Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eset found Mefos.A Trojan


  • This topic is locked This topic is locked
34 replies to this topic

#1 jeffshead

jeffshead

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 10 April 2012 - 08:00 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jeff at 20:38:23 on 2012-04-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12286.9418 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Rohos\agent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Acronis\ARSM\arsm.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Windows\SysWOW64\rserver30\RServer3.exe
C:\Program Files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.exe
C:\Program Files (x86)\Common Files\ImageMAKER\ZFDAEMON.EXE
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
C:\Program Files (x86)\ACT\Act for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.UI.exe
C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:10998
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PhoneTray] C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun: [ACTSyncServiceUI] "C:\Program Files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.UI.exe" -Dfalse
mRun: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ZETAFA~1.LNK - C:\Program Files (x86)\Common Files\ImageMAKER\ZFDAEMON.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SAGEAC~1.LNK - C:\Program Files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: QuickDefine - C:\Program Files (x86)\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://masco.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1A7A2C48-B795-4375-8597-E38A7C5DBDA1} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\itss51.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [PhoneTray] C:\Program Files (x86)\Traysoft\PhoneTray\PhoneTray.exe
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun-x64: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun-x64: [ACTSyncServiceUI] "C:\Program Files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.UI.exe" -Dfalse
mRun-x64: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\az5zndh2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 10998
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 10998
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 10998
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 10998
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2010-4-21 68680]
R2 AcronisAgent;Acronis Remote Agent Service;C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2011-6-23 1918864]
R2 ActService;ACT! Service Host;C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-15 18432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ARSM;Acronis Removable Storage Management Service;C:\Program Files (x86)\Acronis\ARSM\arsm.exe [2011-6-23 4355208]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-29 68136]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-11-30 8704]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-9-29 72304]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-6 652360]
R2 MMS;Acronis Managed Machine Service;C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [2011-6-23 8686392]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-9-21 61913952]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139400]
R2 RHDISK_AMD64;RHDISK_AMD64;C:\Program Files (x86)\Rohos\rhdisk_amd64.sys [2011-11-25 31408]
R2 Rohos Disk;Rohos Disk service;C:\Program Files (x86)\Rohos\agent.exe [2011-11-25 809272]
R2 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2010-4-21 1242504]
R2 Sage ACT! Network Sync Service;Sage ACT! Network Sync Service;C:\Program Files (x86)\ACT\Act for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.exe [2011-11-15 323584]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [2011-10-4 618896]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys --> C:\Windows\system32\DRIVERS\rminiv3.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-15 81920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-29 30528]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2011-9-21 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-9-21 428384]
.
=============== Created Last 30 ================
.
2012-04-10 21:13:01 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF6E6D0F-5743-43DF-B328-7BDF628D7412}\mpengine.dll
2012-04-08 20:33:52 676968 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-04-06 17:42:40 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-04-06 17:42:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-06 17:42:36 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-06 17:42:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-06 14:14:42 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 04:38:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 16:31:00 -------- d-----w- C:\Users\Jeff\AppData\Local\{1657EDB5-7C18-11E1-826D-B8AC6F996F26}
2012-03-28 03:28:45 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2012-03-22 17:50:16 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 17:50:16 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 14:37:31 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2012-03-21 14:37:31 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-03-21 14:37:16 290816 ----a-w- C:\Windows\SysWow64\stFLVSource.ax
2012-03-21 14:37:16 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2012-03-21 14:37:15 70656 ----a-w- C:\Windows\SysWow64\RLAPEDec.ax
2012-03-21 14:37:15 438272 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax
2012-03-21 14:37:15 217088 ----a-w- C:\Windows\SysWow64\CoreFLACDecoder.ax
2012-03-21 14:37:15 -------- d-----w- C:\Program Files (x86)\Sothink Video Encoder for Adobe Flash
2012-03-20 21:30:55 -------- d-----w- C:\Program Files (x86)\SDA
2012-03-16 17:57:37 -------- d-----w- C:\Windows\Replay Converter 4
2012-03-14 13:10:44 -------- d-----w- C:\Program Files (x86)\Siber Systems
2012-03-14 12:59:19 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 12:59:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 12:59:18 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:57:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:57:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:57:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:57:14 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 12:57:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 12:57:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:57:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:57:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:57:05 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 12:57:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 12:57:03 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:52:17 -------- d-----w- C:\Users\Jeff\AppData\Roaming\ieSpell
.
==================== Find3M ====================
.
2012-04-10 15:35:30 25640 ----a-w- C:\Windows\gdrv.sys
2012-04-06 14:14:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-10 19:39:03 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-03-10 18:07:46 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-03-10 18:07:45 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-03-09 01:48:17 303104 ----a-w- C:\Windows\System32\drivers\XRNBO.sys
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 17:42:00 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-02-16 17:42:00 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll
.
============= FINISH: 20:38:44.32 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 12 April 2012 - 12:26 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 14 April 2012 - 11:54 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 April 2012 - 06:05 AM

I tried running combo fix twice but each time I just get a blue commandline box and nothing else.

I followed the instructions and I let it run for several hours each time but I get nothing but a blank box. The last time I let it run overnight but no text was ever shown in the box.

Edited by jeffshead, 17 April 2012 - 06:26 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 17 April 2012 - 08:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 April 2012 - 11:51 AM

I was able to get Combofix to run by booting in Safemode.

I guess temporarly disabling Eset protection is not enough. I even disabled Eset's Anti-stealth technology and rebooted but Combofix still would not run until I booted into SafeMode. At least I'm assuming Eset was keeping Combofix from running.

I actually ran Combofix twice because after the first run, I rebooted the computer (as prompted by Combofix) but I neglected to reboot into Safemode so Combofix could not perform the remaining steps. I then rebooted into Safemode, ran the scan again and rebooted (as prompted by Combofix) into Safemode again so Combofix could complete the remaining steps.

I also renamed Combofix to: aq123.exe because it was the second time I downloaded it and there was already a copy on my desktop.

Log from Combofix:

...
ComboFix 12-04-16.02 - Jeff 04/17/2012 7:51.2.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12286.10545 [GMT -4:00]
Running from: d:\users\Jeff\Desktop\aq123.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\keygen.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 11:56 . 2012-04-17 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 11:56 . 2012-04-17 11:56 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2012-04-14 15:30 . 2012-04-14 15:30 -------- d-----w- c:\users\Jeff\AppData\Roaming\Aspell
2012-04-14 15:30 . 2012-04-14 15:30 -------- d-----w- c:\users\Jeff\AppData\Local\Iceni
2012-04-14 15:27 . 2012-04-14 15:27 -------- d-----w- c:\programdata\Iceni
2012-04-14 15:27 . 2012-04-14 15:27 -------- d-----w- c:\programdata\Aspell
2012-04-14 15:27 . 2012-04-14 15:27 -------- d-----w- c:\users\Jeff\AppData\Local\Aspell
2012-04-14 15:27 . 2012-04-14 15:27 -------- d-----w- c:\program files (x86)\Iceni
2012-04-13 18:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{964C4F49-2FD8-436E-ADD1-9C8D2F9ACFA9}\mpengine.dll
2012-04-11 01:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 01:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 01:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 01:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 01:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 01:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 01:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 20:33 . 2012-02-16 17:42 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-04-06 17:42 . 2012-04-06 17:42 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-04-06 17:42 . 2012-04-06 17:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 17:42 . 2012-04-17 11:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-06 17:42 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 14:14 . 2012-04-13 18:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 04:38 . 2012-04-14 17:16 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 16:31 . 2012-04-01 16:31 -------- d-----w- c:\users\Jeff\AppData\Local\{1657EDB5-7C18-11E1-826D-B8AC6F996F26}
2012-03-28 03:28 . 2012-03-28 03:28 -------- d-----w- c:\program files (x86)\DVD Decrypter
2012-03-22 17:50 . 2012-03-22 17:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 17:50 . 2012-03-22 17:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 14:37 . 2012-03-21 14:37 -------- d-----w- c:\program files (x86)\ffdshow
2012-03-21 14:37 . 2008-06-09 02:58 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2012-03-21 14:37 . 2010-07-15 15:30 290816 ----a-w- c:\windows\SysWow64\stFLVSource.ax
2012-03-21 14:37 . 2009-08-17 13:54 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-03-21 14:37 . 2012-03-22 15:57 -------- d-----w- c:\program files (x86)\Sothink Video Encoder for Adobe Flash
2012-03-21 14:37 . 2009-08-17 13:54 438272 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
2012-03-21 14:37 . 2009-08-17 13:54 217088 ----a-w- c:\windows\SysWow64\CoreFLACDecoder.ax
2012-03-21 14:37 . 2009-03-17 21:38 70656 ----a-w- c:\windows\SysWow64\RLAPEDec.ax
2012-03-20 21:30 . 2012-03-20 21:30 -------- d-----w- c:\program files (x86)\SDA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 11:46 . 2011-09-29 18:08 25640 ----a-w- c:\windows\gdrv.sys
2012-04-14 17:16 . 2011-09-29 23:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-10 19:39 . 2012-03-10 19:39 971360 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-03-10 18:07 . 2012-03-10 18:07 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-03-10 18:07 . 2012-03-10 18:07 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-03-09 01:48 . 2012-03-09 01:48 303104 ----a-w- c:\windows\system32\drivers\XRNBO.sys
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 12:57 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 12:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 12:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 12:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 12:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 17:42 . 2011-09-29 18:01 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-02-16 17:42 . 2011-09-29 18:01 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 12:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 12:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 12:57 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 12:57 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 12:57 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 12:57 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"replay_telecorder_skype"="c:\program files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe" [2012-02-28 1551360]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-04-13 109296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PhoneTray"="c:\program files (x86)\Traysoft\PhoneTray\PhoneTray.exe" [2011-03-24 442056]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2011-11-16 18432]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2011-11-16 337224]
"ACTSyncServiceUI"="c:\program files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.UI.exe" [2011-11-16 712704]
"BackupAndRecoveryMonitor.exe"="c:\program files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2011-06-24 1529448]
"AcronisTimounterMonitor"="c:\program files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe" [2011-06-24 961488]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-7-19 7667970]
Zetafax Daemon.lnk - c:\program files (x86)\Common Files\ImageMAKER\ZFDAEMON.EXE [2011-12-3 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Sage ACT! Integration.lnk - c:\program files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe [2011-11-15 97792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2011-06-24 1918864]
R2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-16 18432]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 ARSM;Acronis Removable Storage Management Service;c:\program files (x86)\Acronis\ARSM\arsm.exe [2011-06-24 4355208]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-11-24 8704]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MMS;Acronis Managed Machine Service;c:\program files (x86)\Acronis\BackupAndRecovery\mms.exe [2011-06-24 8686392]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-09-21 61913952]
R2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139400]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]
R2 RHDISK_AMD64;RHDISK_AMD64;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS [2009-07-24 31408]
R2 Rohos Disk;Rohos Disk service;c:\program files (x86)\Rohos\agent.exe [2011-11-23 809272]
R2 RServer3;Radmin Server V3;c:\windows\SysWOW64\rserver30\RServer3.exe [2009-10-09 1242504]
R2 Sage ACT! Network Sync Service;Sage ACT! Network Sync Service;c:\program files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.exe [2011-11-16 323584]
R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-16 81920]
R2 wwEngineSvc;Window Washer Engine;c:\program files (x86)\Webroot\Washer\WasherSvc.exe [2011-04-20 618896]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-29 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2011-09-21 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-09-21 428384]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 raddrvv3;raddrvv3;c:\windows\SysWOW64\rserver30\raddrvv3.sys [2010-04-21 68680]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:16]
.
2012-04-17 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-30 21:55]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-599494172-2627670360-979680832-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 08:06]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-599494172-2627670360-979680832-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 08:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-01 4035152]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-24 394944]
"TrayMonitor.exe"="c:\program files (x86)\Acronis\TrayMonitor\TrayMonitor.exe" [2011-06-24 1454792]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:10998
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: QuickDefine - c:\program files (x86)\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files (x86)\Common Files\microsoft shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\az5zndh2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 10998
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 10998
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 10998
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 10998
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-combofix - c:\aq123\CF8001.3XE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\1e\0c4\0a?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-17 08:42:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 12:42
.
Pre-Run: 888,446,054,400 bytes free
Post-Run: 888,257,888,256 bytes free
.
- - End Of File - - 4AD8D5E921658086C10A095251EAF35A
...

TDSSKiller log:

...
12:29:42.0377 4000 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:29:44.0377 4000 ============================================================
12:29:44.0377 4000 Current date / time: 2012/04/17 12:29:44.0377
12:29:44.0377 4000 SystemInfo:
12:29:44.0377 4000
12:29:44.0377 4000 OS Version: 6.1.7601 ServicePack: 1.0
12:29:44.0377 4000 Product type: Workstation
12:29:44.0377 4000 ComputerName: NO1
12:29:44.0377 4000 UserName: Jeff
12:29:44.0377 4000 Windows directory: C:\Windows
12:29:44.0377 4000 System windows directory: C:\Windows
12:29:44.0377 4000 Running under WOW64
12:29:44.0377 4000 Processor architecture: Intel x64
12:29:44.0377 4000 Number of processors: 8
12:29:44.0377 4000 Page size: 0x1000
12:29:44.0377 4000 Boot type: Normal boot
12:29:44.0377 4000 ============================================================
12:29:44.0967 4000 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
12:29:44.0967 4000 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:44.0987 4000 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:45.0007 4000 Drive \Device\Harddisk7\DR7 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:29:45.0007 4000 \Device\Harddisk0\DR0:
12:29:45.0007 4000 MBR used
12:29:45.0007 4000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:29:45.0007 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
12:29:45.0007 4000 \Device\Harddisk1\DR1:
12:29:45.0007 4000 MBR used
12:29:45.0007 4000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
12:29:45.0007 4000 \Device\Harddisk2\DR2:
12:29:45.0017 4000 MBR used
12:29:45.0017 4000 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
12:29:45.0017 4000 \Device\Harddisk7\DR7:
12:29:45.0017 4000 MBR used
12:29:45.0017 4000 \Device\Harddisk7\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:29:45.0127 4000 Initialize success
12:29:45.0127 4000 ============================================================
12:29:58.0927 4900 ============================================================
12:29:58.0927 4900 Scan started
12:29:58.0927 4900 Mode: Manual;
12:29:58.0927 4900 ============================================================
12:29:59.0567 4900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:29:59.0567 4900 1394ohci - ok
12:29:59.0597 4900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:59.0597 4900 ACPI - ok
12:29:59.0617 4900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:59.0627 4900 AcpiPmi - ok
12:29:59.0757 4900 AcronisAgent (6b3ca61e19d9af52749940b56f411bd5) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
12:29:59.0797 4900 AcronisAgent - ok
12:29:59.0837 4900 AcrSch2Svc (3e689f51435e3ccb9641d5a1f43df5e5) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:29:59.0847 4900 AcrSch2Svc - ok
12:29:59.0937 4900 ActService (861d18775087a286f53ade05d0f31396) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
12:29:59.0947 4900 ActService - ok
12:30:00.0017 4900 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:00.0017 4900 AdobeFlashPlayerUpdateSvc - ok
12:30:00.0037 4900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:30:00.0047 4900 adp94xx - ok
12:30:00.0067 4900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:30:00.0077 4900 adpahci - ok
12:30:00.0107 4900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:30:00.0107 4900 adpu320 - ok
12:30:00.0137 4900 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:30:00.0137 4900 AeLookupSvc - ok
12:30:00.0177 4900 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:30:00.0177 4900 AFD - ok
12:30:00.0207 4900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:30:00.0207 4900 agp440 - ok
12:30:00.0227 4900 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:30:00.0227 4900 ALG - ok
12:30:00.0257 4900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:30:00.0257 4900 aliide - ok
12:30:00.0297 4900 AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe
12:30:00.0307 4900 AMD External Events Utility - ok
12:30:00.0327 4900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:30:00.0327 4900 amdide - ok
12:30:00.0357 4900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:30:00.0357 4900 AmdK8 - ok
12:30:00.0517 4900 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:00.0687 4900 amdkmdag - ok
12:30:00.0717 4900 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
12:30:00.0717 4900 amdkmdap - ok
12:30:00.0737 4900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:30:00.0737 4900 AmdPPM - ok
12:30:00.0777 4900 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:30:00.0787 4900 amdsata - ok
12:30:00.0807 4900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:30:00.0817 4900 amdsbs - ok
12:30:00.0847 4900 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:30:00.0847 4900 amdxata - ok
12:30:00.0867 4900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:30:00.0877 4900 AppID - ok
12:30:00.0907 4900 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:30:00.0917 4900 AppIDSvc - ok
12:30:00.0927 4900 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:30:00.0937 4900 Appinfo - ok
12:30:00.0957 4900 AppleCharger (a632d9ea15f37d2605a7fcaf3892ec96) C:\Windows\system32\DRIVERS\AppleCharger.sys
12:30:00.0957 4900 AppleCharger - ok
12:30:00.0977 4900 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
12:30:00.0987 4900 AppleChargerSrv - ok
12:30:01.0017 4900 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
12:30:01.0017 4900 appliand - ok
12:30:01.0037 4900 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
12:30:01.0037 4900 appliandMP - ok
12:30:01.0077 4900 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:30:01.0097 4900 AppMgmt - ok
12:30:01.0137 4900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:30:01.0147 4900 arc - ok
12:30:01.0167 4900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:30:01.0167 4900 arcsas - ok
12:30:01.0317 4900 ARSM (4c90c56d551431876c6fa1b20f45d202) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
12:30:01.0377 4900 ARSM - ok
12:30:01.0437 4900 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:30:01.0457 4900 aspnet_state - ok
12:30:01.0497 4900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:01.0507 4900 AsyncMac - ok
12:30:01.0527 4900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:30:01.0527 4900 atapi - ok
12:30:01.0557 4900 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
12:30:01.0557 4900 AtiHDAudioService - ok
12:30:01.0727 4900 atikmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:01.0767 4900 atikmdag - ok
12:30:01.0827 4900 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:30:01.0827 4900 AudioEndpointBuilder - ok
12:30:01.0837 4900 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:30:01.0847 4900 AudioSrv - ok
12:30:01.0867 4900 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:30:01.0867 4900 AxInstSV - ok
12:30:01.0897 4900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:30:01.0907 4900 b06bdrv - ok
12:30:01.0927 4900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:01.0927 4900 b57nd60a - ok
12:30:01.0947 4900 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:30:01.0957 4900 BDESVC - ok
12:30:01.0967 4900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:30:01.0967 4900 Beep - ok
12:30:01.0987 4900 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:30:01.0997 4900 BFE - ok
12:30:02.0057 4900 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:30:02.0067 4900 BITS - ok
12:30:02.0087 4900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:02.0087 4900 blbdrive - ok
12:30:02.0117 4900 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:30:02.0127 4900 bowser - ok
12:30:02.0127 4900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:30:02.0127 4900 BrFiltLo - ok
12:30:02.0157 4900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:30:02.0157 4900 BrFiltUp - ok
12:30:02.0197 4900 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:30:02.0197 4900 BridgeMP - ok
12:30:02.0217 4900 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:30:02.0227 4900 Browser - ok
12:30:02.0237 4900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:30:02.0247 4900 Brserid - ok
12:30:02.0257 4900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:02.0257 4900 BrSerWdm - ok
12:30:02.0267 4900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:02.0267 4900 BrUsbMdm - ok
12:30:02.0277 4900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:02.0277 4900 BrUsbSer - ok
12:30:02.0297 4900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:30:02.0297 4900 BTHMODEM - ok
12:30:02.0317 4900 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:30:02.0317 4900 bthserv - ok
12:30:02.0347 4900 catchme - ok
12:30:02.0367 4900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:30:02.0377 4900 cdfs - ok
12:30:02.0387 4900 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:30:02.0397 4900 cdrom - ok
12:30:02.0427 4900 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:02.0427 4900 CertPropSvc - ok
12:30:02.0447 4900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:30:02.0447 4900 circlass - ok
12:30:02.0467 4900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:30:02.0477 4900 CLFS - ok
12:30:02.0517 4900 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:02.0517 4900 clr_optimization_v2.0.50727_32 - ok
12:30:02.0547 4900 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:30:02.0547 4900 clr_optimization_v2.0.50727_64 - ok
12:30:02.0597 4900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:02.0607 4900 clr_optimization_v4.0.30319_32 - ok
12:30:02.0667 4900 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:30:02.0677 4900 clr_optimization_v4.0.30319_64 - ok
12:30:02.0687 4900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:30:02.0697 4900 CmBatt - ok
12:30:02.0697 4900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:30:02.0697 4900 cmdide - ok
12:30:02.0757 4900 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:30:02.0767 4900 CNG - ok
12:30:02.0777 4900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:30:02.0777 4900 Compbatt - ok
12:30:02.0797 4900 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:30:02.0797 4900 CompositeBus - ok
12:30:02.0807 4900 COMSysApp - ok
12:30:02.0847 4900 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
12:30:02.0847 4900 cpuz135 - ok
12:30:02.0867 4900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:30:02.0887 4900 crcdisk - ok
12:30:02.0917 4900 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:30:02.0917 4900 CryptSvc - ok
12:30:02.0957 4900 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:30:02.0957 4900 CSC - ok
12:30:02.0987 4900 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:30:02.0987 4900 CscService - ok
12:30:03.0017 4900 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:03.0027 4900 DcomLaunch - ok
12:30:03.0057 4900 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:30:03.0057 4900 defragsvc - ok
12:30:03.0137 4900 DES2 Service (fdc0c5adde1cde6edb0bef78f0699af3) C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
12:30:03.0137 4900 DES2 Service - ok
12:30:03.0147 4900 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:30:03.0157 4900 DfsC - ok
12:30:03.0197 4900 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:30:03.0197 4900 Dhcp - ok
12:30:03.0207 4900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:30:03.0217 4900 discache - ok
12:30:03.0227 4900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:30:03.0227 4900 Disk - ok
12:30:03.0267 4900 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:30:03.0267 4900 dmvsc - ok
12:30:03.0297 4900 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:30:03.0297 4900 Dnscache - ok
12:30:03.0317 4900 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:30:03.0317 4900 dot3svc - ok
12:30:03.0327 4900 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:30:03.0337 4900 DPS - ok
12:30:03.0357 4900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:30:03.0367 4900 drmkaud - ok
12:30:03.0387 4900 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:30:03.0397 4900 DXGKrnl - ok
12:30:03.0447 4900 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
12:30:03.0447 4900 eamonm - ok
12:30:03.0457 4900 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:30:03.0457 4900 EapHost - ok
12:30:03.0517 4900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:30:03.0577 4900 ebdrv - ok
12:30:03.0637 4900 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:30:03.0637 4900 EFS - ok
12:30:03.0687 4900 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
12:30:03.0687 4900 ehdrv - ok
12:30:03.0737 4900 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:30:03.0737 4900 ehRecvr - ok
12:30:03.0747 4900 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:30:03.0757 4900 ehSched - ok
12:30:03.0837 4900 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
12:30:03.0847 4900 ekrn - ok
12:30:03.0867 4900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:30:03.0877 4900 elxstor - ok
12:30:03.0917 4900 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
12:30:03.0917 4900 epfw - ok
12:30:03.0947 4900 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
12:30:03.0947 4900 EpfwLWF - ok
12:30:03.0967 4900 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
12:30:03.0967 4900 epfwwfp - ok
12:30:03.0987 4900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:30:03.0987 4900 ErrDev - ok
12:30:04.0017 4900 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:30:04.0017 4900 EventSystem - ok
12:30:04.0037 4900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:30:04.0037 4900 exfat - ok
12:30:04.0047 4900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:30:04.0057 4900 fastfat - ok
12:30:04.0087 4900 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:30:04.0097 4900 Fax - ok
12:30:04.0117 4900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:30:04.0117 4900 fdc - ok
12:30:04.0127 4900 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:30:04.0127 4900 fdPHost - ok
12:30:04.0147 4900 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:30:04.0147 4900 FDResPub - ok
12:30:04.0167 4900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:30:04.0167 4900 FileInfo - ok
12:30:04.0177 4900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:30:04.0177 4900 Filetrace - ok
12:30:04.0187 4900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:30:04.0187 4900 flpydisk - ok
12:30:04.0207 4900 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:30:04.0207 4900 FltMgr - ok
12:30:04.0247 4900 fltsrv (b8afe7a30d34c0e9fdba81632294547c) C:\Windows\system32\DRIVERS\fltsrv.sys
12:30:04.0257 4900 fltsrv - ok
12:30:04.0297 4900 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:30:04.0327 4900 FontCache - ok
12:30:04.0367 4900 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:30:04.0377 4900 FontCache3.0.0.0 - ok
12:30:04.0427 4900 FreemakeVideoCapture (93b5cd0ac126be95f65b28af3d9542dc) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
12:30:04.0427 4900 FreemakeVideoCapture - ok
12:30:04.0457 4900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:30:04.0457 4900 FsDepends - ok
12:30:04.0477 4900 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:30:04.0497 4900 Fs_Rec - ok
12:30:04.0507 4900 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:30:04.0517 4900 fvevol - ok
12:30:04.0527 4900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:30:04.0527 4900 gagp30kx - ok
12:30:04.0557 4900 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
12:30:04.0557 4900 gdrv - ok
12:30:04.0587 4900 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:30:04.0597 4900 gpsvc - ok
12:30:04.0617 4900 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
12:30:04.0617 4900 GVTDrv64 - ok
12:30:04.0627 4900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:30:04.0637 4900 hcw85cir - ok
12:30:04.0657 4900 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:30:04.0667 4900 HdAudAddService - ok
12:30:04.0677 4900 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:30:04.0677 4900 HDAudBus - ok
12:30:04.0687 4900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:30:04.0687 4900 HidBatt - ok
12:30:04.0707 4900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:30:04.0707 4900 HidBth - ok
12:30:04.0747 4900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:30:04.0747 4900 HidIr - ok
12:30:04.0767 4900 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:30:04.0767 4900 hidserv - ok
12:30:04.0787 4900 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:04.0787 4900 HidUsb - ok
12:30:04.0807 4900 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:30:04.0807 4900 hkmsvc - ok
12:30:04.0837 4900 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:30:04.0837 4900 HomeGroupListener - ok
12:30:04.0867 4900 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:30:04.0867 4900 HomeGroupProvider - ok
12:30:04.0887 4900 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:30:04.0887 4900 HpSAMD - ok
12:30:04.0917 4900 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:30:04.0927 4900 HTTP - ok
12:30:04.0937 4900 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:30:04.0937 4900 hwpolicy - ok
12:30:04.0977 4900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:30:04.0977 4900 i8042prt - ok
12:30:05.0017 4900 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:30:05.0017 4900 IAANTMON - ok
12:30:05.0047 4900 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:30:05.0047 4900 iaStor - ok
12:30:05.0077 4900 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:30:05.0087 4900 iaStorV - ok
12:30:05.0147 4900 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:30:05.0147 4900 IDriverT - ok
12:30:05.0197 4900 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:30:05.0207 4900 idsvc - ok
12:30:05.0217 4900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:30:05.0217 4900 iirsp - ok
12:30:05.0257 4900 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:30:05.0267 4900 IKEEXT - ok
12:30:05.0327 4900 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
12:30:05.0347 4900 IntcAzAudAddService - ok
12:30:05.0367 4900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:30:05.0367 4900 intelide - ok
12:30:05.0387 4900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:30:05.0387 4900 intelppm - ok
12:30:05.0407 4900 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:30:05.0407 4900 IPBusEnum - ok
12:30:05.0417 4900 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:30:05.0427 4900 IpFilterDriver - ok
12:30:05.0447 4900 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:30:05.0447 4900 iphlpsvc - ok
12:30:05.0467 4900 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:30:05.0467 4900 IPMIDRV - ok
12:30:05.0487 4900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:30:05.0487 4900 IPNAT - ok
12:30:05.0497 4900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:30:05.0507 4900 IRENUM - ok
12:30:05.0517 4900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:30:05.0517 4900 isapnp - ok
12:30:05.0527 4900 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:30:05.0537 4900 iScsiPrt - ok
12:30:05.0567 4900 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
12:30:05.0597 4900 ISODrive - ok
12:30:05.0637 4900 JMB36X (f3a41ec4c6506e76e07a219b3a1df8d2) C:\Windows\SysWOW64\XSrvSetup.exe
12:30:05.0637 4900 JMB36X - ok
12:30:05.0657 4900 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
12:30:05.0657 4900 JRAID - ok
12:30:05.0667 4900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:30:05.0667 4900 kbdclass - ok
12:30:05.0677 4900 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:30:05.0677 4900 kbdhid - ok
12:30:05.0717 4900 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:05.0717 4900 KeyIso - ok
12:30:05.0747 4900 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:30:05.0757 4900 KSecDD - ok
12:30:05.0787 4900 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:30:05.0787 4900 KSecPkg - ok
12:30:05.0797 4900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:30:05.0797 4900 ksthunk - ok
12:30:05.0827 4900 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:30:05.0837 4900 KtmRm - ok
12:30:05.0857 4900 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:30:05.0857 4900 LanmanServer - ok
12:30:05.0877 4900 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:30:05.0887 4900 LanmanWorkstation - ok
12:30:05.0907 4900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:30:05.0907 4900 lltdio - ok
12:30:05.0927 4900 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:30:05.0927 4900 lltdsvc - ok
12:30:05.0937 4900 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:30:05.0937 4900 lmhosts - ok
12:30:05.0957 4900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:30:05.0957 4900 LSI_FC - ok
12:30:05.0967 4900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:30:05.0977 4900 LSI_SAS - ok
12:30:05.0987 4900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:30:05.0997 4900 LSI_SAS2 - ok
12:30:06.0007 4900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:30:06.0007 4900 LSI_SCSI - ok
12:30:06.0017 4900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:30:06.0027 4900 luafv - ok
12:30:06.0067 4900 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:30:06.0067 4900 MBAMProtector - ok
12:30:06.0127 4900 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:30:06.0127 4900 MBAMService - ok
12:30:06.0157 4900 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:30:06.0177 4900 Mcx2Svc - ok
12:30:06.0197 4900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:30:06.0207 4900 megasas - ok
12:30:06.0227 4900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:30:06.0227 4900 MegaSR - ok
12:30:06.0267 4900 Microsoft SharePoint Workspace Audit Service - ok
12:30:06.0297 4900 mirrorv3 (090ee52afdff9932909c480bdda0c8ce) C:\Windows\system32\DRIVERS\rminiv3.sys
12:30:06.0297 4900 mirrorv3 - ok
12:30:06.0317 4900 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:06.0327 4900 MMCSS - ok
12:30:06.0517 4900 MMS (92f3e6b1c94af693d8860a523fa8725c) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
12:30:06.0637 4900 MMS - ok
12:30:06.0667 4900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:30:06.0667 4900 Modem - ok
12:30:06.0697 4900 MODEMCSA (e38aef079cd3bcfa19f2072a214f829d) C:\Windows\system32\drivers\MODEMCSA.sys
12:30:06.0697 4900 MODEMCSA - ok
12:30:06.0727 4900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:30:06.0727 4900 monitor - ok
12:30:06.0737 4900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:30:06.0737 4900 mouclass - ok
12:30:06.0757 4900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:30:06.0757 4900 mouhid - ok
12:30:06.0777 4900 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:30:06.0777 4900 mountmgr - ok
12:30:06.0797 4900 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:30:06.0797 4900 mpio - ok
12:30:06.0817 4900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:30:06.0817 4900 mpsdrv - ok
12:30:06.0857 4900 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:30:06.0867 4900 MpsSvc - ok
12:30:06.0907 4900 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:30:06.0907 4900 MRxDAV - ok
12:30:06.0947 4900 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:30:06.0947 4900 mrxsmb - ok
12:30:06.0967 4900 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:30:06.0967 4900 mrxsmb10 - ok
12:30:07.0007 4900 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:30:07.0007 4900 mrxsmb20 - ok
12:30:07.0017 4900 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:30:07.0017 4900 msahci - ok
12:30:07.0027 4900 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:30:07.0037 4900 msdsm - ok
12:30:07.0057 4900 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:30:07.0057 4900 MSDTC - ok
12:30:07.0087 4900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:30:07.0097 4900 Msfs - ok
12:30:07.0107 4900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:30:07.0107 4900 mshidkmdf - ok
12:30:07.0117 4900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:30:07.0117 4900 msisadrv - ok
12:30:07.0147 4900 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:30:07.0147 4900 MSiSCSI - ok
12:30:07.0157 4900 msiserver - ok
12:30:07.0177 4900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:30:07.0177 4900 MSKSSRV - ok
12:30:07.0187 4900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:30:07.0197 4900 MSPCLOCK - ok
12:30:07.0207 4900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:30:07.0207 4900 MSPQM - ok
12:30:07.0227 4900 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:30:07.0237 4900 MsRPC - ok
12:30:07.0257 4900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:30:07.0257 4900 mssmbios - ok
12:30:07.0307 4900 MSSQL$ACT7 - ok
12:30:07.0407 4900 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:30:07.0407 4900 MSSQLServerADHelper100 - ok
12:30:07.0437 4900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:30:07.0437 4900 MSTEE - ok
12:30:07.0457 4900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:30:07.0457 4900 MTConfig - ok
12:30:07.0487 4900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:30:07.0487 4900 Mup - ok
12:30:07.0517 4900 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:30:07.0517 4900 napagent - ok
12:30:07.0547 4900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:30:07.0547 4900 NativeWifiP - ok
12:30:07.0577 4900 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:30:07.0587 4900 NDIS - ok
12:30:07.0607 4900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:30:07.0607 4900 NdisCap - ok
12:30:07.0627 4900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:30:07.0627 4900 NdisTapi - ok
12:30:07.0647 4900 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:30:07.0647 4900 Ndisuio - ok
12:30:07.0667 4900 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:30:07.0667 4900 NdisWan - ok
12:30:07.0687 4900 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:30:07.0687 4900 NDProxy - ok
12:30:07.0697 4900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:30:07.0697 4900 NetBIOS - ok
12:30:07.0707 4900 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:30:07.0707 4900 NetBT - ok
12:30:07.0747 4900 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:07.0747 4900 Netlogon - ok
12:30:07.0777 4900 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:30:07.0777 4900 Netman - ok
12:30:07.0827 4900 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:30:07.0847 4900 NetMsmqActivator - ok
12:30:07.0847 4900 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:30:07.0847 4900 NetPipeActivator - ok
12:30:07.0877 4900 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:30:07.0877 4900 netprofm - ok
12:30:07.0887 4900 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:30:07.0887 4900 NetTcpActivator - ok
12:30:07.0897 4900 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:30:07.0897 4900 NetTcpPortSharing - ok
12:30:07.0967 4900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:30:07.0967 4900 nfrd960 - ok
12:30:08.0017 4900 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:30:08.0017 4900 NlaSvc - ok
12:30:08.0037 4900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:30:08.0037 4900 Npfs - ok
12:30:08.0057 4900 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:30:08.0057 4900 nsi - ok
12:30:08.0077 4900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:30:08.0077 4900 nsiproxy - ok
12:30:08.0137 4900 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:30:08.0167 4900 Ntfs - ok
12:30:08.0177 4900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:30:08.0177 4900 Null - ok
12:30:08.0207 4900 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:30:08.0207 4900 nusb3hub - ok
12:30:08.0227 4900 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:30:08.0237 4900 nusb3xhc - ok
12:30:08.0257 4900 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:30:08.0257 4900 nvraid - ok
12:30:08.0277 4900 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:30:08.0277 4900 nvstor - ok
12:30:08.0297 4900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:30:08.0297 4900 nv_agp - ok
12:30:08.0317 4900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:30:08.0317 4900 ohci1394 - ok
12:30:08.0417 4900 OS Selector (63927f81e1a89c03e77977de35c4abb8) C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
12:30:08.0447 4900 OS Selector - ok
12:30:08.0477 4900 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:30:08.0497 4900 ose - ok
12:30:08.0597 4900 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:30:08.0617 4900 osppsvc - ok
12:30:08.0647 4900 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:30:08.0647 4900 p2pimsvc - ok
12:30:08.0677 4900 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:30:08.0687 4900 p2psvc - ok
12:30:08.0707 4900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:30:08.0717 4900 Parport - ok
12:30:08.0737 4900 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:30:08.0737 4900 partmgr - ok
12:30:08.0767 4900 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:30:08.0777 4900 PcaSvc - ok
12:30:08.0797 4900 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:30:08.0797 4900 pci - ok
12:30:08.0807 4900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:30:08.0807 4900 pciide - ok
12:30:08.0827 4900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:30:08.0837 4900 pcmcia - ok
12:30:08.0847 4900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:30:08.0847 4900 pcw - ok
12:30:08.0887 4900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:30:08.0887 4900 PEAUTH - ok
12:30:08.0937 4900 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:30:08.0967 4900 PeerDistSvc - ok
12:30:09.0007 4900 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:30:09.0007 4900 PerfHost - ok
12:30:09.0057 4900 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:30:09.0087 4900 pla - ok
12:30:09.0127 4900 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:30:09.0127 4900 PlugPlay - ok
12:30:09.0147 4900 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:30:09.0147 4900 PNRPAutoReg - ok
12:30:09.0167 4900 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:30:09.0167 4900 PNRPsvc - ok
12:30:09.0197 4900 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:30:09.0197 4900 PolicyAgent - ok
12:30:09.0237 4900 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:30:09.0237 4900 Power - ok
12:30:09.0247 4900 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:30:09.0257 4900 PptpMiniport - ok
12:30:09.0297 4900 Printer Control (eb19fb454bf9b0f2cb7c9410424a590d) C:\Windows\system32\PrintCtrl.exe
12:30:09.0297 4900 Printer Control - ok
12:30:09.0317 4900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:30:09.0317 4900 Processor - ok
12:30:09.0337 4900 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:30:09.0347 4900 ProfSvc - ok
12:30:09.0377 4900 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:09.0377 4900 ProtectedStorage - ok
12:30:09.0397 4900 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:30:09.0397 4900 Psched - ok
12:30:09.0477 4900 PSI_SVC_2 (7712267dbad69820e0766b17d8f6543e) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:30:09.0477 4900 PSI_SVC_2 - ok
12:30:09.0517 4900 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:30:09.0517 4900 PxHlpa64 - ok
12:30:09.0567 4900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:30:09.0607 4900 ql2300 - ok
12:30:09.0617 4900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:30:09.0627 4900 ql40xx - ok
12:30:09.0677 4900 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:30:09.0677 4900 QWAVE - ok
12:30:09.0687 4900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:30:09.0707 4900 QWAVEdrv - ok
12:30:09.0797 4900 raddrvv3 (eaea964b2d9b23c6adc5332c9b1cf228) C:\Windows\SysWOW64\rserver30\raddrvv3.sys
12:30:09.0797 4900 raddrvv3 - ok
12:30:09.0817 4900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:30:09.0817 4900 RasAcd - ok
12:30:09.0847 4900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:30:09.0847 4900 RasAgileVpn - ok
12:30:09.0857 4900 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:30:09.0867 4900 RasAuto - ok
12:30:09.0877 4900 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:30:09.0887 4900 Rasl2tp - ok
12:30:09.0917 4900 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:30:09.0917 4900 RasMan - ok
12:30:09.0937 4900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:30:09.0937 4900 RasPppoe - ok
12:30:09.0947 4900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:30:09.0957 4900 RasSstp - ok
12:30:09.0977 4900 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:30:09.0977 4900 rdbss - ok
12:30:09.0997 4900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:30:09.0997 4900 rdpbus - ok
12:30:10.0007 4900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:30:10.0017 4900 RDPCDD - ok
12:30:10.0047 4900 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:30:10.0057 4900 RDPDR - ok
12:30:10.0077 4900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:30:10.0077 4900 RDPENCDD - ok
12:30:10.0117 4900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:30:10.0127 4900 RDPREFMP - ok
12:30:10.0147 4900 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
12:30:10.0147 4900 RdpVideoMiniport - ok
12:30:10.0177 4900 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:30:10.0187 4900 RDPWD - ok
12:30:10.0207 4900 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:30:10.0207 4900 rdyboost - ok
12:30:10.0257 4900 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:30:10.0257 4900 RemoteAccess - ok
12:30:10.0277 4900 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:30:10.0287 4900 RemoteRegistry - ok
12:30:10.0347 4900 RHDISK_AMD64 (53579c5b424621e9333cea216766aa96) C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS
12:30:10.0347 4900 RHDISK_AMD64 - ok
12:30:10.0397 4900 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:30:10.0397 4900 RimUsb - ok
12:30:10.0427 4900 Rohos Disk (87955d842741c3b31c6cc0b16deec797) C:\Program Files (x86)\Rohos\agent.exe
12:30:10.0437 4900 Rohos Disk - ok
12:30:10.0467 4900 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:30:10.0467 4900 RpcEptMapper - ok
12:30:10.0487 4900 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:30:10.0487 4900 RpcLocator - ok
12:30:10.0507 4900 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:10.0517 4900 RpcSs - ok
12:30:10.0597 4900 RServer3 (84d738020c550725635c591fe48c288a) C:\Windows\SysWOW64\rserver30\RServer3.exe
12:30:10.0607 4900 RServer3 - ok
12:30:10.0647 4900 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
12:30:10.0667 4900 RsFx0150 - ok
12:30:10.0697 4900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:30:10.0697 4900 rspndr - ok
12:30:10.0737 4900 RTL8167 (39a719875f572241c585a629ee62eb14) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:30:10.0747 4900 RTL8167 - ok
12:30:10.0767 4900 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:30:10.0767 4900 s3cap - ok
12:30:10.0827 4900 Sage ACT! Network Sync Service (5fd1f7942da8086ca71e4099fa0d55d4) C:\Program Files (x86)\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchronization.Service.exe
12:30:10.0827 4900 Sage ACT! Network Sync Service - ok
12:30:10.0867 4900 Sage ACT! Scheduler (50bc0e3ff1c61fea769949ab5355fd2a) C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
12:30:10.0867 4900 Sage ACT! Scheduler - ok
12:30:10.0907 4900 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:10.0907 4900 SamSs - ok
12:30:10.0917 4900 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:30:10.0947 4900 sbp2port - ok
12:30:10.0957 4900 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:30:10.0957 4900 SCardSvr - ok
12:30:10.0967 4900 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:30:10.0987 4900 scfilter - ok
12:30:11.0027 4900 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:30:11.0057 4900 Schedule - ok
12:30:11.0077 4900 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:11.0077 4900 SCPolicySvc - ok
12:30:11.0097 4900 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:30:11.0097 4900 SDRSVC - ok
12:30:11.0117 4900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:30:11.0117 4900 secdrv - ok
12:30:11.0127 4900 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:30:11.0137 4900 seclogon - ok
12:30:11.0147 4900 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:30:11.0147 4900 SENS - ok
12:30:11.0157 4900 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:30:11.0167 4900 SensrSvc - ok
12:30:11.0197 4900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:30:11.0197 4900 Serenum - ok
12:30:11.0207 4900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:30:11.0207 4900 Serial - ok
12:30:11.0227 4900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:30:11.0227 4900 sermouse - ok
12:30:11.0257 4900 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:30:11.0267 4900 SessionEnv - ok
12:30:11.0287 4900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:30:11.0287 4900 sffdisk - ok
12:30:11.0307 4900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:30:11.0307 4900 sffp_mmc - ok
12:30:11.0317 4900 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:30:11.0317 4900 sffp_sd - ok
12:30:11.0337 4900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:30:11.0337 4900 sfloppy - ok
12:30:11.0367 4900 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:30:11.0377 4900 SharedAccess - ok
12:30:11.0397 4900 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:30:11.0407 4900 ShellHWDetection - ok
12:30:11.0427 4900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:30:11.0427 4900 SiSRaid2 - ok
12:30:11.0447 4900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:30:11.0447 4900 SiSRaid4 - ok
12:30:11.0467 4900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:30:11.0467 4900 Smb - ok
12:30:11.0527 4900 snapman (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
12:30:11.0527 4900 snapman - ok
12:30:11.0547 4900 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:30:11.0547 4900 SNMPTRAP - ok
12:30:11.0567 4900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:30:11.0567 4900 spldr - ok
12:30:11.0587 4900 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:30:11.0597 4900 Spooler - ok
12:30:11.0657 4900 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:30:11.0707 4900 sppsvc - ok
12:30:11.0717 4900 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:30:11.0727 4900 sppuinotify - ok
12:30:11.0757 4900 Spyder3 (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys
12:30:11.0757 4900 Spyder3 - ok
12:30:11.0827 4900 SQLAgent$ACT7 (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
12:30:11.0837 4900 SQLAgent$ACT7 - ok
12:30:11.0877 4900 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:30:11.0887 4900 SQLBrowser - ok
12:30:11.0917 4900 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:30:11.0927 4900 SQLWriter - ok
12:30:11.0967 4900 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:30:11.0967 4900 srv - ok
12:30:11.0997 4900 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:30:11.0997 4900 srv2 - ok
12:30:12.0027 4900 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:30:12.0027 4900 srvnet - ok
12:30:12.0047 4900 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:30:12.0047 4900 SSDPSRV - ok
12:30:12.0067 4900 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:30:12.0067 4900 SstpSvc - ok
12:30:12.0097 4900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:30:12.0097 4900 stexstor - ok
12:30:12.0127 4900 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:30:12.0137 4900 stisvc - ok
12:30:12.0157 4900 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:30:12.0157 4900 storflt - ok
12:30:12.0197 4900 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:30:12.0197 4900 storvsc - ok
12:30:12.0217 4900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:30:12.0217 4900 swenum - ok
12:30:12.0257 4900 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:30:12.0267 4900 SwitchBoard - ok
12:30:12.0287 4900 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:30:12.0287 4900 swprv - ok
12:30:12.0317 4900 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
12:30:12.0327 4900 Synth3dVsc - ok
12:30:12.0377 4900 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:30:12.0407 4900 SysMain - ok
12:30:12.0427 4900 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:30:12.0437 4900 TabletInputService - ok
12:30:12.0467 4900 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:30:12.0467 4900 TapiSrv - ok
12:30:12.0487 4900 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:30:12.0487 4900 TBS - ok
12:30:12.0547 4900 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:30:12.0577 4900 Tcpip - ok
12:30:12.0627 4900 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:30:12.0647 4900 TCPIP6 - ok
12:30:12.0687 4900 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:30:12.0687 4900 tcpipreg - ok
12:30:12.0707 4900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:30:13.0637 4900 TDPIPE - ok
12:30:13.0707 4900 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:30:13.0717 4900 TDTCP - ok
12:30:13.0757 4900 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:30:13.0787 4900 tdx - ok
12:30:13.0817 4900 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:30:13.0837 4900 TermDD - ok
12:30:13.0877 4900 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
12:30:13.0897 4900 terminpt - ok
12:30:13.0947 4900 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:30:13.0947 4900 TermService - ok
12:30:14.0037 4900 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:30:14.0037 4900 Themes - ok
12:30:14.0067 4900 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:14.0067 4900 THREADORDER - ok
12:30:14.0117 4900 timounter (6adc063fd51f03ef0cab3e716a725bd2) C:\Windows\system32\DRIVERS\timntr.sys
12:30:14.0127 4900 timounter - ok
12:30:14.0177 4900 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:30:14.0177 4900 TrkWks - ok
12:30:14.0207 4900 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:30:14.0217 4900 TrustedInstaller - ok
12:30:14.0237 4900 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:30:14.0237 4900 tssecsrv - ok
12:30:14.0267 4900 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:30:14.0307 4900 TsUsbFlt - ok
12:30:14.0347 4900 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:30:14.0347 4900 TsUsbGD - ok
12:30:14.0387 4900 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
12:30:14.0407 4900 tsusbhub - ok
12:30:14.0437 4900 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:30:14.0467 4900 tunnel - ok
12:30:14.0487 4900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:30:14.0517 4900 uagp35 - ok
12:30:14.0557 4900 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:30:14.0567 4900 udfs - ok
12:30:14.0607 4900 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:30:14.0617 4900 UI0Detect - ok
12:30:14.0627 4900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:30:14.0657 4900 uliagpkx - ok
12:30:14.0687 4900 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:30:14.0707 4900 umbus - ok
12:30:14.0727 4900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:30:14.0747 4900 UmPass - ok
12:30:14.0777 4900 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:30:14.0777 4900 UmRdpService - ok
12:30:14.0797 4900 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:30:14.0807 4900 upnphost - ok
12:30:14.0837 4900 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:30:14.0857 4900 usbccgp - ok
12:30:14.0887 4900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:30:14.0887 4900 usbcir - ok
12:30:14.0907 4900 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:30:14.0927 4900 usbehci - ok
12:30:14.0947 4900 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:30:14.0977 4900 usbhub - ok
12:30:14.0987 4900 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:30:14.0997 4900 usbohci - ok
12:30:15.0017 4900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:30:15.0037 4900 usbprint - ok
12:30:15.0057 4900 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:30:15.0067 4900 usbscan - ok
12:30:15.0097 4900 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
12:30:15.0117 4900 usbser - ok
12:30:15.0137 4900 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:30:15.0157 4900 USBSTOR - ok
12:30:15.0177 4900 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:30:15.0177 4900 usbuhci - ok
12:30:15.0197 4900 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:30:15.0197 4900 UxSms - ok
12:30:15.0227 4900 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:15.0237 4900 VaultSvc - ok
12:30:15.0257 4900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:30:15.0257 4900 vdrvroot - ok
12:30:15.0277 4900 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:30:15.0287 4900 vds - ok
12:30:15.0307 4900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:30:15.0307 4900 vga - ok
12:30:15.0327 4900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:30:15.0347 4900 VgaSave - ok
12:30:15.0357 4900 VGPU - ok
12:30:15.0377 4900 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:30:15.0407 4900 vhdmp - ok
12:30:15.0417 4900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:30:15.0437 4900 viaide - ok
12:30:15.0467 4900 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:30:15.0507 4900 vmbus - ok
12:30:15.0517 4900 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:30:15.0527 4900 VMBusHID - ok
12:30:15.0547 4900 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:30:15.0547 4900 volmgr - ok
12:30:15.0567 4900 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:30:15.0567 4900 volmgrx - ok
12:30:15.0587 4900 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:30:15.0587 4900 volsnap - ok
12:30:15.0617 4900 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
12:30:15.0617 4900 vpcbus - ok
12:30:15.0647 4900 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:30:15.0687 4900 vpcnfltr - ok
12:30:15.0707 4900 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
12:30:15.0727 4900 vpcusb - ok
12:30:15.0757 4900 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
12:30:15.0757 4900 vpcuxd - ok
12:30:15.0797 4900 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
12:30:15.0797 4900 vpcvmm - ok
12:30:15.0807 4900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:30:15.0847 4900 vsmraid - ok
12:30:15.0887 4900 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:30:15.0917 4900 VSS - ok
12:30:15.0937 4900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:30:15.0957 4900 vwifibus - ok
12:30:15.0987 4900 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:30:15.0987 4900 W32Time - ok
12:30:16.0017 4900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:30:16.0017 4900 WacomPen - ok
12:30:16.0037 4900 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:16.0057 4900 WANARP - ok
12:30:16.0067 4900 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:16.0067 4900 Wanarpv6 - ok
12:30:16.0117 4900 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:30:16.0137 4900 WatAdminSvc - ok
12:30:16.0177 4900 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:30:16.0207 4900 wbengine - ok
12:30:16.0237 4900 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:30:16.0247 4900 WbioSrvc - ok
12:30:16.0267 4900 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:30:16.0277 4900 wcncsvc - ok
12:30:16.0287 4900 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:30:16.0287 4900 WcsPlugInService - ok
12:30:16.0307 4900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:30:16.0307 4900 Wd - ok
12:30:16.0327 4900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:30:16.0337 4900 Wdf01000 - ok
12:30:16.0347 4900 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:16.0347 4900 WdiServiceHost - ok
12:30:16.0357 4900 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:16.0357 4900 WdiSystemHost - ok
12:30:16.0367 4900 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:30:16.0367 4900 WebClient - ok
12:30:16.0387 4900 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:30:16.0397 4900 Wecsvc - ok
12:30:16.0417 4900 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:30:16.0417 4900 wercplsupport - ok
12:30:16.0437 4900 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:30:16.0437 4900 WerSvc - ok
12:30:16.0447 4900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:30:16.0467 4900 WfpLwf - ok
12:30:16.0477 4900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:30:16.0487 4900 WIMMount - ok
12:30:16.0527 4900 WinDefend - ok
12:30:16.0537 4900 WinHttpAutoProxySvc - ok
12:30:16.0577 4900 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:30:16.0577 4900 Winmgmt - ok
12:30:16.0627 4900 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:30:16.0657 4900 WinRM - ok
12:30:16.0697 4900 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:30:16.0707 4900 Wlansvc - ok
12:30:16.0717 4900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:30:16.0717 4900 WmiAcpi - ok
12:30:16.0747 4900 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:30:16.0747 4900 wmiApSrv - ok
12:30:16.0757 4900 WMPNetworkSvc - ok
12:30:16.0777 4900 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:30:16.0777 4900 WPCSvc - ok
12:30:16.0797 4900 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:30:16.0797 4900 WPDBusEnum - ok
12:30:16.0807 4900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:30:16.0807 4900 ws2ifsl - ok
12:30:16.0817 4900 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:30:16.0827 4900 wscsvc - ok
12:30:16.0827 4900 WSearch - ok
12:30:16.0917 4900 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:30:16.0957 4900 wuauserv - ok
12:30:16.0967 4900 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:16.0997 4900 WudfPf - ok
12:30:17.0007 4900 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:17.0007 4900 WUDFRd - ok
12:30:17.0027 4900 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:30:17.0027 4900 wudfsvc - ok
12:30:17.0047 4900 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:30:17.0057 4900 WwanSvc - ok
12:30:17.0137 4900 wwEngineSvc (d42b153cd9ac1237b7fac8ba24e1a7e4) C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
12:30:17.0137 4900 wwEngineSvc - ok
12:30:17.0157 4900 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:30:17.0227 4900 \Device\Harddisk0\DR0 - ok
12:30:17.0227 4900 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:30:17.0227 4900 \Device\Harddisk1\DR1 - ok
12:30:17.0247 4900 MBR (0x1B8) (608570817cb2e750c834cf196cf9087c) \Device\Harddisk2\DR2
12:30:17.0317 4900 \Device\Harddisk2\DR2 - ok
12:30:17.0347 4900 MBR (0x1B8) (325d7aa7563ff37c23f58384ee22e3b5) \Device\Harddisk7\DR7
12:30:17.0347 4900 \Device\Harddisk7\DR7 - ok
12:30:17.0357 4900 Boot (0x1200) (ad7d211c7c26c9ae6f694c4118dd6fa6) \Device\Harddisk0\DR0\Partition0
12:30:17.0357 4900 \Device\Harddisk0\DR0\Partition0 - ok
12:30:17.0357 4900 Boot (0x1200) (9587122564b26793bc4a8e78670743ae) \Device\Harddisk0\DR0\Partition1
12:30:17.0357 4900 \Device\Harddisk0\DR0\Partition1 - ok
12:30:17.0367 4900 Boot (0x1200) (0c5617d1ea95944526e66b66ee4ca394) \Device\Harddisk1\DR1\Partition0
12:30:17.0367 4900 \Device\Harddisk1\DR1\Partition0 - ok
12:30:17.0367 4900 Boot (0x1200) (e9e959b45477369efac907239be2ceef) \Device\Harddisk2\DR2\Partition0
12:30:17.0367 4900 \Device\Harddisk2\DR2\Partition0 - ok
12:30:17.0367 4900 Boot (0x1200) (9fb57a02dd06338a7759caaed01cfca1) \Device\Harddisk7\DR7\Partition0
12:30:17.0377 4900 \Device\Harddisk7\DR7\Partition0 - ok
12:30:17.0377 4900 ============================================================
12:30:17.0377 4900 Scan finished
12:30:17.0377 4900 ============================================================
12:30:17.0387 4596 Detected object count: 0
12:30:17.0387 4596 Actual detected object count: 0
12:30:23.0707 6996 Deinitialize success
...

aswMBR:

...
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 12:30:26
-----------------------------
12:30:26.127 OS Version: Windows x64 6.1.7601 Service Pack 1
12:30:26.127 Number of processors: 8 586 0x1A05
12:30:26.127 ComputerName: NO1 UserName:
12:30:28.347 Initialize success
12:33:18.653 AVAST engine defs: 12041700
12:38:24.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:38:24.548 Disk 0 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
12:38:24.548 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:38:24.548 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
12:38:24.558 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
12:38:24.558 Disk 2 Vendor: ST325062 3.AE Size: 238475MB BusType: 3
12:38:24.568 Disk 0 MBR read successfully
12:38:24.568 Disk 0 MBR scan
12:38:24.578 Disk 0 Windows 7 default MBR code
12:38:24.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:38:24.598 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
12:38:24.608 Disk 0 scanning C:\Windows\system32\drivers
12:38:34.938 Service scanning
12:38:59.518 Modules scanning
12:38:59.528 Disk 0 trace - called modules:
12:38:59.538 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:38:59.548 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b561060]
12:38:59.548 3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a24c050]
12:39:03.808 AVAST engine scan C:\Windows
12:39:09.878 AVAST engine scan C:\Windows\system32
12:42:35.599 AVAST engine scan C:\Windows\system32\drivers
12:42:49.739 AVAST engine scan C:\Users\Jeff
12:44:27.346 AVAST engine scan C:\ProgramData
12:46:26.986 Scan finished successfully
12:50:52.597 Disk 0 MBR has been saved successfully to "D:\Users\Jeff\Desktop\MBR.dat"
12:50:52.597 The log file has been saved successfully to "D:\Users\Jeff\Desktop\aswMBR.txt"
...

Edited by jeffshead, 17 April 2012 - 11:56 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 17 April 2012 - 04:49 PM

Greetings

Are you still being redirected - I want you to check all browsers that are installed and let me know if and which ones are being redirected

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 April 2012 - 09:35 PM

No, I have not encountered any browser redirecting.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 17 April 2012 - 09:55 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 April 2012 - 10:20 PM

@BIOS
Acronis Backup & Recovery 11 Agent Core
Acronis Backup & Recovery 11 Command-Line Tool
Acronis Backup & Recovery 11 Deduplication
Acronis Backup & Recovery 11 Tray Monitor
Acronis Backup & Recovery 11 Agent
Acronis Backup & Recovery 11 Bootable Media Builder
Acronis Backup & Recovery 11 Management Console
Acronis Backup & Recovery 11 Universal Restore
Acronis Components for Remote Installation
Acronis Disk Director 11 Advanced Agent
Acronis Disk Director 11 Advanced Bootable Media Builder
Acronis Disk Director 11 Advanced Management Console
Acronis Disk Director 11 Home
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe ConnectNow Add-in
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Story
Adobe Widget Browser
Advanced Archive Password Recovery
Apple Application Support
Apple Software Update
Applian Director
Application Profiles
Asterisk Key 10.0
AviSynth 2.5
Beyond Compare Version 3.3.2
Boilsoft Video Splitter 6.33
Brother P-touch Editor 4.2
Camtasia Studio 7
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon My Printer
Canon Speed Dial Utility
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
CCC Help English
CCE SP Trial Version
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DES 2.0
DesignPro 5
DVD Decrypter (Remove Only)
DVD Rebuilder
EPSON Easy Photo Print
Epson Print CD
EPSON Scan
Eusing Free Registry Cleaner
FastStone Image Viewer 4.6
ffdshow [rev 2583] [2009-01-05]
FileZilla Server
FlashKicker
GIF2SWF Converter v.1.3
Gigabyte Raid Configurer
Google Chrome
Haali Media Splitter
Half-Life
ieSpell
ImgBurn
Infix 5.13
Java Auto Updater
Java™ 6 Update 27
Just Great Software EditPad Pro 7 v.7.0.6
K-Lite Mega Codec Pack 8.0.0
Kayako Desktop
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Encarta Reference Suite 2000
Microsoft Encarta World English Dictionary
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server Browser
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
ON_OFF Charge B10.0422.2
Opera 11.62
PDF Settings CS5
PE Explorer 1.99 R6
PhoneTray Free
PxMergeModule
Radmin Server 3.4
Radmin Viewer 3.4
RAR Password Unlocker 4.2.0.0
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Replay AV 8
Replay Converter 4
Replay Media Catcher 4 (4.3.2)
Replay Media Splitter 1.10.1106.26
Replay Music
Replay Telecorder for Skype 1.2.0.9
Replay Video Capture 5
Resource Hacker Version 3.6.0
Resource Tuner 1.99 R6
RoboForm 7-7-5 (All Users)
Rohos Disk 1.9
Safari
Sage ACT! Network Sync Service
Sage ACT! Premium 2012
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sierra Utilities
Snagit 10.0.1
Sothink DHTML Menu 9
Sothink FLV Player
Sothink JWScroller
Sothink SWF Decompiler
Sothink SWF Editor version 1.0
Sothink Video Encoder for Adobe Flash
Spyder3Elite
UltraISO Premium V9.36
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Video Padlock
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.11
Vuze
WebEx
Window Washer
WinPcap 4.1.2
Xilisoft Video Converter Ultimate
YouSendIt Express
Zetafax Client Applications
Zetafax Printer

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 17 April 2012 - 10:34 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 27
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 19 April 2012 - 11:24 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 22 April 2012 - 02:07 PM

Thank you so very much for your help. I just need a little more time to work on the system.

I will report back as soon as I make the changes you requested.

#14 jeffshead

jeffshead
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 22 April 2012 - 02:46 PM

A question about Java...

Both the FedEx and the USPS websites require Java in order to be able to print shipping labels from my computer. If I uninstall Java™ 6 Update 27 then I will no longer be able to use my thermal printer.

How can I work around that?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 22 April 2012 - 03:40 PM

I am asking you to uninstall that one and then little further down I am asking you to download the latest version



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users