Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Alureon.E Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 Waster555

Waster555

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 April 2012 - 07:23 AM

Microsoft Security Essentials found Trojan:DOS/Alureon.A and Trojan:DOS/Alureon.E on my Windows 7 Home Premium system (64 bit). It removed Trojan:DOS/Alureon.A, but not Alureon.E. Neither TDSSKilller nor Malwarebytes detects Alureon.E, only Microsoft Security Essentials, which is unsuccessful in removing it. I formatted my hard drive and did a clean install of Windows 7, but Security Essentials still detects Alureon.E.

BC AdBot (Login to Remove)

 


#2 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 April 2012 - 07:26 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Ken at 8:14:32 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1843 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
mWinlogon: Userinit=userinit.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{12961864-0DC0-425C-97BE-428B7BD2C2FD} : DhcpNameServer = 75.75.75.75 75.75.76.76
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
.
=============== Created Last 30 ================
.
2012-04-16 11:39:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 11:39:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-16 11:18:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61E568D7-6EDC-4ECC-A921-731AC21C53FF}\offreg.dll
2012-04-16 11:15:46 -------- d-----w- C:\Users\Ken\AppData\Local\ElevatedDiagnostics
2012-04-16 10:36:21 0 ----a-w- C:\Windows\ativpsrm.bin
2012-04-16 10:10:38 116016 ----a-w- C:\Windows\System32\drivers\39057433.sys
2012-04-16 10:06:13 388096 ----a-r- C:\Users\Ken\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-16 10:06:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-16 09:40:23 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes
2012-04-16 09:40:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 09:40:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-16 09:40:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-16 08:50:42 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-16 08:50:42 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-16 08:50:42 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-16 08:50:42 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-04-16 08:50:41 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-04-16 08:50:30 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-16 08:50:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-16 08:50:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-16 08:50:29 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-16 08:41:23 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDF73A3C-2F8C-42C7-8713-0C2070932355}\gapaengine.dll
2012-04-16 08:41:17 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61E568D7-6EDC-4ECC-A921-731AC21C53FF}\mpengine.dll
2012-04-16 08:40:18 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{039FD789-7ED3-42CF-B8EE-32D61AB72BE4}\mpengine.dll
2012-04-16 08:40:17 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-16 08:38:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-16 08:38:22 -------- d-sh--w- C:\Windows\Installer
2012-04-16 08:38:22 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-16 08:38:13 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-16 08:38:13 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-15 12:44:14 -------- d-----w- C:\Windows\Panther
2012-04-15 12:43:43 -------- d-----w- C:\Windows\System32\oem
.
==================== Find3M ====================
.
.
============= FINISH: 8:14:48.17 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 17 April 2012 - 12:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 18 April 2012 - 06:39 PM

Thanks for your help Gringo.
Prior to running SecurityCheck and ComboFix, Windows automatically updated and Microsoft Security Essentials scanned and did not find Trojan:DOS/Alureon.E. Is it gone or possibly hiding?

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

ComboFix 12-04-18.02 - Ken 04/18/2012 19:13:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1517 [GMT -4:00]
Running from: c:\users\Ken\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:52 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C5778B4-A1C7-490A-8391-969CA7A3F0F6}\mpengine.dll
2012-04-18 08:28 . 2012-04-18 08:29 -------- d-----w- c:\windows\rescache
2012-04-18 07:50 . 2012-04-18 07:50 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-18 07:50 . 2012-04-18 07:50 -------- d-----w- c:\windows\system32\Wat
2012-04-18 07:22 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-18 07:22 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-04-18 07:13 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-18 07:13 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-18 07:13 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-18 07:13 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-18 07:13 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-18 07:13 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-18 07:13 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-18 07:13 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-18 07:13 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-18 07:13 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-18 07:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-18 07:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-18 07:02 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-18 07:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-18 07:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-18 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-18 07:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-18 00:31 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-04-18 00:31 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-04-18 00:31 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-04-18 00:31 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-04-18 00:31 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-04-18 00:31 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2012-04-18 00:31 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2012-04-18 00:29 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-18 00:28 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2012-04-18 00:27 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2012-04-18 00:26 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2012-04-18 00:26 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2012-04-18 00:26 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-18 00:24 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-17 10:25 . 2012-03-14 00:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-17 10:22 . 2012-04-17 10:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-17 10:19 . 2012-04-17 10:24 -------- d-----w- c:\program files (x86)\JDownloader
2012-04-17 10:08 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-17 10:08 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-04-17 10:08 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-04-17 10:08 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-04-17 10:08 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2012-04-17 10:08 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-04-17 10:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-04-17 10:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-04-17 10:08 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-04-17 10:08 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2012-04-17 09:46 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-04-17 09:46 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-04-17 09:46 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-17 09:46 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-17 07:46 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-17 07:46 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-16 23:07 . 2012-04-16 23:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-04-16 21:54 . 2012-04-16 21:54 -------- d-----w- c:\program files\Google
2012-04-16 21:53 . 2012-04-17 10:23 -------- d-----w- c:\program files (x86)\Google
2012-04-16 11:39 . 2012-04-17 10:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 11:39 . 2012-04-17 10:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 11:39 . 2012-04-16 11:39 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-16 11:39 . 2012-04-16 11:39 -------- d-----w- c:\windows\system32\Macromed
2012-04-16 10:36 . 2012-04-16 10:36 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-16 10:10 . 2012-04-16 10:10 116016 ----a-w- c:\windows\system32\drivers\39057433.sys
2012-04-16 10:06 . 2012-04-16 10:06 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-16 09:40 . 2012-04-16 09:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 09:40 . 2012-04-17 10:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 08:50 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-16 08:50 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-16 08:50 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-16 08:50 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-04-16 08:50 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-04-16 08:50 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-16 08:50 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-16 08:50 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-16 08:50 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-16 08:41 . 2012-04-16 08:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDF73A3C-2F8C-42C7-8713-0C2070932355}\gapaengine.dll
2012-04-16 08:40 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{039FD789-7ED3-42CF-B8EE-32D61AB72BE4}\mpengine.dll
2012-04-16 08:40 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-16 08:38 . 2012-04-16 08:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-16 08:38 . 2012-04-18 07:48 -------- d-sh--w- c:\windows\Installer
2012-04-16 08:38 . 2012-04-16 08:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-16 08:38 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-16 08:23 . 2012-04-16 08:24 -------- d-----w- c:\users\Ken
2012-04-16 08:23 . 2012-04-16 08:23 -------- d-----w- C:\Recovery
2012-04-15 12:44 . 2012-04-16 08:23 -------- d-----w- c:\windows\Panther
2012-04-15 12:43 . 2012-04-15 12:43 -------- d-----w- c:\windows\system32\oem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 10:27]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 10:23]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 10:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 19:23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 23:23
.
Pre-Run: 296,702,701,568 bytes free
Post-Run: 296,669,466,624 bytes free
.
- - End Of File - - 76DCB0965E0F494461777C30E7F4E768

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 18 April 2012 - 06:43 PM

Greetings

Is it gone or possibly hiding?- we will know soon

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 19 April 2012 - 01:45 AM

Here's the TDSSKiller and aswMBR logs. Thanks again.

02:28:53.0086 2100 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
02:28:53.0414 2100 ============================================================
02:28:53.0414 2100 Current date / time: 2012/04/19 02:28:53.0414
02:28:53.0414 2100 SystemInfo:
02:28:53.0414 2100
02:28:53.0414 2100 OS Version: 6.1.7600 ServicePack: 0.0
02:28:53.0414 2100 Product type: Workstation
02:28:53.0414 2100 ComputerName: GREEN
02:28:53.0414 2100 UserName: Ken
02:28:53.0414 2100 Windows directory: C:\Windows
02:28:53.0414 2100 System windows directory: C:\Windows
02:28:53.0414 2100 Running under WOW64
02:28:53.0414 2100 Processor architecture: Intel x64
02:28:53.0414 2100 Number of processors: 2
02:28:53.0414 2100 Page size: 0x1000
02:28:53.0414 2100 Boot type: Normal boot
02:28:53.0414 2100 ============================================================
02:28:54.0880 2100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:28:55.0177 2100 Drive \Device\Harddisk1\DR1 - Size: 0xAE7EE00000 (697.98 Gb), SectorSize: 0x200, Cylinders: 0x163EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:28:55.0177 2100 Drive \Device\Harddisk2\DR2 - Size: 0x24631000000 (2328.77 Gb), SectorSize: 0x1000, Cylinders: 0x9470, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:28:55.0177 2100 \Device\Harddisk0\DR0:
02:28:55.0208 2100 MBR partitions:
02:28:55.0208 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x619000
02:28:55.0208 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61CED0, BlocksNum 0x24E11130
02:28:55.0208 2100 \Device\Harddisk1\DR1:
02:28:55.0208 2100 MBR partitions:
02:28:55.0208 2100 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x573F6800
02:28:55.0208 2100 \Device\Harddisk2\DR2:
02:28:55.0208 2100 MBR partitions:
02:28:55.0208 2100 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x24630F00
02:28:55.0223 2100 F: <-> \Device\Harddisk1\DR1\Partition0
02:28:55.0223 2100 G: <-> \Device\Harddisk2\DR2\Partition0
02:28:55.0317 2100 H: <-> \Device\Harddisk0\DR0\Partition0
02:28:55.0348 2100 C: <-> \Device\Harddisk0\DR0\Partition1
02:28:55.0348 2100 Initialize success
02:28:55.0348 2100 ============================================================
02:29:05.0613 2012 ============================================================
02:29:05.0613 2012 Scan started
02:29:05.0613 2012 Mode: Manual;
02:29:05.0613 2012 ============================================================
02:29:06.0736 2012 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
02:29:06.0736 2012 1394ohci - ok
02:29:06.0877 2012 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
02:29:06.0877 2012 ACPI - ok
02:29:07.0095 2012 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
02:29:07.0095 2012 AcpiPmi - ok
02:29:07.0204 2012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:29:07.0204 2012 AdobeARMservice - ok
02:29:07.0313 2012 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:29:07.0313 2012 AdobeFlashPlayerUpdateSvc - ok
02:29:07.0438 2012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:29:07.0438 2012 adp94xx - ok
02:29:07.0547 2012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:29:07.0547 2012 adpahci - ok
02:29:07.0735 2012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:29:07.0735 2012 adpu320 - ok
02:29:07.0906 2012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:29:07.0906 2012 AeLookupSvc - ok
02:29:08.0171 2012 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
02:29:08.0171 2012 AESTFilters - ok
02:29:08.0390 2012 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
02:29:08.0390 2012 AFD - ok
02:29:08.0530 2012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
02:29:08.0530 2012 agp440 - ok
02:29:08.0624 2012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:29:08.0624 2012 ALG - ok
02:29:08.0686 2012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
02:29:08.0686 2012 aliide - ok
02:29:08.0811 2012 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
02:29:08.0811 2012 AMD External Events Utility - ok
02:29:09.0045 2012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
02:29:09.0045 2012 amdide - ok
02:29:09.0295 2012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:29:09.0295 2012 AmdK8 - ok
02:29:09.0419 2012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:29:09.0419 2012 AmdPPM - ok
02:29:09.0544 2012 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
02:29:09.0544 2012 amdsata - ok
02:29:09.0669 2012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:29:09.0669 2012 amdsbs - ok
02:29:09.0887 2012 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
02:29:09.0887 2012 amdxata - ok
02:29:10.0012 2012 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
02:29:10.0012 2012 AppID - ok
02:29:10.0246 2012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:29:10.0246 2012 AppIDSvc - ok
02:29:10.0387 2012 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
02:29:10.0387 2012 Appinfo - ok
02:29:10.0589 2012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:29:10.0589 2012 arc - ok
02:29:10.0730 2012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:29:10.0730 2012 arcsas - ok
02:29:10.0870 2012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:29:10.0870 2012 AsyncMac - ok
02:29:11.0104 2012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
02:29:11.0104 2012 atapi - ok
02:29:11.0557 2012 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
02:29:11.0588 2012 atikmdag - ok
02:29:11.0884 2012 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:29:11.0900 2012 AudioEndpointBuilder - ok
02:29:12.0071 2012 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:29:12.0071 2012 AudioSrv - ok
02:29:12.0165 2012 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
02:29:12.0165 2012 AxInstSV - ok
02:29:12.0352 2012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:29:12.0368 2012 b06bdrv - ok
02:29:12.0508 2012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:29:12.0508 2012 b57nd60a - ok
02:29:12.0758 2012 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
02:29:12.0758 2012 BCM42RLY - ok
02:29:13.0382 2012 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:29:13.0397 2012 BCM43XX - ok
02:29:13.0600 2012 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
02:29:13.0600 2012 BcmVWL - ok
02:29:13.0709 2012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:29:13.0709 2012 BDESVC - ok
02:29:13.0819 2012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:29:13.0819 2012 Beep - ok
02:29:13.0943 2012 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
02:29:13.0943 2012 BFE - ok
02:29:14.0053 2012 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
02:29:14.0068 2012 BITS - ok
02:29:14.0162 2012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:29:14.0162 2012 blbdrive - ok
02:29:14.0271 2012 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
02:29:14.0271 2012 bowser - ok
02:29:14.0380 2012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:29:14.0380 2012 BrFiltLo - ok
02:29:14.0474 2012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:29:14.0474 2012 BrFiltUp - ok
02:29:14.0645 2012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:29:14.0645 2012 BridgeMP - ok
02:29:14.0739 2012 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
02:29:14.0739 2012 Browser - ok
02:29:14.0833 2012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:29:14.0833 2012 Brserid - ok
02:29:14.0942 2012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:29:14.0942 2012 BrSerWdm - ok
02:29:15.0035 2012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:29:15.0035 2012 BrUsbMdm - ok
02:29:15.0145 2012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:29:15.0145 2012 BrUsbSer - ok
02:29:15.0238 2012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:29:15.0238 2012 BTHMODEM - ok
02:29:15.0332 2012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:29:15.0332 2012 bthserv - ok
02:29:15.0425 2012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:29:15.0425 2012 cdfs - ok
02:29:15.0550 2012 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
02:29:15.0550 2012 cdrom - ok
02:29:15.0659 2012 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:29:15.0659 2012 CertPropSvc - ok
02:29:15.0784 2012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:29:15.0784 2012 circlass - ok
02:29:15.0862 2012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:29:15.0862 2012 CLFS - ok
02:29:15.0940 2012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:29:15.0940 2012 clr_optimization_v2.0.50727_32 - ok
02:29:16.0003 2012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:29:16.0003 2012 clr_optimization_v2.0.50727_64 - ok
02:29:16.0096 2012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:29:16.0096 2012 CmBatt - ok
02:29:16.0190 2012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
02:29:16.0205 2012 cmdide - ok
02:29:16.0283 2012 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
02:29:16.0299 2012 CNG - ok
02:29:16.0408 2012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:29:16.0408 2012 Compbatt - ok
02:29:16.0517 2012 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:29:16.0517 2012 CompositeBus - ok
02:29:16.0595 2012 COMSysApp - ok
02:29:16.0689 2012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:29:16.0689 2012 crcdisk - ok
02:29:16.0798 2012 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
02:29:16.0798 2012 CryptSvc - ok
02:29:16.0907 2012 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:29:16.0923 2012 DcomLaunch - ok
02:29:17.0001 2012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:29:17.0001 2012 defragsvc - ok
02:29:17.0110 2012 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
02:29:17.0110 2012 DfsC - ok
02:29:17.0219 2012 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
02:29:17.0219 2012 Dhcp - ok
02:29:17.0313 2012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:29:17.0313 2012 discache - ok
02:29:17.0422 2012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:29:17.0422 2012 Disk - ok
02:29:17.0500 2012 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
02:29:17.0500 2012 Dnscache - ok
02:29:17.0531 2012 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
02:29:17.0547 2012 dot3svc - ok
02:29:17.0625 2012 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
02:29:17.0625 2012 DPS - ok
02:29:17.0734 2012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:29:17.0734 2012 drmkaud - ok
02:29:17.0843 2012 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
02:29:17.0859 2012 DXGKrnl - ok
02:29:17.0984 2012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:29:17.0984 2012 EapHost - ok
02:29:18.0140 2012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:29:18.0155 2012 ebdrv - ok
02:29:18.0249 2012 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
02:29:18.0249 2012 EFS - ok
02:29:18.0343 2012 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
02:29:18.0343 2012 ehRecvr - ok
02:29:18.0421 2012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:29:18.0421 2012 ehSched - ok
02:29:18.0530 2012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:29:18.0530 2012 elxstor - ok
02:29:18.0623 2012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
02:29:18.0623 2012 ErrDev - ok
02:29:18.0733 2012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:29:18.0733 2012 EventSystem - ok
02:29:18.0826 2012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:29:18.0842 2012 exfat - ok
02:29:18.0951 2012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:29:18.0951 2012 fastfat - ok
02:29:19.0045 2012 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
02:29:19.0060 2012 Fax - ok
02:29:19.0154 2012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:29:19.0154 2012 fdc - ok
02:29:19.0247 2012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:29:19.0247 2012 fdPHost - ok
02:29:19.0325 2012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:29:19.0325 2012 FDResPub - ok
02:29:19.0419 2012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:29:19.0419 2012 FileInfo - ok
02:29:19.0528 2012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:29:19.0528 2012 Filetrace - ok
02:29:19.0637 2012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:29:19.0637 2012 flpydisk - ok
02:29:19.0747 2012 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
02:29:19.0747 2012 FltMgr - ok
02:29:19.0856 2012 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
02:29:19.0871 2012 FontCache - ok
02:29:19.0934 2012 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:29:19.0934 2012 FontCache3.0.0.0 - ok
02:29:20.0027 2012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:29:20.0027 2012 FsDepends - ok
02:29:20.0121 2012 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
02:29:20.0121 2012 Fs_Rec - ok
02:29:20.0261 2012 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
02:29:20.0261 2012 fvevol - ok
02:29:20.0355 2012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:29:20.0355 2012 gagp30kx - ok
02:29:20.0449 2012 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
02:29:20.0464 2012 gpsvc - ok
02:29:20.0542 2012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:29:20.0558 2012 gupdate - ok
02:29:20.0558 2012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:29:20.0558 2012 gupdatem - ok
02:29:20.0636 2012 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:29:20.0636 2012 gusvc - ok
02:29:20.0729 2012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:29:20.0729 2012 hcw85cir - ok
02:29:20.0839 2012 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
02:29:20.0839 2012 HdAudAddService - ok
02:29:20.0948 2012 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:29:20.0948 2012 HDAudBus - ok
02:29:21.0057 2012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:29:21.0057 2012 HidBatt - ok
02:29:21.0151 2012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:29:21.0151 2012 HidBth - ok
02:29:21.0244 2012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:29:21.0244 2012 HidIr - ok
02:29:21.0353 2012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:29:21.0353 2012 hidserv - ok
02:29:21.0463 2012 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
02:29:21.0463 2012 HidUsb - ok
02:29:21.0556 2012 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
02:29:21.0556 2012 hkmsvc - ok
02:29:21.0650 2012 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
02:29:21.0650 2012 HomeGroupListener - ok
02:29:21.0728 2012 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
02:29:21.0743 2012 HomeGroupProvider - ok
02:29:21.0837 2012 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:29:21.0837 2012 HpSAMD - ok
02:29:21.0962 2012 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
02:29:21.0962 2012 HTTP - ok
02:29:22.0055 2012 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
02:29:22.0055 2012 hwpolicy - ok
02:29:22.0165 2012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:29:22.0165 2012 i8042prt - ok
02:29:22.0274 2012 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
02:29:22.0274 2012 iaStorV - ok
02:29:22.0367 2012 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:29:22.0367 2012 idsvc - ok
02:29:22.0477 2012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:29:22.0477 2012 iirsp - ok
02:29:22.0586 2012 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
02:29:22.0586 2012 IKEEXT - ok
02:29:22.0695 2012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
02:29:22.0695 2012 intelide - ok
02:29:22.0804 2012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:29:22.0804 2012 intelppm - ok
02:29:22.0898 2012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:29:22.0898 2012 IPBusEnum - ok
02:29:23.0007 2012 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:29:23.0007 2012 IpFilterDriver - ok
02:29:23.0147 2012 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
02:29:23.0163 2012 iphlpsvc - ok
02:29:23.0241 2012 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:29:23.0257 2012 IPMIDRV - ok
02:29:23.0350 2012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:29:23.0350 2012 IPNAT - ok
02:29:23.0475 2012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:29:23.0475 2012 IRENUM - ok
02:29:23.0569 2012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
02:29:23.0569 2012 isapnp - ok
02:29:23.0678 2012 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
02:29:23.0678 2012 iScsiPrt - ok
02:29:23.0787 2012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:29:23.0787 2012 kbdclass - ok
02:29:23.0896 2012 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
02:29:23.0896 2012 kbdhid - ok
02:29:24.0005 2012 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:29:24.0005 2012 KeyIso - ok
02:29:24.0037 2012 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
02:29:24.0037 2012 KSecDD - ok
02:29:24.0130 2012 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
02:29:24.0130 2012 KSecPkg - ok
02:29:24.0239 2012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:29:24.0239 2012 ksthunk - ok
02:29:24.0349 2012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:29:24.0349 2012 KtmRm - ok
02:29:24.0458 2012 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
02:29:24.0458 2012 LanmanServer - ok
02:29:24.0551 2012 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
02:29:24.0551 2012 LanmanWorkstation - ok
02:29:24.0723 2012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:29:24.0723 2012 lltdio - ok
02:29:24.0817 2012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:29:24.0817 2012 lltdsvc - ok
02:29:24.0895 2012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:29:24.0895 2012 lmhosts - ok
02:29:25.0004 2012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:29:25.0004 2012 LSI_FC - ok
02:29:25.0113 2012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:29:25.0129 2012 LSI_SAS - ok
02:29:25.0238 2012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:29:25.0238 2012 LSI_SAS2 - ok
02:29:25.0347 2012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:29:25.0347 2012 LSI_SCSI - ok
02:29:25.0456 2012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:29:25.0456 2012 luafv - ok
02:29:25.0534 2012 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
02:29:25.0534 2012 Mcx2Svc - ok
02:29:25.0643 2012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:29:25.0643 2012 megasas - ok
02:29:25.0753 2012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:29:25.0753 2012 MegaSR - ok
02:29:25.0846 2012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:29:25.0846 2012 MMCSS - ok
02:29:25.0971 2012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:29:25.0971 2012 Modem - ok
02:29:26.0065 2012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:29:26.0065 2012 monitor - ok
02:29:26.0189 2012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:29:26.0189 2012 mouclass - ok
02:29:26.0299 2012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:29:26.0299 2012 mouhid - ok
02:29:26.0392 2012 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
02:29:26.0392 2012 mountmgr - ok
02:29:26.0501 2012 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
02:29:26.0501 2012 MpFilter - ok
02:29:26.0611 2012 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
02:29:26.0611 2012 mpio - ok
02:29:26.0720 2012 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
02:29:26.0720 2012 MpNWMon - ok
02:29:26.0829 2012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:29:26.0829 2012 mpsdrv - ok
02:29:26.0923 2012 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
02:29:26.0923 2012 MpsSvc - ok
02:29:27.0032 2012 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
02:29:27.0032 2012 MRxDAV - ok
02:29:27.0141 2012 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:29:27.0141 2012 mrxsmb - ok
02:29:27.0235 2012 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:29:27.0235 2012 mrxsmb10 - ok
02:29:27.0344 2012 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:29:27.0344 2012 mrxsmb20 - ok
02:29:27.0453 2012 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
02:29:27.0453 2012 msahci - ok
02:29:27.0547 2012 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
02:29:27.0547 2012 msdsm - ok
02:29:27.0640 2012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:29:27.0640 2012 MSDTC - ok
02:29:27.0749 2012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:29:27.0749 2012 Msfs - ok
02:29:27.0859 2012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:29:27.0859 2012 mshidkmdf - ok
02:29:27.0952 2012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
02:29:27.0952 2012 msisadrv - ok
02:29:28.0093 2012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:29:28.0093 2012 MSiSCSI - ok
02:29:28.0155 2012 msiserver - ok
02:29:28.0217 2012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:29:28.0217 2012 MSKSSRV - ok
02:29:28.0373 2012 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
02:29:28.0373 2012 MsMpSvc - ok
02:29:28.0467 2012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:29:28.0467 2012 MSPCLOCK - ok
02:29:28.0576 2012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:29:28.0576 2012 MSPQM - ok
02:29:28.0685 2012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
02:29:28.0685 2012 MsRPC - ok
02:29:28.0779 2012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:29:28.0779 2012 mssmbios - ok
02:29:28.0873 2012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:29:28.0873 2012 MSTEE - ok
02:29:28.0982 2012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:29:28.0982 2012 MTConfig - ok
02:29:29.0091 2012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:29:29.0091 2012 Mup - ok
02:29:29.0185 2012 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
02:29:29.0200 2012 napagent - ok
02:29:29.0341 2012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:29:29.0341 2012 NativeWifiP - ok
02:29:29.0497 2012 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
02:29:29.0497 2012 NDIS - ok
02:29:29.0606 2012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:29:29.0606 2012 NdisCap - ok
02:29:29.0731 2012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:29:29.0731 2012 NdisTapi - ok
02:29:29.0887 2012 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
02:29:29.0887 2012 Ndisuio - ok
02:29:29.0980 2012 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:29:29.0980 2012 NdisWan - ok
02:29:30.0089 2012 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
02:29:30.0089 2012 NDProxy - ok
02:29:30.0183 2012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:29:30.0183 2012 NetBIOS - ok
02:29:30.0292 2012 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
02:29:30.0292 2012 NetBT - ok
02:29:30.0370 2012 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:29:30.0370 2012 Netlogon - ok
02:29:30.0480 2012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:29:30.0480 2012 Netman - ok
02:29:30.0573 2012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:29:30.0573 2012 netprofm - ok
02:29:30.0651 2012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:29:30.0651 2012 NetTcpPortSharing - ok
02:29:30.0760 2012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:29:30.0760 2012 nfrd960 - ok
02:29:30.0854 2012 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:29:30.0854 2012 NisDrv - ok
02:29:30.0963 2012 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
02:29:30.0963 2012 NisSrv - ok
02:29:31.0057 2012 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
02:29:31.0057 2012 NlaSvc - ok
02:29:31.0182 2012 NPF (324c4d3c3fc6accb72d5d83986442ebb) C:\Windows\system32\drivers\NPF.sys
02:29:31.0182 2012 NPF - ok
02:29:31.0306 2012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:29:31.0306 2012 Npfs - ok
02:29:31.0400 2012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:29:31.0400 2012 nsi - ok
02:29:31.0494 2012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:29:31.0494 2012 nsiproxy - ok
02:29:31.0634 2012 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
02:29:31.0634 2012 Ntfs - ok
02:29:31.0743 2012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:29:31.0743 2012 Null - ok
02:29:31.0837 2012 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
02:29:31.0837 2012 nvraid - ok
02:29:31.0930 2012 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
02:29:31.0930 2012 nvstor - ok
02:29:32.0008 2012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
02:29:32.0008 2012 nv_agp - ok
02:29:32.0118 2012 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:29:32.0118 2012 odserv - ok
02:29:32.0227 2012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
02:29:32.0227 2012 ohci1394 - ok
02:29:32.0320 2012 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:29:32.0320 2012 ose - ok
02:29:32.0430 2012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:29:32.0430 2012 p2pimsvc - ok
02:29:32.0539 2012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:29:32.0539 2012 p2psvc - ok
02:29:32.0617 2012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:29:32.0617 2012 Parport - ok
02:29:32.0710 2012 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
02:29:32.0710 2012 partmgr - ok
02:29:32.0804 2012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:29:32.0804 2012 PcaSvc - ok
02:29:32.0882 2012 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
02:29:32.0882 2012 pci - ok
02:29:32.0976 2012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
02:29:32.0976 2012 pciide - ok
02:29:33.0069 2012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:29:33.0069 2012 pcmcia - ok
02:29:33.0147 2012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:29:33.0147 2012 pcw - ok
02:29:33.0256 2012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:29:33.0256 2012 PEAUTH - ok
02:29:33.0366 2012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:29:33.0366 2012 PerfHost - ok
02:29:33.0459 2012 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
02:29:33.0475 2012 pla - ok
02:29:33.0600 2012 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
02:29:33.0600 2012 PlugPlay - ok
02:29:33.0693 2012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:29:33.0693 2012 PNRPAutoReg - ok
02:29:33.0787 2012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:29:33.0787 2012 PNRPsvc - ok
02:29:33.0880 2012 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
02:29:33.0896 2012 PolicyAgent - ok
02:29:34.0005 2012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:29:34.0005 2012 Power - ok
02:29:34.0099 2012 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
02:29:34.0099 2012 PptpMiniport - ok
02:29:34.0192 2012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:29:34.0192 2012 Processor - ok
02:29:34.0302 2012 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
02:29:34.0302 2012 ProfSvc - ok
02:29:34.0395 2012 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:29:34.0395 2012 ProtectedStorage - ok
02:29:34.0489 2012 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
02:29:34.0489 2012 Psched - ok
02:29:34.0614 2012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:29:34.0614 2012 ql2300 - ok
02:29:34.0707 2012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:29:34.0707 2012 ql40xx - ok
02:29:34.0801 2012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:29:34.0801 2012 QWAVE - ok
02:29:34.0926 2012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:29:34.0926 2012 QWAVEdrv - ok
02:29:35.0050 2012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:29:35.0050 2012 RasAcd - ok
02:29:35.0160 2012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:29:35.0160 2012 RasAgileVpn - ok
02:29:35.0284 2012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:29:35.0284 2012 RasAuto - ok
02:29:35.0394 2012 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:29:35.0394 2012 Rasl2tp - ok
02:29:35.0487 2012 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
02:29:35.0487 2012 RasMan - ok
02:29:35.0643 2012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:29:35.0643 2012 RasPppoe - ok
02:29:35.0737 2012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:29:35.0737 2012 RasSstp - ok
02:29:35.0830 2012 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
02:29:35.0830 2012 rdbss - ok
02:29:35.0924 2012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:29:35.0924 2012 rdpbus - ok
02:29:36.0002 2012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:29:36.0002 2012 RDPCDD - ok
02:29:36.0096 2012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:29:36.0096 2012 RDPENCDD - ok
02:29:36.0189 2012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:29:36.0189 2012 RDPREFMP - ok
02:29:36.0283 2012 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
02:29:36.0283 2012 RDPWD - ok
02:29:36.0392 2012 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
02:29:36.0392 2012 rdyboost - ok
02:29:36.0486 2012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:29:36.0486 2012 RemoteAccess - ok
02:29:36.0579 2012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:29:36.0579 2012 RemoteRegistry - ok
02:29:36.0673 2012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:29:36.0673 2012 RpcEptMapper - ok
02:29:36.0954 2012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:29:36.0954 2012 RpcLocator - ok
02:29:37.0156 2012 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
02:29:37.0172 2012 RpcSs - ok
02:29:37.0266 2012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:29:37.0266 2012 rspndr - ok
02:29:37.0375 2012 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:29:37.0375 2012 RTL8167 - ok
02:29:37.0468 2012 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:29:37.0468 2012 SamSs - ok
02:29:37.0500 2012 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
02:29:37.0500 2012 sbp2port - ok
02:29:37.0593 2012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:29:37.0593 2012 SCardSvr - ok
02:29:37.0687 2012 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
02:29:37.0687 2012 scfilter - ok
02:29:37.0796 2012 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
02:29:37.0796 2012 Schedule - ok
02:29:37.0890 2012 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:29:37.0890 2012 SCPolicySvc - ok
02:29:37.0983 2012 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
02:29:37.0983 2012 SDRSVC - ok
02:29:38.0077 2012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:29:38.0077 2012 secdrv - ok
02:29:38.0170 2012 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
02:29:38.0170 2012 seclogon - ok
02:29:38.0264 2012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:29:38.0264 2012 SENS - ok
02:29:38.0358 2012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:29:38.0358 2012 SensrSvc - ok
02:29:38.0451 2012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:29:38.0451 2012 Serenum - ok
02:29:38.0545 2012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:29:38.0545 2012 Serial - ok
02:29:38.0623 2012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:29:38.0623 2012 sermouse - ok
02:29:38.0763 2012 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
02:29:38.0763 2012 SessionEnv - ok
02:29:38.0888 2012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
02:29:38.0888 2012 sffdisk - ok
02:29:38.0997 2012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:29:38.0997 2012 sffp_mmc - ok
02:29:39.0075 2012 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:29:39.0075 2012 sffp_sd - ok
02:29:39.0169 2012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:29:39.0169 2012 sfloppy - ok
02:29:39.0262 2012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:29:39.0278 2012 SharedAccess - ok
02:29:39.0372 2012 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
02:29:39.0372 2012 ShellHWDetection - ok
02:29:39.0496 2012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:29:39.0496 2012 SiSRaid2 - ok
02:29:39.0590 2012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:29:39.0590 2012 SiSRaid4 - ok
02:29:39.0684 2012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:29:39.0684 2012 Smb - ok
02:29:39.0762 2012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:29:39.0762 2012 SNMPTRAP - ok
02:29:39.0840 2012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:29:39.0840 2012 spldr - ok
02:29:39.0933 2012 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
02:29:39.0949 2012 Spooler - ok
02:29:40.0120 2012 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
02:29:40.0136 2012 sppsvc - ok
02:29:40.0230 2012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:29:40.0230 2012 sppuinotify - ok
02:29:40.0339 2012 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
02:29:40.0339 2012 srv - ok
02:29:40.0448 2012 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
02:29:40.0448 2012 srv2 - ok
02:29:40.0542 2012 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
02:29:40.0542 2012 srvnet - ok
02:29:40.0635 2012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:29:40.0635 2012 SSDPSRV - ok
02:29:40.0729 2012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:29:40.0729 2012 SstpSvc - ok
02:29:40.0947 2012 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
02:29:40.0947 2012 STacSV - ok
02:29:41.0056 2012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:29:41.0056 2012 stexstor - ok
02:29:41.0228 2012 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
02:29:41.0228 2012 STHDA - ok
02:29:41.0353 2012 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
02:29:41.0353 2012 stisvc - ok
02:29:41.0446 2012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:29:41.0446 2012 swenum - ok
02:29:41.0540 2012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:29:41.0556 2012 swprv - ok
02:29:41.0696 2012 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
02:29:41.0712 2012 SysMain - ok
02:29:41.0790 2012 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
02:29:41.0805 2012 TabletInputService - ok
02:29:41.0883 2012 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
02:29:41.0899 2012 TapiSrv - ok
02:29:41.0977 2012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:29:41.0977 2012 TBS - ok
02:29:42.0117 2012 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
02:29:42.0133 2012 Tcpip - ok
02:29:42.0273 2012 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
02:29:42.0289 2012 TCPIP6 - ok
02:29:42.0367 2012 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
02:29:42.0367 2012 tcpipreg - ok
02:29:42.0460 2012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:29:42.0460 2012 TDPIPE - ok
02:29:42.0554 2012 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
02:29:42.0554 2012 TDTCP - ok
02:29:42.0663 2012 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
02:29:42.0663 2012 tdx - ok
02:29:42.0757 2012 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
02:29:42.0757 2012 TermDD - ok
02:29:42.0850 2012 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
02:29:42.0850 2012 TermService - ok
02:29:42.0944 2012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:29:42.0944 2012 Themes - ok
02:29:43.0022 2012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:29:43.0022 2012 THREADORDER - ok
02:29:43.0069 2012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:29:43.0069 2012 TrkWks - ok
02:29:43.0131 2012 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
02:29:43.0147 2012 TrustedInstaller - ok
02:29:43.0225 2012 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:29:43.0225 2012 tssecsrv - ok
02:29:43.0350 2012 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
02:29:43.0350 2012 tunnel - ok
02:29:43.0459 2012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:29:43.0459 2012 uagp35 - ok
02:29:43.0568 2012 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
02:29:43.0568 2012 udfs - ok
02:29:43.0662 2012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:29:43.0662 2012 UI0Detect - ok
02:29:43.0755 2012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:29:43.0755 2012 uliagpkx - ok
02:29:43.0864 2012 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
02:29:43.0864 2012 umbus - ok
02:29:43.0880 2012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:29:43.0880 2012 UmPass - ok
02:29:43.0974 2012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:29:43.0989 2012 upnphost - ok
02:29:44.0067 2012 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
02:29:44.0067 2012 usbccgp - ok
02:29:44.0192 2012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
02:29:44.0192 2012 usbcir - ok
02:29:44.0301 2012 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
02:29:44.0301 2012 usbehci - ok
02:29:44.0410 2012 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
02:29:44.0410 2012 usbhub - ok
02:29:44.0504 2012 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:29:44.0504 2012 usbohci - ok
02:29:44.0598 2012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:29:44.0598 2012 usbprint - ok
02:29:44.0613 2012 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:29:44.0613 2012 USBSTOR - ok
02:29:44.0707 2012 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:29:44.0707 2012 usbuhci - ok
02:29:44.0816 2012 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
02:29:44.0816 2012 usbvideo - ok
02:29:44.0894 2012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:29:44.0894 2012 UxSms - ok
02:29:44.0941 2012 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:29:44.0941 2012 VaultSvc - ok
02:29:45.0050 2012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:29:45.0050 2012 vdrvroot - ok
02:29:45.0128 2012 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
02:29:45.0144 2012 vds - ok
02:29:45.0253 2012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:29:45.0253 2012 vga - ok
02:29:45.0331 2012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:29:45.0331 2012 VgaSave - ok
02:29:45.0424 2012 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
02:29:45.0440 2012 vhdmp - ok
02:29:45.0518 2012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
02:29:45.0518 2012 viaide - ok
02:29:45.0612 2012 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
02:29:45.0612 2012 volmgr - ok
02:29:45.0705 2012 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
02:29:45.0721 2012 volmgrx - ok
02:29:45.0799 2012 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
02:29:45.0814 2012 volsnap - ok
02:29:45.0939 2012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:29:45.0939 2012 vsmraid - ok
02:29:46.0048 2012 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
02:29:46.0064 2012 VSS - ok
02:29:46.0173 2012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:29:46.0173 2012 vwifibus - ok
02:29:46.0345 2012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:29:46.0345 2012 vwififlt - ok
02:29:46.0438 2012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:29:46.0438 2012 W32Time - ok
02:29:46.0532 2012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:29:46.0532 2012 WacomPen - ok
02:29:46.0688 2012 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:29:46.0688 2012 WANARP - ok
02:29:46.0704 2012 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:29:46.0704 2012 Wanarpv6 - ok
02:29:46.0891 2012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:29:46.0906 2012 WatAdminSvc - ok
02:29:47.0031 2012 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
02:29:47.0047 2012 wbengine - ok
02:29:47.0140 2012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:29:47.0140 2012 WbioSrvc - ok
02:29:47.0234 2012 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
02:29:47.0234 2012 wcncsvc - ok
02:29:47.0328 2012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:29:47.0328 2012 WcsPlugInService - ok
02:29:47.0406 2012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:29:47.0406 2012 Wd - ok
02:29:47.0546 2012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:29:47.0562 2012 Wdf01000 - ok
02:29:47.0640 2012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:29:47.0640 2012 WdiServiceHost - ok
02:29:47.0655 2012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:29:47.0655 2012 WdiSystemHost - ok
02:29:47.0749 2012 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
02:29:47.0749 2012 WebClient - ok
02:29:47.0842 2012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:29:47.0842 2012 Wecsvc - ok
02:29:47.0920 2012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:29:47.0936 2012 wercplsupport - ok
02:29:48.0014 2012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:29:48.0014 2012 WerSvc - ok
02:29:48.0123 2012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:29:48.0123 2012 WfpLwf - ok
02:29:48.0232 2012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:29:48.0232 2012 WIMMount - ok
02:29:48.0248 2012 WinDefend - ok
02:29:48.0264 2012 WinHttpAutoProxySvc - ok
02:29:48.0357 2012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:29:48.0357 2012 Winmgmt - ok
02:29:48.0591 2012 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
02:29:48.0607 2012 WinRM - ok
02:29:48.0716 2012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:29:48.0732 2012 Wlansvc - ok
02:29:48.0810 2012 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
02:29:48.0810 2012 wltrysvc - ok
02:29:48.0934 2012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:29:48.0934 2012 WmiAcpi - ok
02:29:49.0044 2012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:29:49.0044 2012 wmiApSrv - ok
02:29:49.0075 2012 WMPNetworkSvc - ok
02:29:49.0168 2012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:29:49.0168 2012 WPCSvc - ok
02:29:49.0262 2012 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
02:29:49.0262 2012 WPDBusEnum - ok
02:29:49.0340 2012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:29:49.0356 2012 ws2ifsl - ok
02:29:49.0480 2012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:29:49.0480 2012 wscsvc - ok
02:29:49.0543 2012 WSearch - ok
02:29:49.0621 2012 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
02:29:49.0636 2012 wuauserv - ok
02:29:49.0730 2012 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
02:29:49.0730 2012 WudfPf - ok
02:29:49.0870 2012 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:29:49.0870 2012 WUDFRd - ok
02:29:49.0964 2012 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
02:29:49.0980 2012 wudfsvc - ok
02:29:50.0073 2012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:29:50.0073 2012 WwanSvc - ok
02:29:50.0136 2012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:29:50.0198 2012 \Device\Harddisk0\DR0 - ok
02:29:50.0494 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
02:29:50.0494 2012 \Device\Harddisk1\DR1 - ok
02:29:50.0947 2012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
02:29:50.0947 2012 \Device\Harddisk2\DR2 - ok
02:29:50.0978 2012 Boot (0x1200) (0a47deeaa2c6dd8f50e703d8eb2552b5) \Device\Harddisk0\DR0\Partition0
02:29:50.0978 2012 \Device\Harddisk0\DR0\Partition0 - ok
02:29:51.0009 2012 Boot (0x1200) (4edc2865ba1745f78d462105a837cf47) \Device\Harddisk0\DR0\Partition1
02:29:51.0009 2012 \Device\Harddisk0\DR0\Partition1 - ok
02:29:51.0009 2012 Boot (0x1200) (ab2e1f8fb7bd4ca77bc82dee312d12ec) \Device\Harddisk1\DR1\Partition0
02:29:51.0009 2012 \Device\Harddisk1\DR1\Partition0 - ok
02:29:51.0009 2012 Boot (0x1200) (5a3a27a69b0981ba146cac2d0db56f24) \Device\Harddisk2\DR2\Partition0
02:29:51.0025 2012 \Device\Harddisk2\DR2\Partition0 - ok
02:29:51.0025 2012 ============================================================
02:29:51.0025 2012 Scan finished
02:29:51.0025 2012 ============================================================
02:29:51.0025 3240 Detected object count: 0
02:29:51.0025 3240 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 02:34:50
-----------------------------
02:34:50.298 OS Version: Windows x64 6.1.7600
02:34:50.298 Number of processors: 2 586 0x603
02:34:50.298 ComputerName: GREEN UserName: Ken
02:34:51.141 Initialize success
02:35:10.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:35:10.939 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002D Size: 305245MB BusType: 11
02:35:10.986 Disk 0 MBR read successfully
02:35:10.986 Disk 0 MBR scan
02:35:11.001 Disk 0 Windows 7 default MBR code
02:35:11.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 3122 MB offset 2048
02:35:11.017 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 302114 MB offset 6409936
02:35:11.032 Disk 0 scanning C:\Windows\system32\drivers
02:35:15.104 Service scanning
02:35:30.252 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
02:35:47.724 Modules scanning
02:35:47.724 Disk 0 trace - called modules:
02:35:47.771 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:35:47.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030ce060]
02:35:47.786 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f83060]
02:35:47.786 Scan finished successfully
02:36:00.079 Disk 0 MBR has been saved successfully to "C:\Users\Ken\Desktop\MBR.dat"
02:36:00.079 The log file has been saved successfully to "C:\Users\Ken\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 19 April 2012 - 08:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 19 April 2012 - 08:49 PM

No problems, everything appears to be OK.


ComboFix 12-04-18.02 - Ken 04/19/2012 21:33:18.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1769 [GMT -4:00]
Running from: c:\users\Ken\Desktop\ComboFix.exe
Command switches used :: c:\users\Ken\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 01:37 . 2012-04-20 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 01:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1DD11D8-09CF-4969-AA5D-6CAF347FE175}\mpengine.dll
2012-04-19 10:49 . 2012-04-19 10:49 -------- d-----w- c:\program files (x86)\CDisplay
2012-04-19 10:40 . 2012-04-19 10:40 -------- d-----w- c:\program files (x86)\PrintKey2000
2012-04-19 10:37 . 2012-04-19 10:37 -------- d-----w- c:\program files (x86)\AsfTools 3.1
2012-04-19 09:09 . 2012-04-19 09:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-19 09:09 . 2012-04-19 09:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 09:08 . 2012-04-19 09:08 -------- d-----w- c:\program files (x86)\Java
2012-04-19 07:30 . 2012-04-19 07:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-19 07:30 . 2012-04-19 07:30 -------- d-----r- c:\program files (x86)\Skype
2012-04-19 07:30 . 2012-04-19 07:30 -------- d-----w- c:\programdata\Skype
2012-04-19 06:20 . 2010-01-20 19:55 601088 ----a-w- c:\windows\system32\ctapo64.dll
2012-04-19 06:20 . 2010-01-20 19:55 524288 ----a-w- c:\windows\system32\ctapo32.dll
2012-04-19 06:20 . 2010-01-12 06:03 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-04-19 06:20 . 2009-10-10 04:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-04-19 06:20 . 2009-03-03 05:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-04-19 06:19 . 2012-04-19 06:19 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-04-19 06:12 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-04-19 01:27 . 2012-04-19 01:27 -------- d-----w- c:\program files (x86)\Cisco
2012-04-19 01:24 . 2012-04-19 01:24 -------- d-----w- C:\dell
2012-04-19 01:18 . 2012-04-19 01:18 -------- d-----w- c:\windows\SysWow64\Dell
2012-04-19 01:18 . 2012-04-19 01:18 -------- d-----w- c:\program files (x86)\Dell
2012-04-18 23:57 . 2012-04-18 23:57 -------- d-----w- c:\windows\PCHEALTH
2012-04-18 23:57 . 2012-04-18 23:57 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-18 23:53 . 2012-04-18 23:59 -------- d-----w- c:\programdata\Microsoft Help
2012-04-18 23:53 . 2012-04-18 23:53 -------- d-----r- C:\MSOCache
2012-04-18 08:28 . 2012-04-18 08:29 -------- d-----w- c:\windows\rescache
2012-04-18 07:50 . 2012-04-18 07:50 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-18 07:50 . 2012-04-18 07:50 -------- d-----w- c:\windows\system32\Wat
2012-04-18 07:22 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-18 07:22 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-04-18 07:13 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-18 07:13 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-18 07:13 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-18 07:13 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-18 07:13 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-18 07:13 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-18 07:13 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-18 07:13 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll







2012-04-18 07:13 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-18 07:13 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-18 07:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-18 07:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-18 07:02 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-18 07:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-18 07:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-18 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-18 07:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-18 00:31 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-04-18 00:31 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-04-18 00:31 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-04-18 00:31 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-04-18 00:31 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-04-18 00:31 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2012-04-18 00:31 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2012-04-18 00:29 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-18 00:28 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2012-04-18 00:27 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2012-04-18 00:26 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2012-04-18 00:26 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2012-04-18 00:26 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-18 00:24 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-17 10:25 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-17 10:22 . 2012-04-17 10:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-17 10:19 . 2012-04-19 09:00 -------- d-----w- c:\program files (x86)\JDownloader
2012-04-17 10:08 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-17 10:08 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-04-17 10:08 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-04-17 10:08 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-04-17 10:08 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2012-04-17 10:08 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-04-17 10:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-04-17 10:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-04-17 10:08 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-04-17 10:08 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2012-04-17 09:46 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-04-17 09:46 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-04-17 09:46 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-17 09:46 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-17 07:46 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-17 07:46 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-16 23:07 . 2012-04-16 23:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-04-16 21:54 . 2012-04-16 21:54 -------- d-----w- c:\program files\Google
2012-04-16 21:53 . 2012-04-17 10:23 -------- d-----w- c:\program files (x86)\Google
2012-04-16 11:39 . 2012-04-17 10:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 11:39 . 2012-04-17 10:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 11:39 . 2012-04-16 11:39 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-16 11:39 . 2012-04-16 11:39 -------- d-----w- c:\windows\system32\Macromed
2012-04-16 10:36 . 2012-04-16 10:36 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-16 10:10 . 2012-04-16 10:10 116016 ----a-w- c:\windows\system32\drivers\39057433.sys
2012-04-16 10:06 . 2012-04-16 10:06 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-16 09:40 . 2012-04-16 09:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 09:40 . 2012-04-17 10:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 08:50 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-16 08:50 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-16 08:50 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-16 08:50 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-04-16 08:50 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-04-16 08:50 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-16 08:50 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-16 08:50 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-16 08:50 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-16 08:41 . 2012-04-16 08:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDF73A3C-2F8C-42C7-8713-0C2070932355}\gapaengine.dll
2012-04-16 08:40 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{039FD789-7ED3-42CF-B8EE-32D61AB72BE4}\mpengine.dll
2012-04-16 08:40 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-16 08:38 . 2012-04-16 08:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-16 08:38 . 2012-04-19 09:09 -------- d-sh--w- c:\windows\Installer
2012-04-16 08:38 . 2012-04-16 08:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-16 08:38 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-16 08:23 . 2012-04-20 00:05 -------- d-----w- c:\users\Ken
2012-04-16 08:23 . 2012-04-16 08:23 -------- d-----w- C:\Recovery
2012-04-15 12:44 . 2012-04-16 08:23 -------- d-----w- c:\windows\Panther
2012-04-15 12:43 . 2012-04-15 12:43 -------- d-----w- c:\windows\system32\oem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-20_00.50.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-16 11:16 . 2012-04-20 01:17 15144 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 01:17 24296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-16 11:15 . 2012-04-20 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-16 11:15 . 2012-04-20 01:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-16 11:15 . 2012-04-20 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-16 11:15 . 2012-04-20 01:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-19 01:30 . 2012-04-20 01:15 1988 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-16 08:45 . 2012-04-20 01:17 4140 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079084364-1985396585-3915309284-1000_UserData.bin
+ 2012-04-20 01:00 . 2012-04-20 01:00 9560 c:\windows\system32\NetworkList\Icons\{30692307-5448-434C-BDB4-AC997C159371}_48.bin
+ 2012-04-20 01:00 . 2012-04-20 01:00 4280 c:\windows\system32\NetworkList\Icons\{30692307-5448-434C-BDB4-AC997C159371}_32.bin
+ 2012-04-20 01:00 . 2012-04-20 01:00 2456 c:\windows\system32\NetworkList\Icons\{30692307-5448-434C-BDB4-AC997C159371}_24.bin
- 2012-04-20 00:49 . 2012-04-20 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-20 01:38 . 2012-04-20 01:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-20 01:38 . 2012-04-20 01:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-20 00:49 . 2012-04-20 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-20 00:01 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-20 01:20 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-20 00:01 104702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-20 01:20 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2012-04-20 00:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-20 01:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2012-4-19 869376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 10:27]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 10:23]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-17 10:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-19 21:43:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 01:43
ComboFix2.txt 2012-04-20 01:20
ComboFix3.txt 2012-04-18 23:23
.
Pre-Run: 282,358,034,432 bytes free
Post-Run: 282,231,111,680 bytes free
.
- - End Of File - - 79A1F0B7B4F238AA63C5B04DDA7515AB

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 19 April 2012 - 09:22 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 20 April 2012 - 12:36 AM

Adobe Reader X (10.1.3)
Amazon Kindle
AsfTools 3.1 (remove only)
CDisplay 1.8
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
IDT Audio
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
PrintKey2000
Skype™ 5.9
VLC media player 2.0.1

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 20 April 2012 - 01:04 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 20 April 2012 - 11:46 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ken :: GREEN [administrator]

4/20/2012 11:41:52 AM
mbam-log-2012-04-20 (11-41-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196175
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:30 PM, on 4/20/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
G:\[ TV & Movies\New folder\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Printkey2000.lnk = C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7735 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 20 April 2012 - 01:30 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Waster555

Waster555
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 21 April 2012 - 09:58 AM

ESET scan results:

C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\668385a9-311a5062 Java/Exploit.Agent.NBB trojan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 21 April 2012 - 01:33 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users