 AppID - ok
15:47:08.0897 5868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:47:08.0898 5868 AppIDSvc - ok
15:47:08.0922 5868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:47:08.0923 5868 Appinfo - ok
15:47:09.0070 5868 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:47:09.0081 5868 AppMgmt - ok
15:47:09.0233 5868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:47:09.0235 5868 arc - ok
15:47:09.0314 5868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:47:09.0315 5868 arcsas - ok
15:47:09.0405 5868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:47:09.0405 5868 AsyncMac - ok
15:47:09.0506 5868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:47:09.0507 5868 atapi - ok
15:47:09.0614 5868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:47:09.0626 5868 AudioEndpointBuilder - ok
15:47:09.0636 5868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:47:09.0639 5868 Audiosrv - ok
15:47:09.0754 5868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:47:09.0756 5868 AxInstSV - ok
15:47:09.0825 5868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:47:09.0830 5868 b06bdrv - ok
15:47:09.0896 5868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:47:09.0899 5868 b57nd60x - ok
15:47:09.0986 5868 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
15:47:09.0987 5868 BCM42RLY - ok
15:47:10.0118 5868 BCM43XX (5245ebbe39ed9010240c20d21f5a26a9) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:47:10.0165 5868 BCM43XX - ok
15:47:10.0259 5868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:47:10.0260 5868 BDESVC - ok
15:47:10.0335 5868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:47:10.0336 5868 Beep - ok
15:47:10.0429 5868 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:47:10.0440 5868 BFE - ok
15:47:10.0507 5868 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
15:47:10.0512 5868 BITS - ok
15:47:10.0559 5868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:47:10.0560 5868 blbdrive - ok
15:47:10.0668 5868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:47:10.0669 5868 bowser - ok
15:47:10.0742 5868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:47:10.0743 5868 BrFiltLo - ok
15:47:10.0805 5868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:47:10.0805 5868 BrFiltUp - ok
15:47:10.0892 5868 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:47:10.0893 5868 BridgeMP - ok
15:47:10.0963 5868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:47:10.0965 5868 Browser - ok
15:47:11.0044 5868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:47:11.0047 5868 Brserid - ok
15:47:11.0101 5868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:47:11.0102 5868 BrSerWdm - ok
15:47:11.0165 5868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:47:11.0165 5868 BrUsbMdm - ok
15:47:11.0218 5868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:47:11.0219 5868 BrUsbSer - ok
15:47:11.0308 5868 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:47:11.0310 5868 BthEnum - ok
15:47:11.0413 5868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:47:11.0414 5868 BTHMODEM - ok
15:47:11.0536 5868 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:47:11.0555 5868 BthPan - ok
15:47:11.0776 5868 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
15:47:11.0836 5868 BTHPORT - ok
15:47:11.0985 5868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:47:11.0987 5868 bthserv - ok
15:47:12.0104 5868 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
15:47:12.0105 5868 BTHUSB - ok
15:47:12.0161 5868 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
15:47:12.0163 5868 btwaudio - ok
15:47:12.0258 5868 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
15:47:12.0260 5868 btwavdt - ok
15:47:12.0323 5868 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:47:12.0326 5868 btwdins - ok
15:47:12.0387 5868 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:47:12.0388 5868 btwl2cap - ok
15:47:12.0449 5868 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
15:47:12.0450 5868 btwrchid - ok
15:47:12.0535 5868 buttonsvc32 (9aad3fea7c3efa529ca40057428edc9c) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
15:47:12.0537 5868 buttonsvc32 - ok
15:47:12.0638 5868 catchme - ok
15:47:12.0718 5868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:47:12.0719 5868 cdfs - ok
15:47:12.0829 5868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:47:12.0831 5868 cdrom - ok
15:47:12.0901 5868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:47:12.0903 5868 CertPropSvc - ok
15:47:12.0967 5868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:47:12.0968 5868 circlass - ok
15:47:13.0024 5868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:47:13.0027 5868 CLFS - ok
15:47:13.0097 5868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:13.0099 5868 clr_optimization_v2.0.50727_32 - ok
15:47:13.0251 5868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:47:13.0253 5868 clr_optimization_v4.0.30319_32 - ok
15:47:13.0333 5868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:47:13.0334 5868 CmBatt - ok
15:47:13.0420 5868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:47:13.0421 5868 cmdide - ok
15:47:13.0522 5868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:47:13.0526 5868 CNG - ok
15:47:13.0606 5868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:47:13.0607 5868 Compbatt - ok
15:47:13.0849 5868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:47:13.0850 5868 CompositeBus - ok
15:47:13.0896 5868 COMSysApp - ok
15:47:13.0950 5868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:47:13.0950 5868 crcdisk - ok
15:47:14.0018 5868 Credential Vault Host Control Service (e5e7a3bea7033479d205ca5048fe4fe8) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
15:47:14.0023 5868 Credential Vault Host Control Service - ok
15:47:14.0031 5868 Credential Vault Host Storage (879f8314bbf09738630ed1af6bb1fc00) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
15:47:14.0031 5868 Credential Vault Host Storage - ok
15:47:14.0144 5868 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:47:14.0147 5868 CryptSvc - ok
15:47:14.0192 5868 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:47:14.0197 5868 CSC - ok
15:47:14.0302 5868 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
15:47:14.0305 5868 CscService - ok
15:47:14.0376 5868 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
15:47:14.0377 5868 CVirtA - ok
15:47:14.0489 5868 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:47:14.0497 5868 CVPND - ok
15:47:14.0575 5868 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\Windows\system32\Drivers\CVPNDRVA.sys
15:47:14.0578 5868 CVPNDRVA - ok
15:47:14.0650 5868 cvusbdrv (ee773b1806a93a86283b10facebe57db) C:\Windows\system32\Drivers\cvusbdrv.sys
15:47:14.0651 5868 cvusbdrv - ok
15:47:14.0748 5868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:47:14.0752 5868 DcomLaunch - ok
15:47:14.0859 5868 dcpsysmgrsvc (80e05edf13f4d2f31fa53f178de3eb83) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
15:47:14.0861 5868 dcpsysmgrsvc - ok
15:47:14.0940 5868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:47:14.0943 5868 defragsvc - ok
15:47:15.0025 5868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:47:15.0026 5868 DfsC - ok
15:47:15.0137 5868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:47:15.0141 5868 Dhcp - ok
15:47:15.0184 5868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:47:15.0185 5868 discache - ok
15:47:15.0262 5868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:47:15.0263 5868 Disk - ok
15:47:15.0344 5868 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
15:47:15.0346 5868 DNE - ok
15:47:15.0429 5868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:47:15.0432 5868 Dnscache - ok
15:47:15.0492 5868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:47:15.0495 5868 dot3svc - ok
15:47:15.0584 5868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:47:15.0587 5868 DPS - ok
15:47:15.0641 5868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:47:15.0641 5868 drmkaud - ok
15:47:15.0733 5868 dsNcAdpt (e6b6dd5a355c432045219fad8512fb70) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:47:15.0734 5868 dsNcAdpt - ok
15:47:15.0847 5868 dsNcService (ce235d0af501d4a622b0b8cfe7963b32) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
15:47:15.0850 5868 dsNcService - ok
15:47:15.0969 5868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:47:15.0990 5868 DXGKrnl - ok
15:47:16.0084 5868 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
15:47:16.0087 5868 e1yexpress - ok
15:47:16.0155 5868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:47:16.0157 5868 EapHost - ok
15:47:16.0294 5868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:47:16.0358 5868 ebdrv - ok
15:47:16.0441 5868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:47:16.0443 5868 EFS - ok
15:47:16.0506 5868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:47:16.0528 5868 ehRecvr - ok
15:47:16.0563 5868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:47:16.0564 5868 ehSched - ok
15:47:16.0655 5868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:47:16.0667 5868 elxstor - ok
15:47:16.0757 5868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:47:16.0757 5868 ErrDev - ok
15:47:16.0811 5868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:47:16.0813 5868 EventSystem - ok
15:47:16.0890 5868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:47:16.0891 5868 exfat - ok
15:47:16.0922 5868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:47:16.0923 5868 fastfat - ok
15:47:17.0034 5868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:47:17.0037 5868 Fax - ok
15:47:17.0085 5868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:47:17.0086 5868 fdc - ok
15:47:17.0162 5868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:47:17.0164 5868 fdPHost - ok
15:47:17.0194 5868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:47:17.0197 5868 FDResPub - ok
15:47:17.0253 5868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:47:17.0253 5868 FileInfo - ok
15:47:17.0319 5868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:47:17.0319 5868 Filetrace - ok
15:47:17.0380 5868 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:47:17.0399 5868 FLEXnet Licensing Service - ok
15:47:17.0470 5868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:47:17.0471 5868 flpydisk - ok
15:47:17.0512 5868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:47:17.0513 5868 FltMgr - ok
15:47:17.0617 5868 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:47:17.0649 5868 FontCache - ok
15:47:17.0717 5868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:47:17.0717 5868 FontCache3.0.0.0 - ok
15:47:17.0790 5868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:47:17.0791 5868 FsDepends - ok
15:47:17.0834 5868 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:47:17.0835 5868 Fs_Rec - ok
15:47:17.0930 5868 FTD2XX (f13c4d9f62324d810b279c370a7a7ffc) C:\Windows\system32\Drivers\FTD2XX.sys
15:47:17.0931 5868 FTD2XX - ok
15:47:18.0035 5868 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys
15:47:18.0037 5868 FTDIBUS - ok
15:47:18.0094 5868 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
15:47:18.0095 5868 FTSER2K - ok
15:47:18.0185 5868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:47:18.0187 5868 fvevol - ok
15:47:18.0241 5868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:47:18.0242 5868 gagp30kx - ok
15:47:18.0337 5868 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:47:18.0338 5868 GoogleDesktopManager-051210-111108 - ok
15:47:18.0428 5868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:47:18.0461 5868 gpsvc - ok
15:47:18.0605 5868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:47:18.0607 5868 gupdate - ok
15:47:18.0640 5868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:47:18.0641 5868 gupdatem - ok
15:47:18.0707 5868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:47:18.0708 5868 hcw85cir - ok
15:47:18.0795 5868 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:47:18.0797 5868 HdAudAddService - ok
15:47:18.0870 5868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:47:18.0871 5868 HDAudBus - ok
15:47:18.0922 5868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:47:18.0923 5868 HidBatt - ok
15:47:18.0990 5868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:47:18.0992 5868 HidBth - ok
15:47:19.0052 5868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:47:19.0053 5868 HidIr - ok
15:47:19.0120 5868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:47:19.0122 5868 hidserv - ok
15:47:19.0229 5868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:47:19.0229 5868 HidUsb - ok
15:47:19.0292 5868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:47:19.0294 5868 hkmsvc - ok
15:47:19.0349 5868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:47:19.0352 5868 HomeGroupListener - ok
15:47:19.0408 5868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:47:19.0411 5868 HomeGroupProvider - ok
15:47:19.0505 5868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:47:19.0507 5868 HpSAMD - ok
15:47:19.0621 5868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:47:19.0624 5868 HTTP - ok
15:47:19.0647 5868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:47:19.0647 5868 hwpolicy - ok
15:47:19.0749 5868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:47:19.0750 5868 i8042prt - ok
15:47:19.0813 5868 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:47:19.0816 5868 IAANTMON - ok
15:47:19.0906 5868 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
15:47:19.0908 5868 iaStor - ok
15:47:19.0990 5868 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
15:47:19.0994 5868 iaStorV - ok
15:47:20.0103 5868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:47:20.0107 5868 idsvc - ok
15:47:20.0387 5868 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:47:20.0571 5868 igfx - ok
15:47:20.0650 5868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:47:20.0652 5868 iirsp - ok
15:47:20.0731 5868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:47:20.0735 5868 IKEEXT - ok
15:47:20.0818 5868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:47:20.0819 5868 intelide - ok
15:47:20.0890 5868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:47:20.0891 5868 intelppm - ok
15:47:20.0963 5868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:47:20.0965 5868 IPBusEnum - ok
15:47:21.0009 5868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:47:21.0010 5868 IpFilterDriver - ok
15:47:21.0106 5868 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:47:21.0117 5868 iphlpsvc - ok
15:47:21.0186 5868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:47:21.0187 5868 IPMIDRV - ok
15:47:21.0271 5868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:47:21.0272 5868 IPNAT - ok
15:47:21.0325 5868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:47:21.0325 5868 IRENUM - ok
15:47:21.0412 5868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:47:21.0412 5868 isapnp - ok
15:47:21.0491 5868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:47:21.0492 5868 iScsiPrt - ok
15:47:21.0586 5868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:47:21.0586 5868 kbdclass - ok
15:47:21.0651 5868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:47:21.0651 5868 kbdhid - ok
15:47:21.0732 5868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:47:21.0734 5868 KeyIso - ok
15:47:21.0767 5868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:47:21.0768 5868 KSecDD - ok
15:47:21.0858 5868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:47:21.0859 5868 KSecPkg - ok
15:47:21.0900 5868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:47:21.0903 5868 KtmRm - ok
15:47:21.0999 5868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:47:22.0002 5868 LanmanServer - ok
15:47:22.0060 5868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:47:22.0063 5868 LanmanWorkstation - ok
15:47:22.0179 5868 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:47:22.0183 5868 LBTServ - ok
15:47:22.0280 5868 LdvxBroker (8e40c7e223c0ad78dd038a771d05165f) C:\lonworks\bin\LdvxBroker.exe
15:47:22.0282 5868 LdvxBroker - ok
15:47:22.0396 5868 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\Windows\system32\Drivers\LEqdUsb.Sys
15:47:22.0397 5868 LEqdUsb - ok
15:47:22.0453 5868 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\Windows\system32\Drivers\LHidEqd.Sys
15:47:22.0454 5868 LHidEqd - ok
15:47:22.0529 5868 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:47:22.0530 5868 LHidFilt - ok
15:47:22.0595 5868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:47:22.0596 5868 lltdio - ok
15:47:22.0682 5868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:47:22.0685 5868 lltdsvc - ok
15:47:22.0713 5868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:47:22.0715 5868 lmhosts - ok
15:47:22.0807 5868 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:47:22.0809 5868 LMouFilt - ok
15:47:22.0911 5868 LnsMtsSvc (c0cac3b2ffc272f690f39ca48834693f) C:\lonworks\bin\LnsMtsSvc.exe
15:47:22.0912 5868 LnsMtsSvc - ok
15:47:23.0002 5868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:47:23.0004 5868 LSI_FC - ok
15:47:23.0034 5868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:47:23.0036 5868 LSI_SAS - ok
15:47:23.0125 5868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:47:23.0127 5868 LSI_SAS2 - ok
15:47:23.0215 5868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:47:23.0217 5868 LSI_SCSI - ok
15:47:23.0251 5868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:47:23.0251 5868 luafv - ok
15:47:23.0331 5868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:47:23.0333 5868 Mcx2Svc - ok
15:47:23.0424 5868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:47:23.0425 5868 megasas - ok
15:47:23.0488 5868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:47:23.0491 5868 MegaSR - ok
15:47:23.0558 5868 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:47:23.0560 5868 Microsoft Office Groove Audit Service - ok
15:47:23.0630 5868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:47:23.0633 5868 MMCSS - ok
15:47:23.0674 5868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:47:23.0675 5868 Modem - ok
15:47:23.0743 5868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:47:23.0743 5868 monitor - ok
15:47:23.0824 5868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:47:23.0824 5868 mouclass - ok
15:47:23.0914 5868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:47:23.0915 5868 mouhid - ok
15:47:23.0971 5868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:47:23.0972 5868 mountmgr - ok
15:47:24.0050 5868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:47:24.0051 5868 mpio - ok
15:47:24.0103 5868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:47:24.0104 5868 mpsdrv - ok
15:47:24.0196 5868 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:47:24.0218 5868 MpsSvc - ok
15:47:24.0278 5868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:47:24.0279 5868 MRxDAV - ok
15:47:24.0373 5868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:47:24.0374 5868 mrxsmb - ok
15:47:24.0424 5868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:47:24.0426 5868 mrxsmb10 - ok
15:47:24.0503 5868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:47:24.0504 5868 mrxsmb20 - ok
15:47:24.0541 5868 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
15:47:24.0542 5868 msahci - ok
15:47:24.0617 5868 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
15:47:24.0619 5868 msdsm - ok
15:47:24.0666 5868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:47:24.0668 5868 MSDTC - ok
15:47:24.0762 5868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:47:24.0763 5868 Msfs - ok
15:47:24.0800 5868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:47:24.0800 5868 mshidkmdf - ok
15:47:24.0883 5868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:47:24.0884 5868 msisadrv - ok
15:47:24.0935 5868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:47:24.0937 5868 MSiSCSI - ok
15:47:24.0988 5868 msiserver - ok
15:47:25.0047 5868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:47:25.0048 5868 MSKSSRV - ok
15:47:25.0101 5868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:47:25.0101 5868 MSPCLOCK - ok
15:47:25.0158 5868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:47:25.0159 5868 MSPQM - ok
15:47:25.0225 5868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:47:25.0226 5868 MsRPC - ok
15:47:25.0284 5868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:47:25.0284 5868 mssmbios - ok
15:47:25.0401 5868 MSSQL$SUNBELT - ok
15:47:25.0488 5868 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:47:25.0489 5868 MSSQLServerADHelper - ok
15:47:25.0559 5868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:47:25.0559 5868 MSTEE - ok
15:47:25.0601 5868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:47:25.0602 5868 MTConfig - ok
15:47:25.0657 5868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:47:25.0658 5868 Mup - ok
15:47:25.0727 5868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:47:25.0731 5868 napagent - ok
15:47:25.0815 5868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:47:25.0817 5868 NativeWifiP - ok
15:47:25.0942 5868 nBacES60 (172dd944d78b601d889c89316e19787b) C:\Windows\system32\DRIVERS\nBacES60.sys
15:47:25.0943 5868 nBacES60 - ok
15:47:26.0010 5868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:47:26.0014 5868 NDIS - ok
15:47:26.0102 5868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:47:26.0103 5868 NdisCap - ok
15:47:26.0140 5868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:47:26.0141 5868 NdisTapi - ok
15:47:26.0229 5868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:47:26.0230 5868 Ndisuio - ok
15:47:26.0294 5868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:47:26.0295 5868 NdisWan - ok
15:47:26.0385 5868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:47:26.0386 5868 NDProxy - ok
15:47:26.0442 5868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:47:26.0443 5868 NetBIOS - ok
15:47:26.0540 5868 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:47:26.0542 5868 NetBT - ok
15:47:26.0600 5868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:47:26.0602 5868 Netlogon - ok
15:47:26.0696 5868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:47:26.0699 5868 Netman - ok
15:47:26.0727 5868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:47:26.0732 5868 netprofm - ok
15:47:26.0815 5868 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:26.0817 5868 NetTcpPortSharing - ok
15:47:26.0967 5868 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:47:27.0065 5868 netw5v32 - ok
15:47:27.0143 5868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:47:27.0144 5868 nfrd960 - ok
15:47:27.0228 5868 Niagara (fff37b17c9d99965bc575bc2d51ebd51) C:\niagara\r2.301.522\nre\bin\niagarad.exe
15:47:27.0229 5868 Niagara - ok
15:47:27.0303 5868 Niagara LON Tunnel (81dcb3ecbdeb967800fb68a3baab717f) C:\Windows\system32\vlonnet.exe
15:47:27.0306 5868 Niagara LON Tunnel - ok
15:47:27.0341 5868 Niagara Serial Tunnel (18b3c3a1395b39ce0ea638c7af450eaa) C:\Windows\system32\vserialnet.exe
15:47:27.0344 5868 Niagara Serial Tunnel - ok
15:47:27.0382 5868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:47:27.0387 5868 NlaSvc - ok
15:47:27.0485 5868 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
15:47:27.0486 5868 NPF - ok
15:47:27.0537 5868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:47:27.0537 5868 Npfs - ok
15:47:27.0601 5868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:47:27.0603 5868 nsi - ok
15:47:27.0639 5868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:47:27.0640 5868 nsiproxy - ok
15:47:27.0749 5868 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:47:27.0774 5868 Ntfs - ok
15:47:27.0852 5868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:47:27.0853 5868 Null - ok
15:47:27.0932 5868 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:47:27.0934 5868 nvraid - ok
15:47:28.0006 5868 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:47:28.0009 5868 nvstor - ok
15:47:28.0054 5868 NvtSp50 - ok
15:47:28.0138 5868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:47:28.0140 5868 nv_agp - ok
15:47:28.0213 5868 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys
15:47:28.0216 5868 NWADI - ok
15:47:28.0299 5868 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
15:47:28.0300 5868 NWUSBCDFIL - ok
15:47:28.0350 5868 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
15:47:28.0352 5868 NWUSBModem - ok
15:47:28.0455 5868 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
15:47:28.0458 5868 NWUSBPort - ok
15:47:28.0528 5868 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
15:47:28.0531 5868 NWUSBPort2 - ok
15:47:28.0595 5868 NxDrv (cdf2a5f20509593140f8b3b965448c5b) C:\Windows\system32\DRIVERS\NxDrv.sys
15:47:28.0596 5868 NxDrv - ok
15:47:28.0682 5868 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:47:28.0693 5868 odserv - ok
15:47:28.0796 5868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:47:28.0797 5868 ohci1394 - ok
15:47:28.0868 5868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:47:28.0870 5868 ose - ok
15:47:28.0933 5868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:47:28.0937 5868 p2pimsvc - ok
15:47:28.0994 5868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:47:28.0997 5868 p2psvc - ok
15:47:29.0087 5868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:47:29.0088 5868 Parport - ok
15:47:29.0169 5868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:47:29.0170 5868 partmgr - ok
15:47:29.0234 5868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:47:29.0235 5868 Parvdm - ok
15:47:29.0302 5868 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
15:47:29.0302 5868 PBADRV - ok
15:47:29.0391 5868 PCANDIS4 (9bd29a2b13764af7dfbb150eb5fe053f) C:\niagara\R2301~1.522\nre\bin\PCANDIS4.SYS
15:47:29.0392 5868 PCANDIS4 - ok
15:47:29.0461 5868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:47:29.0464 5868 PcaSvc - ok
15:47:29.0530 5868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:47:29.0531 5868 pci - ok
15:47:29.0582 5868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:47:29.0583 5868 pciide - ok
15:47:29.0643 5868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:47:29.0645 5868 pcmcia - ok
15:47:29.0709 5868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:47:29.0710 5868 pcw - ok
15:47:29.0778 5868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:47:29.0781 5868 PEAUTH - ok
15:47:29.0871 5868 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:47:29.0878 5868 PeerDistSvc - ok
15:47:29.0971 5868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:47:29.0981 5868 pla - ok
15:47:30.0066 5868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:47:30.0070 5868 PlugPlay - ok
15:47:30.0171 5868 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\Windows\system32\DRIVERS\pneteth.sys
15:47:30.0172 5868 pneteth - ok
15:47:30.0240 5868 pnplon (872b9981b173c8e361bbb77928229382) C:\Windows\system32\drivers\pnplon.sys
15:47:30.0241 5868 pnplon - ok
15:47:30.0305 5868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:47:30.0307 5868 PNRPAutoReg - ok
15:47:30.0345 5868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:47:30.0348 5868 PNRPsvc - ok
15:47:30.0437 5868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:47:30.0442 5868 PolicyAgent - ok
15:47:30.0503 5868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:47:30.0506 5868 Power - ok
15:47:30.0599 5868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:47:30.0599 5868 PptpMiniport - ok
15:47:30.0633 5868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:47:30.0635 5868 Processor - ok
15:47:30.0728 5868 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:47:30.0731 5868 ProfSvc - ok
15:47:30.0790 5868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:47:30.0792 5868 ProtectedStorage - ok
15:47:30.0886 5868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:47:30.0887 5868 Psched - ok
15:47:30.0962 5868 PTDMBus - ok
15:47:31.0001 5868 PTDMMdm - ok
15:47:31.0074 5868 PTDMVsp - ok
15:47:31.0146 5868 PTDMWFLT - ok
15:47:31.0218 5868 PTDMWWAN - ok
15:47:31.0309 5868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:47:31.0344 5868 ql2300 - ok
15:47:31.0424 5868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:47:31.0426 5868 ql40xx - ok
15:47:31.0472 5868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:47:31.0475 5868 QWAVE - ok
15:47:31.0546 5868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:47:31.0547 5868 QWAVEdrv - ok
15:47:31.0583 5868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:47:31.0583 5868 RasAcd - ok
15:47:31.0655 5868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:47:31.0656 5868 RasAgileVpn - ok
15:47:31.0701 5868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:47:31.0704 5868 RasAuto - ok
15:47:31.0782 5868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:47:31.0783 5868 Rasl2tp - ok
15:47:31.0840 5868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:47:31.0843 5868 RasMan - ok
15:47:31.0924 5868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:31.0924 5868 RasPppoe - ok
15:47:31.0963 5868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:31.0964 5868 RasSstp - ok
15:47:32.0054 5868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:32.0056 5868 rdbss - ok
15:47:32.0099 5868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:47:32.0100 5868 rdpbus - ok
15:47:32.0184 5868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:32.0184 5868 RDPCDD - ok
15:47:32.0255 5868 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:47:32.0256 5868 RDPDR - ok
15:47:32.0345 5868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:47:32.0346 5868 RDPENCDD - ok
15:47:32.0382 5868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:47:32.0382 5868 RDPREFMP - ok
15:47:32.0436 5868 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
15:47:32.0438 5868 RDPWD - ok
15:47:32.0540 5868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:47:32.0542 5868 rdyboost - ok
15:47:32.0603 5868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:47:32.0605 5868 RemoteAccess - ok
15:47:32.0678 5868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:47:32.0681 5868 RemoteRegistry - ok
15:47:32.0773 5868 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:47:32.0774 5868 RFCOMM - ok
15:47:32.0847 5868 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:47:32.0848 5868 rimmptsk - ok
15:47:32.0956 5868 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
15:47:32.0957 5868 RimUsb - ok
15:47:33.0058 5868 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
15:47:33.0059 5868 RimVSerPort - ok
15:47:33.0165 5868 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
15:47:33.0166 5868 ROOTMODEM - ok
15:47:33.0216 5868 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
15:47:33.0218 5868 rpcapd - ok
15:47:33.0299 5868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:47:33.0301 5868 RpcEptMapper - ok
15:47:33.0341 5868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:47:33.0343 5868 RpcLocator - ok
15:47:33.0432 5868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:47:33.0436 5868 RpcSs - ok
15:47:33.0496 5868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:33.0497 5868 rspndr - ok
15:47:33.0577 5868 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:47:33.0578 5868 s3cap - ok
15:47:33.0635 5868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:47:33.0637 5868 SamSs - ok
15:47:33.0793 5868 SBAMSvc (2977a3760a2780b467e92ffa6c92d426) C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
15:47:33.0810 5868 SBAMSvc - ok
15:47:33.0879 5868 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
15:47:33.0880 5868 sbapifs - ok
15:47:33.0977 5868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:47:33.0979 5868 sbp2port - ok
15:47:34.0070 5868 SBPIMSvc (7d7652fb094a4632b0314641de976855) C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
15:47:34.0071 5868 SBPIMSvc - ok
15:47:34.0203 5868 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
15:47:34.0205 5868 SBRE - ok
15:47:34.0305 5868 sbwtis (2d3e2c3222a4de4b64e5de9dcc3253b1) C:\Windows\system32\DRIVERS\sbwtis.sys
15:47:34.0306 5868 sbwtis - ok
15:47:34.0355 5868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:47:34.0358 5868 SCardSvr - ok
15:47:34.0457 5868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:47:34.0458 5868 scfilter - ok
15:47:34.0521 5868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:47:34.0527 5868 Schedule - ok
15:47:34.0608 5868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:47:34.0609 5868 SCPolicySvc - ok
15:47:34.0687 5868 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
15:47:34.0688 5868 sdbus - ok
15:47:34.0764 5868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:47:34.0766 5868 SDRSVC - ok
15:47:34.0830 5868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:47:34.0831 5868 secdrv - ok
15:47:34.0899 5868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:47:34.0901 5868 seclogon - ok
15:47:34.0934 5868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:47:34.0936 5868 SENS - ok
15:47:34.0975 5868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:47:34.0977 5868 SensrSvc - ok
15:47:35.0047 5868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:47:35.0048 5868 Serenum - ok
15:47:35.0076 5868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:47:35.0077 5868 Serial - ok
15:47:35.0169 5868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:47:35.0170 5868 sermouse - ok
15:47:35.0238 5868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:47:35.0241 5868 SessionEnv - ok
15:47:35.0327 5868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:47:35.0328 5868 sffdisk - ok
15:47:35.0376 5868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:47:35.0376 5868 sffp_mmc - ok
15:47:35.0451 5868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:47:35.0452 5868 sffp_sd - ok
15:47:35.0506 5868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:47:35.0507 5868 sfloppy - ok
15:47:35.0594 5868 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:47:35.0597 5868 SharedAccess - ok
15:47:35.0667 5868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:47:35.0671 5868 ShellHWDetection - ok
15:47:35.0757 5868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:47:35.0759 5868 sisagp - ok
15:47:35.0820 5868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:47:35.0822 5868 SiSRaid2 - ok
15:47:35.0882 5868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:47:35.0883 5868 SiSRaid4 - ok
15:47:35.0950 5868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:47:35.0951 5868 Smb - ok
15:47:36.0043 5868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:47:36.0045 5868 SNMPTRAP - ok
15:47:36.0124 5868 SONICWALL_NetExtender (3245f421338c30c78fc1c00faab88f72) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
15:47:36.0126 5868 SONICWALL_NetExtender - ok
15:47:36.0193 5868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:47:36.0193 5868 spldr - ok
15:47:36.0272 5868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:47:36.0276 5868 Spooler - ok
15:47:36.0394 5868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:47:36.0412 5868 sppsvc - ok
15:47:36.0476 5868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:47:36.0479 5868 sppuinotify - ok
15:47:36.0613 5868 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:47:36.0614 5868 SQLBrowser - ok
15:47:36.0767 5868 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:47:36.0768 5868 SQLWriter - ok
15:47:36.0842 5868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:47:36.0844 5868 srv - ok
15:47:36.0904 5868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:47:36.0906 5868 srv2 - ok
15:47:36.0969 5868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:47:36.0970 5868 srvnet - ok
15:47:37.0055 5868 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
15:47:37.0057 5868 ssadbus - ok
15:47:37.0099 5868 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
15:47:37.0102 5868 ssadserd - ok
15:47:37.0191 5868 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
15:47:37.0193 5868 sscdbus - ok
15:47:37.0254 5868 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:47:37.0255 5868 sscdmdfl - ok
15:47:37.0318 5868 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:47:37.0320 5868 sscdmdm - ok
15:47:37.0406 5868 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
15:47:37.0407 5868 sscdserd - ok
15:47:37.0472 5868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:47:37.0475 5868 SSDPSRV - ok
15:47:37.0519 5868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:47:37.0523 5868 SstpSvc - ok
15:47:37.0619 5868 STacSV (977afba86e9bac4fc670a76d53fc379b) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
15:47:37.0620 5868 STacSV - ok
15:47:37.0696 5868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:47:37.0697 5868 stexstor - ok
15:47:37.0765 5868 STHDA (674be634b14a6c773d2f4f46b7a1628b) C:\Windows\system32\DRIVERS\stwrt.sys
15:47:37.0776 5868 STHDA - ok
15:47:37.0866 5868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:47:37.0871 5868 StiSvc - ok
15:47:37.0944 5868 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:47:37.0945 5868 storflt - ok
15:47:38.0008 5868 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:47:38.0010 5868 StorSvc - ok
15:47:38.0067 5868 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:47:38.0068 5868 storvsc - ok
15:47:38.0143 5868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:47:38.0144 5868 swenum - ok
15:47:38.0201 5868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:47:38.0205 5868 swprv - ok
15:47:38.0313 5868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:47:38.0321 5868 SysMain - ok
15:47:38.0375 5868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:47:38.0378 5868 TabletInputService - ok
15:47:38.0452 5868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:47:38.0455 5868 TapiSrv - ok
15:47:38.0484 5868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:47:38.0487 5868 TBS - ok
15:47:38.0576 5868 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:47:38.0614 5868 Tcpip - ok
15:47:38.0732 5868 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:47:38.0739 5868 TCPIP6 - ok
15:47:38.0810 5868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:47:38.0811 5868 tcpipreg - ok
15:47:38.0906 5868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:47:38.0907 5868 TDPIPE - ok
15:47:38.0967 5868 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:47:38.0968 5868 TDTCP - ok
15:47:39.0065 5868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:47:39.0066 5868 tdx - ok
15:47:39.0128 5868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:47:39.0129 5868 TermDD - ok
15:47:39.0223 5868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:47:39.0228 5868 TermService - ok
15:47:39.0269 5868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:47:39.0272 5868 Themes - ok
15:47:39.0346 5868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:47:39.0348 5868 THREADORDER - ok
15:47:39.0396 5868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:47:39.0398 5868 TrkWks - ok
15:47:39.0469 5868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:47:39.0470 5868 TrustedInstaller - ok
15:47:39.0507 5868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:39.0507 5868 tssecsrv - ok
15:47:39.0609 5868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:47:39.0610 5868 TsUsbFlt - ok
15:47:39.0689 5868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:47:39.0690 5868 tunnel - ok
15:47:39.0767 5868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:47:39.0769 5868 uagp35 - ok
15:47:39.0830 5868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:47:39.0832 5868 udfs - ok
15:47:39.0921 5868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:47:39.0923 5868 UI0Detect - ok
15:47:39.0977 5868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:47:39.0978 5868 uliagpkx - ok
15:47:40.0069 5868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:47:40.0070 5868 umbus - ok
15:47:40.0119 5868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:47:40.0120 5868 UmPass - ok
15:47:40.0206 5868 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
15:47:40.0209 5868 UmRdpService - ok
15:47:40.0254 5868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:47:40.0258 5868 upnphost - ok
15:47:40.0321 5868 usbbus - ok
15:47:40.0388 5868 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:47:40.0389 5868 usbccgp - ok
15:47:40.0484 5868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:47:40.0485 5868 usbcir - ok
15:47:40.0555 5868 UsbDiag - ok
15:47:40.0616 5868 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:47:40.0616 5868 usbehci - ok
15:47:40.0720 5868 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:47:40.0722 5868 usbhub - ok
15:47:40.0760 5868 USBModem - ok
15:47:40.0844 5868 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:47:40.0845 5868 usbohci - ok
15:47:40.0886 5868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:47:40.0886 5868 usbprint - ok
15:47:40.0953 5868 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:47:40.0954 5868 usbscan - ok
15:47:41.0014 5868 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:41.0015 5868 USBSTOR - ok
15:47:41.0076 5868 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:47:41.0077 5868 usbuhci - ok
15:47:41.0119 5868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:47:41.0121 5868 UxSms - ok
15:47:41.0183 5868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:47:41.0184 5868 VaultSvc - ok
15:47:41.0269 5868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:47:41.0269 5868 vdrvroot - ok
15:47:41.0333 5868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:47:41.0338 5868 vds - ok
15:47:41.0438 5868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:41.0439 5868 vga - ok
15:47:41.0496 5868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:47:41.0496 5868 VgaSave - ok
15:47:41.0579 5868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:47:41.0581 5868 vhdmp - ok
15:47:41.0681 5868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:47:41.0682 5868 viaagp - ok
15:47:41.0722 5868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:47:41.0724 5868 ViaC7 - ok
15:47:41.0800 5868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:47:41.0801 5868 viaide - ok
15:47:41.0902 5868 vlon (13145ec7faa2b7c4fc46c3012da85431) C:\Windows\system32\drivers\vlon.sys
15:47:41.0903 5868 vlon - ok
15:47:41.0993 5868 vlonax (5dd1d1f7bb844116eb2c5ac5abb34cf4) C:\Windows\system32\drivers\vlonax.sys
15:47:41.0994 5868 vlonax - ok
15:47:42.0024 5868 vlonaxSvc (591ff706d813b2dec069b58a9147a19f) C:\Windows\system32\vlonax.exe
15:47:42.0027 5868 vlonaxSvc - ok
15:47:42.0125 5868 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:47:42.0127 5868 vmbus - ok
15:47:42.0194 5868 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:47:42.0195 5868 VMBusHID - ok
15:47:42.0252 5868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:47:42.0253 5868 volmgr - ok
15:47:42.0322 5868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:47:42.0325 5868 volmgrx - ok
15:47:42.0402 5868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:47:42.0404 5868 volsnap - ok
15:47:42.0522 5868 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
15:47:42.0523 5868 vpcbus - ok
15:47:42.0635 5868 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:47:42.0636 5868 vpcnfltr - ok
15:47:42.0677 5868 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
15:47:42.0678 5868 vpcusb - ok
15:47:42.0773 5868 vpcuxd (c35c2c888aff276e95ad3db3b7a8d003) C:\Windows\system32\DRIVERS\vpcuxd.sys
15:47:42.0774 5868 vpcuxd - ok
15:47:42.0826 5868 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
15:47:42.0828 5868 vpcvmm - ok
15:47:42.0939 5868 vpnagent (3730b7b03e2fd363d63e9327e0e1ebea) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:47:42.0943 5868 vpnagent - ok
15:47:43.0046 5868 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
15:47:43.0047 5868 vpnva - ok
15:47:43.0129 5868 vserax (a255368125e14f43e4f9cc9af0e6de1a) C:\Windows\system32\drivers\vserax.sys
15:47:43.0130 5868 vserax - ok
15:47:43.0161 5868 vseraxSvc (7e33e5feb6eae1016ff4511e27c7287d) C:\Windows\system32\vserax.exe
15:47:43.0164 5868 vseraxSvc - ok
15:47:43.0244 5868 vserial (4d68edc0d64fac582bece594a0a5bc6b) C:\Windows\system32\drivers\vserial.sys
15:47:43.0245 5868 vserial - ok
15:47:43.0321 5868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:47:43.0324 5868 vsmraid - ok
15:47:43.0391 5868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:47:43.0414 5868 VSS - ok
15:47:43.0504 5868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:47:43.0504 5868 vwifibus - ok
15:47:43.0590 5868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:47:43.0591 5868 vwififlt - ok
15:47:43.0676 5868 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:47:43.0676 5868 vwifimp - ok
15:47:43.0760 5868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:47:43.0763 5868 W32Time - ok
15:47:43.0812 5868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:47:43.0813 5868 WacomPen - ok
15:47:43.0917 5868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:43.0918 5868 WANARP - ok
15:47:43.0921 5868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:43.0922 5868 Wanarpv6 - ok
15:47:44.0026 5868 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:47:44.0060 5868 WatAdminSvc - ok
15:47:44.0171 5868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:47:44.0180 5868 wbengine - ok
15:47:44.0265 5868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:47:44.0268 5868 WbioSrvc - ok
15:47:44.0327 5868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:47:44.0330 5868 wcncsvc - ok
15:47:44.0405 5868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:47:44.0408 5868 WcsPlugInService - ok
15:47:44.0455 5868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:47:44.0456 5868 Wd - ok
15:47:44.0529 5868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:47:44.0532 5868 Wdf01000 - ok
15:47:44.0585 5868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:47:44.0588 5868 WdiServiceHost - ok
15:47:44.0596 5868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:47:44.0599 5868 WdiSystemHost - ok
15:47:44.0688 5868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:47:44.0691 5868 WebClient - ok
15:47:44.0745 5868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:47:44.0748 5868 Wecsvc - ok
15:47:44.0816 5868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:47:44.0819 5868 wercplsupport - ok
15:47:44.0885 5868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:47:44.0888 5868 WerSvc - ok
15:47:44.0962 5868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:47:44.0963 5868 WfpLwf - ok
15:47:44.0991 5868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:47:44.0992 5868 WIMMount - ok
15:47:45.0061 5868 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:47:45.0083 5868 WinDefend - ok
15:47:45.0088 5868 WinHttpAutoProxySvc - ok
15:47:45.0189 5868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:47:45.0191 5868 Winmgmt - ok
15:47:45.0299 5868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:47:45.0308 5868 WinRM - ok
15:47:45.0422 5868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:47:45.0423 5868 WinUsb - ok
15:47:45.0490 5868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:47:45.0497 5868 Wlansvc - ok
15:47:45.0559 5868 wltrysvc (3cbce0c65cc433121001c1108b511d13) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
15:47:45.0560 5868 wltrysvc - ok
15:47:45.0663 5868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:47:45.0664 5868 WmiAcpi - ok
15:47:45.0725 5868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:47:45.0726 5868 wmiApSrv - ok
15:47:45.0813 5868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:47:45.0819 5868 WMPNetworkSvc - ok
15:47:45.0875 5868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:47:45.0878 5868 WPCSvc - ok
15:47:45.0938 5868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:47:45.0941 5868 WPDBusEnum - ok
15:47:46.0017 5868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:47:46.0018 5868 ws2ifsl - ok
15:47:46.0096 5868 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:47:46.0099 5868 wscsvc - ok
15:47:46.0117 5868 WSearch - ok
15:47:46.0247 5868 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:47:46.0259 5868 wuauserv - ok
15:47:46.0348 5868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:47:46.0349 5868 WudfPf - ok
15:47:46.0468 5868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:46.0469 5868 WUDFRd - ok
15:47:46.0553 5868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:47:46.0556 5868 wudfsvc - ok
15:47:46.0608 5868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:47:46.0611 5868 WwanSvc - ok
15:47:46.0678 5868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:47:46.0703 5868 \Device\Harddisk0\DR0 - ok
15:47:46.0706 5868 Boot (0x1200) (c2772a6848e6925a1c9e986476162cd6) \Device\Harddisk0\DR0\Partition0
15:47:46.0707 5868 \Device\Harddisk0\DR0\Partition0 - ok
15:47:46.0739 5868 Boot (0x1200) (daa78152735c36d5b133a926f130e644) \Device\Harddisk0\DR0\Partition1
15:47:46.0741 5868 \Device\Harddisk0\DR0\Partition1 - ok
15:47:46.0741 5868 ============================================================
15:47:46.0741 5868 Scan finished
15:47:46.0741 5868 ============================================================
15:47:46.0751 0516 Detected object count: 0
15:47:46.0751 0516 Actual detected object count: 0
15:51:11.0576 3396 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 15:50:48
-----------------------------
15:50:48.895 OS Version: Windows 6.1.7601 Service Pack 1
15:50:48.895 Number of processors: 2 586 0x170A
15:50:48.896 ComputerName: LOS004-TECH UserName: espotswood
15:50:49.946 Initialize success
16:02:16.909 AVAST engine defs: 12040701
16:02:44.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:02:44.464 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 8
16:02:44.474 Disk 0 MBR read successfully
16:02:44.476 Disk 0 MBR scan
16:02:44.480 Disk 0 Windows 7 default MBR code
16:02:44.483 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 63
16:02:44.490 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238370 MB offset 208845
16:02:44.496 Disk 0 scanning sectors +488392065
16:02:44.583 Disk 0 scanning C:\Windows\system32\drivers
16:02:56.822 Service scanning
16:03:35.697 Modules scanning
16:03:51.511 Disk 0 trace - called modules:
16:03:51.528 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:03:51.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86988030]
16:03:51.549 3 CLASSPNP.SYS[8979059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b52028]
16:03:52.317 AVAST engine scan C:\Windows
16:03:54.807 AVAST engine scan C:\Windows\system32
16:06:40.291 AVAST engine scan C:\Windows\system32\drivers
16:06:56.185 AVAST engine scan C:\Users\espotswood
16:13:10.120 AVAST engine scan C:\ProgramData
16:13:36.032 Scan finished successfully
16:17:24.369 Disk 0 MBR has been saved successfully to "C:\Users\espotswood\Desktop\MBR.dat"
16:17:24.384 The log file has been saved successfully to "C:\Users\espotswood\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 07 April 2012 - 08:40 PM

Hello


I want you to check each browser that is installed on the computer and let me know which ones are redirecting

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 08 April 2012 - 11:27 AM

I searched 3 or 4 different sites on each browser starting from IE then Chrome then FF (i use FF almost exclusively) FF was the only one that popped up with happili. To make sure that it wasn't just coincident should i be searching a different term or website with every browser? Anyway to make it clear the final result was that firefox was the only one that gave me any issues. Thanks -Evan

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 08 April 2012 - 12:10 PM

Hello


I want you to uninstall FireFox and if asked about user data or settings I want that removed also

Reinstall firefox and check for redirects


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 08 April 2012 - 03:53 PM

This seems to have fixed it. However this is the computer that i rely upon for work, there are alot of programs with expensive licenses on it. I cannpot afford to go without this computer, is there any way that I can be really sure that this issue is gone? I have searched google quite a few times with no results from Happili? any suggestions? or do you think this is sufficient? thanks -evan

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 08 April 2012 - 09:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 09 April 2012 - 11:38 AM

Howdy, see the attached log. Everything went well however I did have the Illegal operation error mentioned in your instructions. Firefox seems to be operating correctly at the moment.

thanks,
-Evan


ComboFix 12-04-07.03 - espotswood 04/09/2012 9:16.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1109 [GMT -7:00]
Running from: c:\users\espotswood\Desktop\ComboFix.exe
Command switches used :: c:\users\espotswood\Desktop\CFScript.txt
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 16:22 . 2012-04-09 16:22 -------- d-----w- c:\users\tridium\AppData\Local\temp
2012-04-09 16:22 . 2012-04-09 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 16:22 . 2012-04-09 16:22 -------- d-----w- c:\users\atran\AppData\Local\temp
2012-04-09 16:07 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{686D5A83-19E7-4610-B3A2-363660FD1D4C}\mpengine.dll
2012-04-07 21:13 . 2012-04-09 16:22 -------- d-----w- c:\users\espotswood\AppData\Local\temp
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\users\tridium\AppData\Roaming\GFI Software
2012-04-04 18:01 . 2012-04-04 18:01 -------- d-----w- c:\users\atran\AppData\Roaming\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\programdata\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\programdata\Downloaded Installations
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\program files\GFI Software
2012-04-04 18:00 . 2012-04-04 18:00 -------- d-----w- c:\users\espotswood\AppData\Roaming\GFI Software
2012-04-04 17:51 . 2012-04-04 17:52 -------- d-----w- c:\program files\Microsoft SQL Server
2012-04-04 17:50 . 2012-04-04 17:50 -------- d-----w- c:\users\espotswood\AppData\Local\Sunbelt Software
2012-03-30 14:07 . 2012-04-07 21:06 -------- d-----w- c:\users\espotswood\AppData\Local\CrashDumps
2012-03-30 14:05 . 2012-04-04 15:16 -------- d-----w- c:\users\espotswood\AppData\Local\NPE
2012-03-30 14:05 . 2012-03-30 14:05 -------- d-----w- c:\programdata\Norton
2012-03-27 14:27 . 2012-03-27 14:27 -------- d-----w- c:\users\espotswood\AppData\Local\{9D80AF72-7818-11E1-826D-B8AC6F996F26}
2012-03-27 14:26 . 2012-03-27 14:26 -------- d-----w- c:\programdata\F4D55F3B01AB29D50134D65DB4EB238B
2012-03-14 12:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:20 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:20 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:20 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:20 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:20 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:20 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:13 . 2012-03-13 21:13 28160 ----a-w- c:\windows\system32\drivers\nBacES60.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2010-01-19 06:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 23:13 . 2012-01-19 23:13 11632 ----a-w- c:\windows\system32\drivers\VDD\apvdd.dll
2012-01-19 23:12 . 2012-01-19 23:12 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-01-17 16:24 . 2012-01-17 16:24 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2012-03-13 04:39 . 2012-04-08 20:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-26 20:28 . 2010-07-26 20:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2010-01-20 4562944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-26 30192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 3050352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-4-30 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\0\0]
"Script"=\\controltechinc.com\SysVol\controltechinc.com\scripts\migrate_printers_from_one_server_to_another.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\1\0]
"Script"=Move printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3368\Scripts\Logon\1\1]
"Script"=Move printers 2 los201.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3412\Scripts\Logon\0\0]
"Script"=Move printers.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309799623-115700604-1846952604-3412\Scripts\Logon\0\1]
"Script"=Move printers 2 los201.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R2 Niagara LON Tunnel;Niagara LON Tunnel;c:\windows\system32\vlonnet.exe [2004-09-15 45056]
R2 Niagara Serial Tunnel;Niagara Serial Tunnel;c:\windows\system32\vserialnet.exe [2004-09-15 49152]
R2 Niagara;Niagara;c:\niagara\r2.301.522\nre\bin\niagarad.exe [2010-01-21 163840]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [2012-01-19 3289032]
R2 vlonaxSvc;NiagaraAX Lon Tunnel;c:\windows\system32\vlonax.exe [2006-06-28 38912]
R2 vseraxSvc;NiagaraAX Serial Tunnel;c:\windows\system32\vserax.exe [2006-06-28 45056]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2007-09-21 29404]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 LdvxBroker;Echelon xDriver Connection Broker;c:\lonworks\bin\LdvxBroker.exe [2007-09-21 66872]
R3 nBacES60;NDIS 6.0 SPR Protocol Driver for Niagara;c:\windows\system32\DRIVERS\nBacES60.sys [2012-03-13 28160]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\niagara\R2301~1.522\nre\bin\PCANDIS4.SYS [2010-01-21 16048]
R3 pnplon;LonWorks PCLTA;c:\windows\system32\drivers\pnplon.sys [2007-09-21 21959]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [x]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [x]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [x]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [x]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-01-17 72312]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1343400]
S0 vlonax;NiagaraAX Lon Kernel;c:\windows\system32\drivers\vlonax.sys [2006-06-28 15456]
S0 vserax;NiagaraAX Serial Kernel;c:\windows\system32\drivers\vserax.sys [2005-04-04 19808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe [2009-03-02 81920]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-06-26 812392]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-06-26 26984]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 LnsMtsSvc;Echelon Support Service for Microsoft Terminal Services (MTS);c:\lonworks\bin\LnsMtsSvc.exe [2007-09-21 62776]
S2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [2012-01-19 173424]
S2 vlon;vlon; [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-04-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-04-30 12184]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 13312]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 16:19]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 16:19]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309799623-115700604-1846952604-3368Core.job
- c:\users\atran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 18:28]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309799623-115700604-1846952604-3368UA.job
- c:\users\atran\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.controltechinc.com/exchange/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.43.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.ladwp.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.smwd.com/MLWebCacheCleaner.cab
DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} - hxxp://network.construction.com/ActiveX/FileDownloader2.cab
FF - ProfilePath - c:\users\espotswood\AppData\Roaming\Mozilla\Firefox\Profiles\dwii8r4h.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(280)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-04-09 09:23:49
ComboFix-quarantined-files.txt 2012-04-09 16:23
ComboFix2.txt 2012-04-09 16:05
ComboFix3.txt 2012-04-07 21:14
.
Pre-Run: 173,435,408,384 bytes free
Post-Run: 173,371,940,864 bytes free
.
- - End Of File - - 7EA31FDDA08DB5704CCBC82A45DE6E60

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 09 April 2012 - 01:15 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3
Java DB 10.5.3.0
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 09 April 2012 - 10:49 PM

Hijackthis gave me kind of a headache but other than that everything installed and worked just fine.

Thanks, -Evan


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
espotswood :: LOS004-TECH [administrator]

4/9/2012 8:34:08 PM
mbam-log-2012-04-09 (20-34-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235051
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:48 PM, on 4/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.controltechinc.com/exchange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\GFI Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.smwd.com/XTSAC.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://webvpn.ladwp.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://vpn.smwd.com/NELX.cab
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://vpn.smwd.com/MLWebCacheCleaner.cab
O16 - DPF: {C60C276B-0F00-44D8-8D68-7B326A35401E} (Documents Downloader Control 2.0) - http://network.construction.com/ActiveX/FileDownloader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.csusb.edu/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = controltechinc.com
O17 - HKLM\Software\..\Telephony: DomainName = controltechinc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{415C9E0F-695F-4123-8282-8936DBF08D43}: Domain = 16-hvac-web02.facmon.csupomona.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = controltechinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = controltechinc.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Echelon xDriver Connection Broker (LdvxBroker) - Echelon Corporation - C:\lonworks\bin\LdvxBroker.exe
O23 - Service: Echelon Support Service for Microsoft Terminal Services (MTS) (LnsMtsSvc) - Echelon Corporation - C:\lonworks\bin\LnsMtsSvc.exe
O23 - Service: Niagara - Unknown owner - C:\niagara\r2.301.522\nre\bin\niagarad.exe
O23 - Service: Niagara LON Tunnel - Unknown owner - C:\Windows\system32\vlonnet.exe
O23 - Service: Niagara Serial Tunnel - Unknown owner - C:\Windows\system32\vserialnet.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VIPRE Antivirus (SBAMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
O23 - Service: NiagaraAX Lon Tunnel (vlonaxSvc) - Unknown owner - C:\Windows\system32\vlonax.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: NiagaraAX Serial Tunnel (vseraxSvc) - Unknown owner - C:\Windows\system32\vserax.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

--
End of file - 13286 bytes

#14 Dork251

Dork251
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 09 April 2012 - 10:52 PM

and my computer appears to be running alright, in retrospect, do you know if using winamp remote can cause this issue? it was one of the 2 programs i had running when everyhting started heading south

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 09 April 2012 - 10:55 PM

Greetings

this one is so new i have not heard yet how it infects the computer but would suspect that it is from an infected webpage



These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users