Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Security Shield 2012 but Google still redirects.


  • This topic is locked This topic is locked
30 replies to this topic

#1 ShayneJ

ShayneJ

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 24 April 2012 - 08:40 PM

My computer was infected with Security Sheild 2012. I followed your removal guide and everything seems fine except a couple of issues.

1. - When I use Google, all of the links redirect me to other sites (such as "happili.com").

2. - This is probably related to #1, but I have noticed even after a reboot, I always have 2 - 10 "Iexplorer.exe" processes running, even though I NEVER run IE. I kill the processes, but I always have at least 2 or 3 start back up.

Here are the logs (from the "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help").



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Shayne at 20:17:14 on 2012-04-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5852 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdiserv.exe
C:\Windows\system32\lxdicoms.exe
C:\Windows\system32\lxdqcoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\inetsrv\wmsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Shayne\AppData\Local\MSoft\VerCheck\VerCheck.exe
C:\Users\Shayne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\mstsc.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: COmeaHelper Object: {09628aaa-66ad-4fa2-82e2-698185b66463} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Omea: {35402c01-1777-4159-9aba-3480ba70d90a} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [VerCheck] "C:\Users\Shayne\AppData\Local\MSoft\VerCheck\VerCheck.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Shayne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shayne\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip and Edit - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
IE: Clip and Save - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Subscribe to Feed - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: epaycashier.com\secure
Trusted Zone: freerealms.com
Trusted Zone: oddsmaker.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 12.27.222.9 12.27.223.9
TCP: Interfaces\{41C05E2A-9C73-4477-8D92-AEC4F6F8437D} : DhcpNameServer = 12.27.222.9 12.27.223.9
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: COmeaHelper Object: {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll
BHO-X64: IexploreOmea - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
BHO-X64: Zynga - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Omea: {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shayne\AppData\Roaming\Mozilla\Firefox\Profiles\5j5nt4nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdiserv.exe [2007-6-11 33712]
R2 lxdq_device;lxdq_device;C:\Windows\system32\lxdqcoms.exe -service --> C:\Windows\system32\lxdqcoms.exe -service [?]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-30 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-1 2271608]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R2 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S1 uxinpxoq;uxinpxoq;\??\C:\Windows\system32\drivers\uxinpxoq.sys --> C:\Windows\system32\drivers\uxinpxoq.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-26 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2011-2-19 169424]
S3 ANTS Performance Profiler 6 Service;ANTS Performance Profiler 6 Service;C:\Program Files\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe [2011-2-19 151488]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-4-3 25832]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-24 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-26 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2010-3-25 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2010-3-25 218608]
S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-4-24 210784]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
.
=============== Created Last 30 ================
.
2012-04-25 01:04:03 50000 ----a-w- C:\Windows\System32\drivers\uxinpxoq.sys
2012-04-25 00:53:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9210E2EB-5A0E-41D7-8DFA-C72DE1766FF0}\offreg.dll
2012-04-25 00:52:14 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9210E2EB-5A0E-41D7-8DFA-C72DE1766FF0}\mpengine.dll
2012-04-25 00:31:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-24 05:49:19 98816 ----a-w- C:\Windows\sed.exe
2012-04-24 05:49:19 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-24 05:49:19 256000 ----a-w- C:\Windows\PEV.exe
2012-04-24 05:49:19 208896 ----a-w- C:\Windows\MBR.exe
2012-04-24 04:27:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-23 19:22:57 -------- d-----w- C:\Users\Shayne\AppData\Local\{BB1DE994-8D79-11E1-826D-B8AC6F996F26}
2012-04-23 19:22:28 -------- d-----w- C:\Users\Shayne\AppData\Local\MSoft
2012-04-23 03:44:53 -------- d-----w- C:\Users\Shayne\AppData\Local\Fellowes
2012-04-11 08:03:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 08:03:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:03:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 08:00:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 08:00:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 08:00:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 08:00:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 08:00:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 08:00:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 08:00:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 02:16:20 -------- d-----w- C:\Program Files\iTunes
2012-04-10 02:16:20 -------- d-----w- C:\Program Files\iPod
2012-04-10 02:16:20 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-01 03:28:11 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 03:28:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 02:44:34 1393736 ----a-w- C:\Users\Shayne\gotomypc_635.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:17:31.26 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 01:25 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 07:31 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 25
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Shayne Downloads Virus Removal SecurityCheck.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 07:55 AM

let me have the combofix report when it is done


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 08:09 AM

ComboFix 12-04-25.01 - Shayne 04/25/2012 7:32.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5871 [GMT -5:00]
Running from: c:\users\Shayne\Downloads\Virus Removal\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\TekTrak\AppData\Local\temp
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\TekTrak.IIS APPPOOL\AppData\Local\temp
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-04-25 12:40 . 2012-04-25 12:40 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2012-04-25 01:04 . 2012-04-25 01:04 50000 ----a-w- c:\windows\system32\drivers\uxinpxoq.sys
2012-04-25 00:53 . 2012-04-25 00:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9210E2EB-5A0E-41D7-8DFA-C72DE1766FF0}\offreg.dll
2012-04-25 00:52 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9210E2EB-5A0E-41D7-8DFA-C72DE1766FF0}\mpengine.dll
2012-04-24 04:27 . 2012-04-24 04:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-23 19:22 . 2012-04-23 19:22 -------- d-----w- c:\users\Shayne\AppData\Local\{BB1DE994-8D79-11E1-826D-B8AC6F996F26}
2012-04-23 19:22 . 2012-04-23 19:22 -------- d-----w- c:\users\Shayne\AppData\Local\MSoft
2012-04-23 03:44 . 2012-04-23 03:44 -------- d-----w- c:\users\Shayne\AppData\Local\Fellowes
2012-04-11 08:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files\iTunes
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files (x86)\iTunes
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files\iPod
2012-04-01 03:28 . 2012-04-01 03:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2010-06-04 03:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 03:28 . 2011-05-25 03:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 08:08 . 2010-05-31 07:16 2536576 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-08 09:06 . 2012-03-08 09:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 09:06 . 2012-03-08 09:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 15:18 . 2010-03-25 02:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 02:44 . 2012-02-22 02:44 1393736 ----a-w- c:\users\Shayne\gotomypc_635.exe
2012-02-17 06:38 . 2012-03-13 19:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 03:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 03:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 03:15 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_08.27.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 04:41 . 2012-04-25 00:32 54484 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-01 03:39 40874 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 00:32 40874 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-25 02:14 . 2012-04-25 00:32 16772 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4149536671-4042070909-4021816394-1001_UserData.bin
- 2010-03-25 02:13 . 2012-04-20 06:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 02:13 . 2012-04-25 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-24 06:01 . 2012-04-24 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 00:29 . 2012-04-25 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 00:29 . 2012-04-25 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-24 06:01 . 2012-04-24 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-24 06:06 852798 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 00:36 852798 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 00:36 196130 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-24 06:06 196130 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-24 01:58 535100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 00:28 535100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-02 04:33 . 2012-04-25 00:28 6223116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4149536671-4042070909-4021816394-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyn2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 39408]
"VerCheck"="c:\users\Shayne\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-23 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 uxinpxoq;uxinpxoq;c:\windows\system32\drivers\uxinpxoq.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2011-02-19 169424]
R3 ANTS Performance Profiler 6 Service;ANTS Performance Profiler 6 Service;c:\program files\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe [2011-02-19 151488]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-25 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S2 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 22193834
*NewlyCreated* - 82870542
*Deregistered* - 22193834
*Deregistered* - 82870542
*Deregistered* - aswMBR
*Deregistered* - ElbyCDIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:28]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 01:28]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"cuatbc"="c:\users\Shayne\AppData\Local\Temp\cuatbc.dll" [BU]
"weaper"="c:\users\Shayne\AppData\Local\Temp\weaper.dll" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AMDPCI
tgsrvc_smartagent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip and Edit - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Subscribe to Feed - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: epaycashier.com\secure
Trusted Zone: freerealms.com
Trusted Zone: oddsmaker.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 12.27.222.9 12.27.223.9
FF - ProfilePath - c:\users\Shayne\AppData\Roaming\Mozilla\Firefox\Profiles\5j5nt4nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-25 07:54:28
ComboFix-quarantined-files.txt 2012-04-25 12:54
ComboFix2.txt 2012-04-25 00:38
ComboFix3.txt 2012-04-24 08:33
.
Pre-Run: 216,546,115,584 bytes free
Post-Run: 216,581,885,952 bytes free
.
- - End Of File - - A267D8BFFFC22F196AF599BDF24EC754

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 08:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 08:19 AM

I no longer have Iexplore.exe running and right now, my Google links are NOT redirecting anymore. So.... everything seems well.

(I was going to send you a donation, but I thought it might be wise to get my system clean first instead of putting in my paypal password on a possibly compromised system, lol)

Shayne

Ok. I made those comments before running TDSSKiller or aswMBR.. Running them now.

#8 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 08:21 AM

08:19:55.0171 0692 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
08:19:55.0495 0692 ============================================================
08:19:55.0495 0692 Current date / time: 2012/04/25 08:19:55.0495
08:19:55.0495 0692 SystemInfo:
08:19:55.0495 0692
08:19:55.0495 0692 OS Version: 6.1.7601 ServicePack: 1.0
08:19:55.0495 0692 Product type: Workstation
08:19:55.0495 0692 ComputerName: SHAYNE-PC
08:19:55.0495 0692 UserName: Shayne
08:19:55.0495 0692 Windows directory: C:\Windows
08:19:55.0495 0692 System windows directory: C:\Windows
08:19:55.0495 0692 Running under WOW64
08:19:55.0495 0692 Processor architecture: Intel x64
08:19:55.0495 0692 Number of processors: 2
08:19:55.0495 0692 Page size: 0x1000
08:19:55.0495 0692 Boot type: Normal boot
08:19:55.0495 0692 ============================================================
08:19:56.0220 0692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:19:56.0228 0692 Drive \Device\Harddisk1\DR1 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:19:56.0236 0692 ============================================================
08:19:56.0236 0692 \Device\Harddisk0\DR0:
08:19:56.0237 0692 MBR partitions:
08:19:56.0237 0692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:19:56.0237 0692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
08:19:56.0237 0692 \Device\Harddisk1\DR1:
08:19:56.0237 0692 MBR partitions:
08:19:56.0237 0692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
08:19:56.0237 0692 ============================================================
08:19:56.0277 0692 C: <-> \Device\Harddisk0\DR0\Partition1
08:19:56.0294 0692 F: <-> \Device\Harddisk1\DR1\Partition0
08:19:56.0294 0692 ============================================================
08:19:56.0294 0692 Initialize success
08:19:56.0294 0692 ============================================================
08:20:12.0717 1624 ============================================================
08:20:12.0717 1624 Scan started
08:20:12.0717 1624 Mode: Manual;
08:20:12.0717 1624 ============================================================
08:20:13.0803 1624 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:20:13.0804 1624 1394ohci - ok
08:20:13.0831 1624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:20:13.0833 1624 ACPI - ok
08:20:13.0842 1624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:20:13.0842 1624 AcpiPmi - ok
08:20:13.0885 1624 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
08:20:13.0886 1624 adfs - ok
08:20:14.0027 1624 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:20:14.0029 1624 AdobeFlashPlayerUpdateSvc - ok
08:20:14.0089 1624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:20:14.0091 1624 adp94xx - ok
08:20:14.0142 1624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:20:14.0143 1624 adpahci - ok
08:20:14.0166 1624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:20:14.0167 1624 adpu320 - ok
08:20:14.0192 1624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:20:14.0192 1624 AeLookupSvc - ok
08:20:14.0257 1624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:20:14.0260 1624 AFD - ok
08:20:14.0308 1624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:20:14.0309 1624 agp440 - ok
08:20:14.0326 1624 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:20:14.0327 1624 ALG - ok
08:20:14.0341 1624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:20:14.0342 1624 aliide - ok
08:20:14.0354 1624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:20:14.0355 1624 amdide - ok
08:20:14.0386 1624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:20:14.0387 1624 AmdK8 - ok
08:20:14.0406 1624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:20:14.0406 1624 AmdPPM - ok
08:20:14.0426 1624 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:20:14.0427 1624 amdsata - ok
08:20:14.0457 1624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:20:14.0458 1624 amdsbs - ok
08:20:14.0472 1624 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:20:14.0472 1624 amdxata - ok
08:20:14.0599 1624 ANTS Memory Profiler 7 Service (30055cc5b035dd3367a34317aea86309) C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe
08:20:14.0600 1624 ANTS Memory Profiler 7 Service - ok
08:20:14.0658 1624 ANTS Performance Profiler 6 Service (8f946701c421e481182710634bbf24fe) C:\Program Files\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe
08:20:14.0659 1624 ANTS Performance Profiler 6 Service - ok
08:20:14.0716 1624 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
08:20:14.0716 1624 AppHostSvc - ok
08:20:14.0767 1624 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:20:14.0767 1624 AppID - ok
08:20:14.0791 1624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:20:14.0792 1624 AppIDSvc - ok
08:20:14.0829 1624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:20:14.0830 1624 Appinfo - ok
08:20:14.0928 1624 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:20:14.0929 1624 Apple Mobile Device - ok
08:20:14.0959 1624 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:20:14.0960 1624 AppMgmt - ok
08:20:14.0984 1624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:20:14.0985 1624 arc - ok
08:20:15.0004 1624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:20:15.0004 1624 arcsas - ok
08:20:15.0087 1624 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
08:20:15.0087 1624 AsIO - ok
08:20:15.0193 1624 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:20:15.0194 1624 aspnet_state - ok
08:20:15.0217 1624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:20:15.0217 1624 AsyncMac - ok
08:20:15.0259 1624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:20:15.0259 1624 atapi - ok
08:20:15.0337 1624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:15.0340 1624 AudioEndpointBuilder - ok
08:20:15.0346 1624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:15.0349 1624 AudioSrv - ok
08:20:15.0401 1624 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:20:15.0401 1624 AxInstSV - ok
08:20:15.0458 1624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:20:15.0460 1624 b06bdrv - ok
08:20:15.0488 1624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:20:15.0489 1624 b57nd60a - ok
08:20:15.0601 1624 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:20:15.0602 1624 BBSvc - ok
08:20:15.0702 1624 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:20:15.0708 1624 BCM43XX - ok
08:20:15.0732 1624 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:20:15.0733 1624 BDESVC - ok
08:20:15.0766 1624 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:20:15.0766 1624 Beep - ok
08:20:15.0846 1624 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:20:15.0849 1624 BFE - ok
08:20:15.0899 1624 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:20:15.0904 1624 BITS - ok
08:20:15.0929 1624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:20:15.0929 1624 blbdrive - ok
08:20:16.0007 1624 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:20:16.0009 1624 Bonjour Service - ok
08:20:16.0059 1624 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:20:16.0059 1624 bowser - ok
08:20:16.0078 1624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:20:16.0079 1624 BrFiltLo - ok
08:20:16.0099 1624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:20:16.0099 1624 BrFiltUp - ok
08:20:16.0119 1624 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:20:16.0120 1624 BridgeMP - ok
08:20:16.0154 1624 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:20:16.0155 1624 Browser - ok
08:20:16.0188 1624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:20:16.0190 1624 Brserid - ok
08:20:16.0205 1624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:20:16.0205 1624 BrSerWdm - ok
08:20:16.0219 1624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:20:16.0220 1624 BrUsbMdm - ok
08:20:16.0235 1624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:20:16.0236 1624 BrUsbSer - ok
08:20:16.0258 1624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:20:16.0259 1624 BTHMODEM - ok
08:20:16.0306 1624 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:20:16.0307 1624 bthserv - ok
08:20:16.0309 1624 catchme - ok
08:20:16.0342 1624 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:20:16.0342 1624 cdfs - ok
08:20:16.0387 1624 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:20:16.0388 1624 cdrom - ok
08:20:16.0412 1624 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:16.0413 1624 CertPropSvc - ok
08:20:16.0450 1624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:20:16.0451 1624 circlass - ok
08:20:16.0481 1624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:20:16.0483 1624 CLFS - ok
08:20:16.0534 1624 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:16.0534 1624 clr_optimization_v2.0.50727_32 - ok
08:20:16.0578 1624 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:20:16.0578 1624 clr_optimization_v2.0.50727_64 - ok
08:20:16.0673 1624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:20:16.0674 1624 clr_optimization_v4.0.30319_32 - ok
08:20:16.0702 1624 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:20:16.0703 1624 clr_optimization_v4.0.30319_64 - ok
08:20:16.0734 1624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:20:16.0734 1624 CmBatt - ok
08:20:16.0767 1624 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:20:16.0768 1624 cmdide - ok
08:20:16.0828 1624 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:20:16.0830 1624 CNG - ok
08:20:16.0854 1624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:20:16.0855 1624 Compbatt - ok
08:20:16.0877 1624 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:20:16.0877 1624 CompositeBus - ok
08:20:16.0886 1624 COMSysApp - ok
08:20:16.0899 1624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:20:16.0899 1624 crcdisk - ok
08:20:16.0954 1624 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:20:16.0955 1624 CryptSvc - ok
08:20:17.0016 1624 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:20:17.0018 1624 CSC - ok
08:20:17.0061 1624 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:20:17.0065 1624 CscService - ok
08:20:17.0112 1624 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
08:20:17.0113 1624 CVirtA - ok
08:20:17.0226 1624 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
08:20:17.0233 1624 CVPND - ok
08:20:17.0339 1624 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys
08:20:17.0341 1624 CVPNDRVA - ok
08:20:17.0436 1624 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
08:20:17.0436 1624 DAUpdaterSvc - ok
08:20:17.0510 1624 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:17.0514 1624 DcomLaunch - ok
08:20:17.0557 1624 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:20:17.0559 1624 defragsvc - ok
08:20:17.0594 1624 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:20:17.0595 1624 DfsC - ok
08:20:17.0627 1624 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:20:17.0629 1624 Dhcp - ok
08:20:17.0642 1624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:20:17.0643 1624 discache - ok
08:20:17.0659 1624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:20:17.0659 1624 Disk - ok
08:20:17.0703 1624 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
08:20:17.0704 1624 DNE - ok
08:20:17.0753 1624 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:20:17.0754 1624 Dnscache - ok
08:20:17.0800 1624 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:20:17.0802 1624 dot3svc - ok
08:20:17.0839 1624 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:20:17.0840 1624 DPS - ok
08:20:17.0861 1624 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:20:17.0862 1624 drmkaud - ok
08:20:17.0966 1624 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:20:17.0971 1624 DXGKrnl - ok
08:20:17.0998 1624 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:20:17.0999 1624 EapHost - ok
08:20:18.0183 1624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:20:18.0197 1624 ebdrv - ok
08:20:18.0317 1624 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:20:18.0318 1624 EFS - ok
08:20:18.0427 1624 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:20:18.0431 1624 ehRecvr - ok
08:20:18.0472 1624 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:20:18.0473 1624 ehSched - ok
08:20:18.0553 1624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:20:18.0555 1624 elxstor - ok
08:20:18.0633 1624 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
08:20:18.0633 1624 ENTECH64 - ok
08:20:18.0721 1624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:20:18.0721 1624 ErrDev - ok
08:20:18.0848 1624 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:20:18.0850 1624 EventSystem - ok
08:20:18.0879 1624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:20:18.0880 1624 exfat - ok
08:20:18.0907 1624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:20:18.0908 1624 fastfat - ok
08:20:18.0983 1624 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:20:18.0986 1624 Fax - ok
08:20:19.0011 1624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:20:19.0012 1624 fdc - ok
08:20:19.0024 1624 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:20:19.0025 1624 fdPHost - ok
08:20:19.0037 1624 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:20:19.0038 1624 FDResPub - ok
08:20:19.0053 1624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:20:19.0054 1624 FileInfo - ok
08:20:19.0064 1624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:20:19.0065 1624 Filetrace - ok
08:20:19.0163 1624 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:20:19.0166 1624 FLEXnet Licensing Service - ok
08:20:19.0249 1624 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:20:19.0255 1624 FLEXnet Licensing Service 64 - ok
08:20:19.0344 1624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:20:19.0344 1624 flpydisk - ok
08:20:19.0398 1624 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:20:19.0400 1624 FltMgr - ok
08:20:19.0491 1624 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:20:19.0498 1624 FontCache - ok
08:20:19.0558 1624 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:20:19.0559 1624 FontCache3.0.0.0 - ok
08:20:19.0653 1624 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
08:20:19.0656 1624 ForceWare Intelligent Application Manager (IAM) - ok
08:20:19.0720 1624 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:20:19.0721 1624 FsDepends - ok
08:20:19.0757 1624 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:20:19.0757 1624 Fs_Rec - ok
08:20:19.0804 1624 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:20:19.0805 1624 fvevol - ok
08:20:19.0828 1624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:20:19.0828 1624 gagp30kx - ok
08:20:19.0876 1624 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:20:19.0877 1624 GEARAspiWDM - ok
08:20:19.0950 1624 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:20:19.0954 1624 gpsvc - ok
08:20:20.0056 1624 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:20.0057 1624 gupdate - ok
08:20:20.0074 1624 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:20.0075 1624 gupdatem - ok
08:20:20.0106 1624 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:20:20.0107 1624 gusvc - ok
08:20:20.0190 1624 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
08:20:20.0191 1624 hcmon - ok
08:20:20.0219 1624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:20:20.0219 1624 hcw85cir - ok
08:20:20.0279 1624 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:20:20.0281 1624 HdAudAddService - ok
08:20:20.0318 1624 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:20:20.0319 1624 HDAudBus - ok
08:20:20.0354 1624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:20:20.0355 1624 HidBatt - ok
08:20:20.0383 1624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:20:20.0384 1624 HidBth - ok
08:20:20.0406 1624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:20:20.0407 1624 HidIr - ok
08:20:20.0428 1624 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:20:20.0429 1624 hidserv - ok
08:20:20.0459 1624 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:20:20.0459 1624 HidUsb - ok
08:20:20.0496 1624 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:20:20.0497 1624 hkmsvc - ok
08:20:20.0549 1624 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:20:20.0551 1624 HomeGroupListener - ok
08:20:20.0593 1624 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:20:20.0594 1624 HomeGroupProvider - ok
08:20:20.0637 1624 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:20:20.0637 1624 HpSAMD - ok
08:20:20.0721 1624 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:20:20.0725 1624 HTTP - ok
08:20:20.0763 1624 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:20:20.0763 1624 hwpolicy - ok
08:20:20.0811 1624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:20:20.0812 1624 i8042prt - ok
08:20:20.0856 1624 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:20:20.0858 1624 iaStorV - ok
08:20:20.0986 1624 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:20:20.0990 1624 idsvc - ok
08:20:21.0017 1624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:20:21.0018 1624 iirsp - ok
08:20:21.0080 1624 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
08:20:21.0080 1624 IISADMIN - ok
08:20:21.0173 1624 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:20:21.0178 1624 IKEEXT - ok
08:20:21.0296 1624 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
08:20:21.0305 1624 IntcAzAudAddService - ok
08:20:21.0409 1624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:20:21.0410 1624 intelide - ok
08:20:21.0442 1624 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:20:21.0443 1624 intelppm - ok
08:20:21.0461 1624 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:20:21.0462 1624 IPBusEnum - ok
08:20:21.0500 1624 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:20:21.0500 1624 IpFilterDriver - ok
08:20:21.0569 1624 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:20:21.0572 1624 iphlpsvc - ok
08:20:21.0609 1624 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:20:21.0610 1624 IPMIDRV - ok
08:20:21.0629 1624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:20:21.0629 1624 IPNAT - ok
08:20:21.0759 1624 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:20:21.0764 1624 iPod Service - ok
08:20:21.0790 1624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:20:21.0791 1624 IRENUM - ok
08:20:21.0804 1624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:20:21.0805 1624 isapnp - ok
08:20:21.0842 1624 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:20:21.0844 1624 iScsiPrt - ok
08:20:21.0864 1624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:20:21.0864 1624 kbdclass - ok
08:20:21.0883 1624 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:20:21.0884 1624 kbdhid - ok
08:20:21.0916 1624 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:21.0917 1624 KeyIso - ok
08:20:21.0936 1624 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:20:21.0936 1624 KSecDD - ok
08:20:21.0955 1624 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:20:21.0956 1624 KSecPkg - ok
08:20:21.0966 1624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:20:21.0966 1624 ksthunk - ok
08:20:22.0017 1624 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:20:22.0020 1624 KtmRm - ok
08:20:22.0079 1624 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:20:22.0082 1624 LanmanServer - ok
08:20:22.0118 1624 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:20:22.0120 1624 LanmanWorkstation - ok
08:20:22.0165 1624 libusb0 (7e51c8cfafbb674184097a4147f4699c) C:\Windows\system32\DRIVERS\libusb0.sys
08:20:22.0166 1624 libusb0 - ok
08:20:22.0267 1624 LiveTurbineMessageService (ad36b5f8ac7c2bafb32973b743a65265) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
08:20:22.0268 1624 LiveTurbineMessageService - ok
08:20:22.0309 1624 LiveTurbineNetworkService (ffdff7e4d8fda5c1bfa50f9dbfb780ce) C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
08:20:22.0311 1624 LiveTurbineNetworkService - ok
08:20:22.0374 1624 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:20:22.0374 1624 lltdio - ok
08:20:22.0422 1624 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:20:22.0424 1624 lltdsvc - ok
08:20:22.0437 1624 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:20:22.0438 1624 lmhosts - ok
08:20:22.0467 1624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:20:22.0467 1624 LSI_FC - ok
08:20:22.0488 1624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:20:22.0489 1624 LSI_SAS - ok
08:20:22.0501 1624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:20:22.0501 1624 LSI_SAS2 - ok
08:20:22.0511 1624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:20:22.0512 1624 LSI_SCSI - ok
08:20:22.0534 1624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:20:22.0534 1624 luafv - ok
08:20:22.0628 1624 lxdiCATSCustConnectService (baa003617d899996cf282a3d92aee29b) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe
08:20:22.0629 1624 lxdiCATSCustConnectService - ok
08:20:22.0639 1624 lxdi_device - ok
08:20:22.0653 1624 lxdq_device - ok
08:20:22.0689 1624 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:20:22.0690 1624 Mcx2Svc - ok
08:20:22.0787 1624 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:20:22.0789 1624 MDM - ok
08:20:22.0803 1624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:20:22.0804 1624 megasas - ok
08:20:22.0828 1624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:20:22.0830 1624 MegaSR - ok
08:20:22.0853 1624 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:22.0855 1624 MMCSS - ok
08:20:22.0864 1624 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:20:22.0865 1624 Modem - ok
08:20:22.0894 1624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:20:22.0894 1624 monitor - ok
08:20:22.0944 1624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:20:22.0944 1624 mouclass - ok
08:20:22.0966 1624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:20:22.0966 1624 mouhid - ok
08:20:23.0010 1624 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:20:23.0011 1624 mountmgr - ok
08:20:23.0031 1624 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:20:23.0032 1624 mpio - ok
08:20:23.0050 1624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:20:23.0050 1624 mpsdrv - ok
08:20:23.0156 1624 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:20:23.0160 1624 MpsSvc - ok
08:20:23.0202 1624 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:20:23.0202 1624 MRxDAV - ok
08:20:23.0250 1624 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:20:23.0251 1624 mrxsmb - ok
08:20:23.0300 1624 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:20:23.0301 1624 mrxsmb10 - ok
08:20:23.0320 1624 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:20:23.0321 1624 mrxsmb20 - ok
08:20:23.0358 1624 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:20:23.0358 1624 msahci - ok
08:20:23.0490 1624 MsDepSvc (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
08:20:23.0491 1624 MsDepSvc - ok
08:20:23.0506 1624 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:20:23.0506 1624 msdsm - ok
08:20:23.0532 1624 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:20:23.0534 1624 MSDTC - ok
08:20:23.0676 1624 MsDtsServer100 (7d0ac2859eeaccc5bd038b8cddcaff62) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
08:20:23.0677 1624 MsDtsServer100 - ok
08:20:23.0699 1624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:20:23.0699 1624 Msfs - ok
08:20:23.0713 1624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:20:23.0713 1624 mshidkmdf - ok
08:20:23.0751 1624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:20:23.0752 1624 msisadrv - ok
08:20:23.0773 1624 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:20:23.0774 1624 MSiSCSI - ok
08:20:23.0778 1624 msiserver - ok
08:20:23.0804 1624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:20:23.0804 1624 MSKSSRV - ok
08:20:23.0814 1624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:20:23.0814 1624 MSPCLOCK - ok
08:20:23.0819 1624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:20:23.0819 1624 MSPQM - ok
08:20:23.0884 1624 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:20:23.0885 1624 MsRPC - ok
08:20:23.0908 1624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:20:23.0908 1624 mssmbios - ok
08:20:23.0955 1624 MSSQLFDLauncher (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
08:20:23.0955 1624 MSSQLFDLauncher - ok
08:20:23.0976 1624 MSSQLSERVER - ok
08:20:24.0020 1624 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
08:20:24.0020 1624 MSSQLServerADHelper100 - ok
08:20:24.0053 1624 MSSQLServerOLAPService - ok
08:20:24.0087 1624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:20:24.0087 1624 MSTEE - ok
08:20:24.0098 1624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:20:24.0099 1624 MTConfig - ok
08:20:24.0120 1624 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
08:20:24.0120 1624 MTsensor - ok
08:20:24.0140 1624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:20:24.0141 1624 Mup - ok
08:20:24.0203 1624 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:20:24.0206 1624 napagent - ok
08:20:24.0244 1624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:20:24.0246 1624 NativeWifiP - ok
08:20:24.0322 1624 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:20:24.0327 1624 NDIS - ok
08:20:24.0349 1624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:20:24.0350 1624 NdisCap - ok
08:20:24.0365 1624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:20:24.0365 1624 NdisTapi - ok
08:20:24.0397 1624 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:20:24.0398 1624 Ndisuio - ok
08:20:24.0439 1624 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:20:24.0440 1624 NdisWan - ok
08:20:24.0474 1624 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:20:24.0474 1624 NDProxy - ok
08:20:24.0503 1624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:20:24.0503 1624 NetBIOS - ok
08:20:24.0551 1624 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:20:24.0552 1624 NetBT - ok
08:20:24.0583 1624 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:24.0584 1624 Netlogon - ok
08:20:24.0627 1624 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:20:24.0629 1624 Netman - ok
08:20:24.0713 1624 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:24.0714 1624 NetMsmqActivator - ok
08:20:24.0717 1624 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:24.0718 1624 NetPipeActivator - ok
08:20:24.0745 1624 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:20:24.0748 1624 netprofm - ok
08:20:24.0752 1624 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:24.0753 1624 NetTcpActivator - ok
08:20:24.0756 1624 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:24.0757 1624 NetTcpPortSharing - ok
08:20:24.0800 1624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:20:24.0801 1624 nfrd960 - ok
08:20:24.0865 1624 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:20:24.0868 1624 NlaSvc - ok
08:20:24.0969 1624 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
08:20:24.0972 1624 NMIndexingService - ok
08:20:24.0989 1624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:20:24.0989 1624 Npfs - ok
08:20:25.0008 1624 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:20:25.0009 1624 nsi - ok
08:20:25.0021 1624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:20:25.0021 1624 nsiproxy - ok
08:20:25.0094 1624 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
08:20:25.0095 1624 nSvcIp - ok
08:20:25.0217 1624 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:20:25.0225 1624 Ntfs - ok
08:20:25.0296 1624 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:20:25.0297 1624 Null - ok
08:20:25.0347 1624 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:20:25.0349 1624 NVENETFD - ok
08:20:26.0039 1624 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:20:26.0098 1624 nvlddmkm - ok
08:20:26.0209 1624 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
08:20:26.0211 1624 NVNET - ok
08:20:26.0252 1624 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:20:26.0253 1624 nvraid - ok
08:20:26.0286 1624 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:20:26.0287 1624 nvstor - ok
08:20:26.0313 1624 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
08:20:26.0314 1624 nvstor64 - ok
08:20:26.0429 1624 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
08:20:26.0438 1624 nvsvc - ok
08:20:26.0621 1624 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:20:26.0632 1624 nvUpdatusService - ok
08:20:26.0734 1624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:20:26.0735 1624 nv_agp - ok
08:20:26.0829 1624 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:20:26.0831 1624 odserv - ok
08:20:26.0871 1624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:20:26.0871 1624 ohci1394 - ok
08:20:26.0918 1624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:20:26.0919 1624 ose - ok
08:20:27.0249 1624 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:20:27.0272 1624 osppsvc - ok
08:20:27.0386 1624 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:27.0389 1624 p2pimsvc - ok
08:20:27.0422 1624 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:20:27.0425 1624 p2psvc - ok
08:20:27.0459 1624 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:20:27.0460 1624 Parport - ok
08:20:27.0498 1624 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:20:27.0499 1624 partmgr - ok
08:20:27.0518 1624 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:20:27.0520 1624 PcaSvc - ok
08:20:27.0569 1624 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:20:27.0570 1624 pci - ok
08:20:27.0574 1624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:20:27.0575 1624 pciide - ok
08:20:27.0603 1624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:20:27.0605 1624 pcmcia - ok
08:20:27.0620 1624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:20:27.0620 1624 pcw - ok
08:20:27.0661 1624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:20:27.0664 1624 PEAUTH - ok
08:20:27.0750 1624 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:20:27.0758 1624 PeerDistSvc - ok
08:20:27.0826 1624 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:20:27.0827 1624 PerfHost - ok
08:20:27.0981 1624 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:20:27.0989 1624 pla - ok
08:20:28.0038 1624 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:20:28.0041 1624 PlugPlay - ok
08:20:28.0054 1624 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:20:28.0055 1624 PNRPAutoReg - ok
08:20:28.0085 1624 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:28.0088 1624 PNRPsvc - ok
08:20:28.0126 1624 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:20:28.0129 1624 PolicyAgent - ok
08:20:28.0164 1624 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:20:28.0166 1624 Power - ok
08:20:28.0219 1624 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:20:28.0220 1624 PptpMiniport - ok
08:20:28.0243 1624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:20:28.0244 1624 Processor - ok
08:20:28.0299 1624 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:20:28.0301 1624 ProfSvc - ok
08:20:28.0333 1624 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:28.0334 1624 ProtectedStorage - ok
08:20:28.0381 1624 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:20:28.0382 1624 Psched - ok
08:20:28.0416 1624 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
08:20:28.0417 1624 PxHlpa64 - ok
08:20:28.0505 1624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:20:28.0512 1624 ql2300 - ok
08:20:28.0608 1624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:20:28.0608 1624 ql40xx - ok
08:20:28.0649 1624 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:20:28.0651 1624 QWAVE - ok
08:20:28.0666 1624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:20:28.0666 1624 QWAVEdrv - ok
08:20:28.0680 1624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:20:28.0681 1624 RasAcd - ok
08:20:28.0711 1624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:20:28.0711 1624 RasAgileVpn - ok
08:20:28.0728 1624 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:20:28.0730 1624 RasAuto - ok
08:20:28.0771 1624 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:20:28.0772 1624 Rasl2tp - ok
08:20:28.0828 1624 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:20:28.0830 1624 RasMan - ok
08:20:28.0848 1624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:20:28.0849 1624 RasPppoe - ok
08:20:28.0865 1624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:20:28.0866 1624 RasSstp - ok
08:20:29.0027 1624 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:20:29.0029 1624 rdbss - ok
08:20:29.0039 1624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:20:29.0040 1624 rdpbus - ok
08:20:29.0054 1624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:20:29.0054 1624 RDPCDD - ok
08:20:29.0100 1624 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:20:29.0101 1624 RDPDR - ok
08:20:29.0123 1624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:20:29.0124 1624 RDPENCDD - ok
08:20:29.0136 1624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:20:29.0136 1624 RDPREFMP - ok
08:20:29.0185 1624 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:20:29.0186 1624 RDPWD - ok
08:20:29.0244 1624 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:20:29.0245 1624 rdyboost - ok
08:20:29.0272 1624 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:20:29.0273 1624 RemoteAccess - ok
08:20:29.0301 1624 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:20:29.0303 1624 RemoteRegistry - ok
08:20:29.0522 1624 ReportServer (499556b74a1022906de888fab0389bfa) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
08:20:29.0534 1624 ReportServer - ok
08:20:29.0637 1624 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:20:29.0638 1624 RimUsb - ok
08:20:29.0684 1624 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:20:29.0684 1624 RimVSerPort - ok
08:20:29.0700 1624 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
08:20:29.0700 1624 ROOTMODEM - ok
08:20:29.0823 1624 Roxio UPnP Renderer 10 (85b5159d86ac06ad744ee9d3c288aeee) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
08:20:29.0824 1624 Roxio UPnP Renderer 10 - ok
08:20:29.0859 1624 Roxio Upnp Server 10 (0db43caf2d77b809a86e9d7e1bcc6d76) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
08:20:29.0861 1624 Roxio Upnp Server 10 - ok
08:20:29.0953 1624 RoxLiveShare10 (7958affc64e4f284068eb6575cc64dcf) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
08:20:29.0954 1624 RoxLiveShare10 - ok
08:20:30.0047 1624 RoxMediaDB10 (ed69cd4ab4be607abf768a60e4ac79da) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
08:20:30.0052 1624 RoxMediaDB10 - ok
08:20:30.0104 1624 RoxWatch10 (0da14ee2c0e274fea5a6545181851c16) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
08:20:30.0105 1624 RoxWatch10 - ok
08:20:30.0195 1624 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:20:30.0197 1624 RpcEptMapper - ok
08:20:30.0223 1624 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:20:30.0224 1624 RpcLocator - ok
08:20:30.0290 1624 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:30.0294 1624 RpcSs - ok
08:20:30.0351 1624 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
08:20:30.0353 1624 RsFx0150 - ok
08:20:30.0401 1624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:20:30.0401 1624 rspndr - ok
08:20:30.0416 1624 RxFilter - ok
08:20:30.0451 1624 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:20:30.0452 1624 s3cap - ok
08:20:30.0483 1624 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:30.0484 1624 SamSs - ok
08:20:30.0507 1624 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:20:30.0507 1624 sbp2port - ok
08:20:30.0535 1624 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:20:30.0537 1624 SCardSvr - ok
08:20:30.0567 1624 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:20:30.0567 1624 scfilter - ok
08:20:30.0654 1624 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:20:30.0661 1624 Schedule - ok
08:20:30.0703 1624 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:30.0704 1624 SCPolicySvc - ok
08:20:30.0726 1624 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:20:30.0728 1624 SDRSVC - ok
08:20:30.0835 1624 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:20:30.0836 1624 SeaPort - ok
08:20:30.0878 1624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:20:30.0879 1624 secdrv - ok
08:20:30.0892 1624 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:20:30.0894 1624 seclogon - ok
08:20:30.0911 1624 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:20:30.0913 1624 SENS - ok
08:20:30.0927 1624 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:20:30.0928 1624 SensrSvc - ok
08:20:30.0955 1624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:20:30.0956 1624 Serenum - ok
08:20:30.0979 1624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:20:30.0979 1624 Serial - ok
08:20:31.0011 1624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:20:31.0012 1624 sermouse - ok
08:20:31.0065 1624 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:20:31.0067 1624 SessionEnv - ok
08:20:31.0080 1624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:20:31.0080 1624 sffdisk - ok
08:20:31.0088 1624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:20:31.0089 1624 sffp_mmc - ok
08:20:31.0102 1624 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:20:31.0102 1624 sffp_sd - ok
08:20:31.0117 1624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:20:31.0117 1624 sfloppy - ok
08:20:31.0165 1624 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:20:31.0167 1624 SharedAccess - ok
08:20:31.0192 1624 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:20:31.0195 1624 ShellHWDetection - ok
08:20:31.0209 1624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:20:31.0210 1624 SiSRaid2 - ok
08:20:31.0234 1624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:20:31.0235 1624 SiSRaid4 - ok
08:20:31.0260 1624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:20:31.0262 1624 Smb - ok
08:20:31.0294 1624 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:20:31.0296 1624 SNMPTRAP - ok
08:20:31.0309 1624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:20:31.0310 1624 spldr - ok
08:20:31.0369 1624 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:20:31.0373 1624 Spooler - ok
08:20:31.0579 1624 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:20:31.0596 1624 sppsvc - ok
08:20:31.0687 1624 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:20:31.0689 1624 sppuinotify - ok
08:20:31.0890 1624 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:20:31.0891 1624 SQLBrowser - ok
08:20:32.0008 1624 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
08:20:32.0011 1624 SQLSERVERAGENT - ok
08:20:32.0093 1624 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:20:32.0094 1624 SQLWriter - ok
08:20:32.0165 1624 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:20:32.0167 1624 srv - ok
08:20:32.0203 1624 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:20:32.0205 1624 srv2 - ok
08:20:32.0229 1624 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:20:32.0230 1624 srvnet - ok
08:20:32.0265 1624 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:20:32.0268 1624 SSDPSRV - ok
08:20:32.0299 1624 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:20:32.0300 1624 SstpSvc - ok
08:20:32.0409 1624 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:20:32.0411 1624 Stereo Service - ok
08:20:32.0428 1624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:20:32.0429 1624 stexstor - ok
08:20:32.0512 1624 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:20:32.0517 1624 stisvc - ok
08:20:32.0553 1624 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:20:32.0554 1624 storflt - ok
08:20:32.0568 1624 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:20:32.0570 1624 StorSvc - ok
08:20:32.0585 1624 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:20:32.0585 1624 storvsc - ok
08:20:32.0602 1624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:20:32.0603 1624 swenum - ok
08:20:32.0642 1624 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:20:32.0646 1624 swprv - ok
08:20:32.0770 1624 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:20:32.0779 1624 SysMain - ok
08:20:32.0884 1624 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:20:32.0886 1624 TabletInputService - ok
08:20:32.0914 1624 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:20:32.0917 1624 TapiSrv - ok
08:20:32.0940 1624 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:20:32.0942 1624 TBS - ok
08:20:33.0112 1624 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:20:33.0123 1624 Tcpip - ok
08:20:33.0308 1624 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:20:33.0317 1624 TCPIP6 - ok
08:20:33.0393 1624 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:20:33.0393 1624 tcpipreg - ok
08:20:33.0411 1624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:20:33.0411 1624 TDPIPE - ok
08:20:33.0445 1624 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:20:33.0445 1624 TDTCP - ok
08:20:33.0480 1624 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:20:33.0480 1624 tdx - ok
08:20:33.0660 1624 TeamViewer6 (a409a5c99c29328018e1e3dce9abdc36) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
08:20:33.0671 1624 TeamViewer6 - ok
08:20:33.0932 1624 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
08:20:33.0946 1624 TeamViewer7 - ok
08:20:34.0168 1624 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
08:20:34.0169 1624 teamviewervpn - ok
08:20:34.0197 1624 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:20:34.0198 1624 TermDD - ok
08:20:34.0268 1624 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:20:34.0274 1624 TermService - ok
08:20:34.0430 1624 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:20:34.0431 1624 Themes - ok
08:20:34.0461 1624 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:34.0462 1624 THREADORDER - ok
08:20:34.0485 1624 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:20:34.0487 1624 TrkWks - ok
08:20:34.0547 1624 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:20:34.0548 1624 TrustedInstaller - ok
08:20:34.0613 1624 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:20:34.0614 1624 tssecsrv - ok
08:20:34.0658 1624 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:20:34.0658 1624 TsUsbFlt - ok
08:20:34.0716 1624 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:20:34.0716 1624 tunnel - ok
08:20:34.0864 1624 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
08:20:34.0872 1624 TVersityMediaServer - ok
08:20:34.0977 1624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:20:34.0978 1624 uagp35 - ok
08:20:35.0027 1624 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:20:35.0029 1624 udfs - ok
08:20:35.0151 1624 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
08:20:35.0152 1624 ufad-ws60 - ok
08:20:35.0179 1624 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:20:35.0181 1624 UI0Detect - ok
08:20:35.0214 1624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:20:35.0214 1624 uliagpkx - ok
08:20:35.0243 1624 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:20:35.0244 1624 umbus - ok
08:20:35.0263 1624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:20:35.0263 1624 UmPass - ok
08:20:35.0311 1624 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:20:35.0313 1624 UmRdpService - ok
08:20:35.0339 1624 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:20:35.0342 1624 upnphost - ok
08:20:35.0389 1624 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:20:35.0390 1624 USBAAPL64 - ok
08:20:35.0452 1624 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:20:35.0453 1624 usbaudio - ok
08:20:35.0472 1624 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:20:35.0472 1624 usbccgp - ok
08:20:35.0501 1624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:20:35.0501 1624 usbcir - ok
08:20:35.0524 1624 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:20:35.0524 1624 usbehci - ok
08:20:35.0549 1624 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:20:35.0550 1624 usbhub - ok
08:20:35.0559 1624 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:20:35.0559 1624 usbohci - ok
08:20:35.0581 1624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:20:35.0582 1624 usbprint - ok
08:20:35.0611 1624 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:20:35.0612 1624 usbscan - ok
08:20:35.0630 1624 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:20:35.0631 1624 USBSTOR - ok
08:20:35.0679 1624 USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys
08:20:35.0680 1624 USBTINSP - ok
08:20:35.0717 1624 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:20:35.0718 1624 usbuhci - ok
08:20:35.0743 1624 uxinpxoq (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\uxinpxoq.sys
08:20:35.0744 1624 uxinpxoq - ok
08:20:35.0766 1624 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:20:35.0768 1624 UxSms - ok
08:20:35.0786 1624 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:35.0787 1624 VaultSvc - ok
08:20:35.0817 1624 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
08:20:35.0818 1624 VClone - ok
08:20:35.0831 1624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:20:35.0831 1624 vdrvroot - ok
08:20:35.0895 1624 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:20:35.0899 1624 vds - ok
08:20:35.0925 1624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:20:35.0926 1624 vga - ok
08:20:35.0943 1624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:20:35.0944 1624 VgaSave - ok
08:20:35.0970 1624 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:20:35.0971 1624 vhdmp - ok
08:20:35.0993 1624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:20:35.0994 1624 viaide - ok
08:20:36.0094 1624 VMAuthdService (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
08:20:36.0095 1624 VMAuthdService - ok
08:20:36.0119 1624 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:20:36.0120 1624 vmbus - ok
08:20:36.0135 1624 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:20:36.0136 1624 VMBusHID - ok
08:20:36.0178 1624 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
08:20:36.0179 1624 vmci - ok
08:20:36.0208 1624 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
08:20:36.0209 1624 vmkbd - ok
08:20:36.0240 1624 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
08:20:36.0241 1624 VMnetAdapter - ok
08:20:36.0259 1624 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
08:20:36.0259 1624 VMnetBridge - ok
08:20:36.0264 1624 VMnetDHCP - ok
08:20:36.0298 1624 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
08:20:36.0299 1624 VMnetuserif - ok
08:20:36.0311 1624 VMparport (55e1dc39d985f2b33ebc23cd7fba582e) C:\Windows\system32\drivers\VMparport.sys
08:20:36.0312 1624 VMparport - ok
08:20:36.0427 1624 VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
08:20:36.0429 1624 VMUSBArbService - ok
08:20:36.0435 1624 VMware NAT Service - ok
08:20:36.0475 1624 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
08:20:36.0475 1624 vmx86 - ok
08:20:36.0512 1624 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:20:36.0513 1624 volmgr - ok
08:20:36.0570 1624 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:20:36.0571 1624 volmgrx - ok
08:20:36.0597 1624 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:20:36.0599 1624 volsnap - ok
08:20:36.0630 1624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:20:36.0631 1624 vsmraid - ok
08:20:36.0794 1624 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
08:20:36.0795 1624 VSPerfDrv100 - ok
08:20:36.0910 1624 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:20:36.0918 1624 VSS - ok
08:20:37.0006 1624 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
08:20:37.0006 1624 vstor2-ws60 - ok
08:20:37.0100 1624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:20:37.0100 1624 vwifibus - ok
08:20:37.0110 1624 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:20:37.0111 1624 vwififlt - ok
08:20:37.0146 1624 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:20:37.0150 1624 W32Time - ok
08:20:37.0224 1624 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
08:20:37.0226 1624 W3SVC - ok
08:20:37.0242 1624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:20:37.0243 1624 WacomPen - ok
08:20:37.0287 1624 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:37.0288 1624 WANARP - ok
08:20:37.0298 1624 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:37.0299 1624 Wanarpv6 - ok
08:20:37.0304 1624 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
08:20:37.0307 1624 WAS - ok
08:20:37.0405 1624 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:20:37.0411 1624 WatAdminSvc - ok
08:20:37.0514 1624 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:20:37.0522 1624 wbengine - ok
08:20:37.0621 1624 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:20:37.0624 1624 WbioSrvc - ok
08:20:37.0679 1624 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:20:37.0682 1624 wcncsvc - ok
08:20:37.0695 1624 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:20:37.0697 1624 WcsPlugInService - ok
08:20:37.0722 1624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:20:37.0723 1624 Wd - ok
08:20:37.0770 1624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:20:37.0773 1624 Wdf01000 - ok
08:20:37.0787 1624 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:37.0789 1624 WdiServiceHost - ok
08:20:37.0792 1624 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:37.0794 1624 WdiSystemHost - ok
08:20:37.0838 1624 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:20:37.0840 1624 WebClient - ok
08:20:37.0873 1624 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:20:37.0875 1624 Wecsvc - ok
08:20:37.0888 1624 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:20:37.0890 1624 wercplsupport - ok
08:20:37.0910 1624 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:20:37.0911 1624 WerSvc - ok
08:20:37.0954 1624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:20:37.0955 1624 WfpLwf - ok
08:20:37.0974 1624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:20:37.0974 1624 WIMMount - ok
08:20:37.0996 1624 WinDefend - ok
08:20:38.0002 1624 WinHttpAutoProxySvc - ok
08:20:38.0047 1624 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:20:38.0048 1624 Winmgmt - ok
08:20:38.0188 1624 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:20:38.0199 1624 WinRM - ok
08:20:38.0345 1624 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:20:38.0345 1624 WinUsb - ok
08:20:38.0426 1624 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:20:38.0431 1624 Wlansvc - ok
08:20:38.0634 1624 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:20:38.0644 1624 wlidsvc - ok
08:20:38.0747 1624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:20:38.0747 1624 WmiAcpi - ok
08:20:38.0784 1624 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:20:38.0785 1624 wmiApSrv - ok
08:20:38.0816 1624 WMPNetworkSvc - ok
08:20:38.0845 1624 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
08:20:38.0846 1624 WMSVC - ok
08:20:38.0866 1624 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:20:38.0867 1624 WPCSvc - ok
08:20:38.0909 1624 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:20:38.0911 1624 WPDBusEnum - ok
08:20:38.0928 1624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:20:38.0929 1624 ws2ifsl - ok
08:20:38.0944 1624 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:20:38.0946 1624 wscsvc - ok
08:20:38.0949 1624 WSearch - ok
08:20:39.0079 1624 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:20:39.0092 1624 wuauserv - ok
08:20:39.0225 1624 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:20:39.0226 1624 WudfPf - ok
08:20:39.0248 1624 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:20:39.0249 1624 WUDFRd - ok
08:20:39.0285 1624 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:20:39.0287 1624 wudfsvc - ok
08:20:39.0313 1624 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:20:39.0316 1624 WwanSvc - ok
08:20:39.0359 1624 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:20:39.0408 1624 \Device\Harddisk0\DR0 - ok
08:20:39.0417 1624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:20:39.0535 1624 \Device\Harddisk1\DR1 - ok
08:20:39.0538 1624 Boot (0x1200) (a8ef6ff9c626ade822f4927daf557103) \Device\Harddisk0\DR0\Partition0
08:20:39.0539 1624 \Device\Harddisk0\DR0\Partition0 - ok
08:20:39.0547 1624 Boot (0x1200) (a10f9b7f750f70447253b17ff9975ee0) \Device\Harddisk0\DR0\Partition1
08:20:39.0548 1624 \Device\Harddisk0\DR0\Partition1 - ok
08:20:39.0551 1624 Boot (0x1200) (a8d4450c2567a357fc0b31019c1b7be3) \Device\Harddisk1\DR1\Partition0
08:20:39.0551 1624 \Device\Harddisk1\DR1\Partition0 - ok
08:20:39.0552 1624 ============================================================
08:20:39.0552 1624 Scan finished
08:20:39.0552 1624 ============================================================
08:20:39.0561 5752 Detected object count: 0
08:20:39.0562 5752 Actual detected object count: 0
08:20:43.0138 5084 Deinitialize success

#9 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 08:28 AM

aswMBR found a couple of infections.....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 08:20:46
-----------------------------
08:20:46.362 OS Version: Windows x64 6.1.7601 Service Pack 1
08:20:46.362 Number of processors: 2 586 0x170A
08:20:46.363 ComputerName: SHAYNE-PC UserName: Shayne
08:20:48.991 Initialize success
08:21:56.898 AVAST engine defs: 12042500
08:22:00.992 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
08:22:00.994 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
08:22:00.995 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
08:22:00.997 Disk 1 Vendor: WDC_WD74 21.0 Size: 70911MB BusType: 3
08:22:01.006 Disk 0 MBR read successfully
08:22:01.008 Disk 0 MBR scan
08:22:01.011 Disk 0 Windows 7 default MBR code
08:22:01.013 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:22:01.026 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
08:22:01.050 Disk 0 scanning C:\Windows\system32\drivers
08:22:10.952 Service scanning
08:22:38.343 Modules scanning
08:22:38.349 Disk 0 trace - called modules:
08:22:38.403 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
08:22:38.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075c3610]
08:22:38.410 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8007405e40]
08:22:38.414 5 ACPI.sys[fffff88000fab7a1] -> nt!IofCallDriver -> \Device\0000007c[0xfffffa80074109c0]
08:22:47.642 AVAST engine scan C:\Windows
08:22:52.248 AVAST engine scan C:\Windows\system32
08:23:13.994 File: C:\Windows\system32\hwpsgt.dll **INFECTED** Win64:ZAccess-E [Rtk]
08:23:16.810 File: C:\Windows\system32\int15.dll **INFECTED** Win64:ZAccess-E [Rtk]
08:26:49.837 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
08:26:49.887 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
08:26:52.302 AVAST engine scan C:\Windows\system32\drivers
08:27:04.430 AVAST engine scan C:\Users\Shayne
08:27:54.350 Disk 0 MBR has been saved successfully to "C:\Users\Shayne\Downloads\Virus Removal\MBR.dat"
08:27:54.354 The log file has been saved successfully to "C:\Users\Shayne\Downloads\Virus Removal\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 08:29 AM

Hello

we do have some more work to do so just wait a little while on the donation untill I give the all clean :wink:

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Zynga

File::
c:\windows\system32\drivers\uxinpxoq.sys

Driver::
uxinpxoq

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 12:17 PM

ComboFix 12-04-25.01 - Shayne 04/25/2012 11:06:17.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.4284 [GMT -5:00]
Running from: c:\users\Shayne\Downloads\Virus Removal\ComboFix.exe
Command switches used :: c:\users\Shayne\Downloads\Virus Removal\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\uxinpxoq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Zynga
c:\program files (x86)\Zynga\INSTALL.LOG
c:\program files (x86)\Zynga\ldrtbZyn0.dll
c:\program files (x86)\Zynga\ldrtbZyn2.dll
c:\program files (x86)\Zynga\prxtbZyn0.dll
c:\program files (x86)\Zynga\prxtbZyn2.dll
c:\program files (x86)\Zynga\tbZyn1.dll
c:\program files (x86)\Zynga\tbZyng.dll
c:\program files (x86)\Zynga\toolbar.cfg
c:\program files (x86)\Zynga\uninstall.exe
c:\program files (x86)\Zynga\UNWISE.EXE
c:\program files (x86)\Zynga\ZyngaToolbarHelper.exe
c:\program files (x86)\Zynga\ZyngaToolbarHelper1.exe
c:\windows\system32\drivers\uxinpxoq.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uxinpxoq
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\TekTrak\AppData\Local\temp
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\TekTrak.IIS APPPOOL\AppData\Local\temp
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-04-25 16:15 . 2012-04-25 16:15 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2012-04-25 00:52 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9210E2EB-5A0E-41D7-8DFA-C72DE1766FF0}\mpengine.dll
2012-04-24 04:27 . 2012-04-24 04:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-23 19:22 . 2012-04-23 19:22 -------- d-----w- c:\users\Shayne\AppData\Local\{BB1DE994-8D79-11E1-826D-B8AC6F996F26}
2012-04-23 19:22 . 2012-04-23 19:22 -------- d-----w- c:\users\Shayne\AppData\Local\MSoft
2012-04-23 03:44 . 2012-04-23 03:44 -------- d-----w- c:\users\Shayne\AppData\Local\Fellowes
2012-04-11 08:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files\iTunes
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files (x86)\iTunes
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\program files\iPod
2012-04-01 03:28 . 2012-04-01 03:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2010-06-04 03:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 03:28 . 2011-05-25 03:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 08:08 . 2010-05-31 07:16 2536576 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-08 09:06 . 2012-03-08 09:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 09:06 . 2012-03-08 09:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 15:18 . 2010-03-25 02:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 02:44 . 2012-02-22 02:44 1393736 ----a-w- c:\users\Shayne\gotomypc_635.exe
2012-02-17 06:38 . 2012-03-13 19:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 03:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 03:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 03:15 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_08.27.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 04:41 . 2012-04-25 00:32 54484 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-01 03:39 40874 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 00:32 40874 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-25 02:14 . 2012-04-25 00:32 16772 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4149536671-4042070909-4021816394-1001_UserData.bin
- 2010-03-25 02:13 . 2012-04-20 06:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 02:13 . 2012-04-25 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-24 06:01 . 2012-04-24 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 16:17 . 2012-04-25 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 16:17 . 2012-04-25 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-24 06:01 . 2012-04-24 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-24 06:06 852798 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 00:36 852798 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 00:36 196130 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-24 06:06 196130 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-24 01:58 535100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 16:15 535100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-02 04:33 . 2012-04-25 16:15 6840970 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4149536671-4042070909-4021816394-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 39408]
"VerCheck"="c:\users\Shayne\AppData\Local\MSoft\VerCheck\VerCheck.exe" [2012-04-23 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Shayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2011-02-19 169424]
R3 ANTS Performance Profiler 6 Service;ANTS Performance Profiler 6 Service;c:\program files\Red Gate\ANTS Performance Profiler 6\RedGate.Profiler.IISService.exe [2011-02-19 151488]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-25 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 135664]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S2 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:28]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 01:28]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Shayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"cuatbc"="c:\users\Shayne\AppData\Local\Temp\cuatbc.dll" [BU]
"weaper"="c:\users\Shayne\AppData\Local\Temp\weaper.dll" [BU]
"combofix"="c:\combofix\CF23509.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AMDPCI
tgsrvc_smartagent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip and Edit - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Subscribe to Feed - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: epaycashier.com\secure
Trusted Zone: freerealms.com
Trusted Zone: oddsmaker.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 12.27.222.9 12.27.223.9
FF - ProfilePath - c:\users\Shayne\AppData\Roaming\Mozilla\Firefox\Profiles\5j5nt4nz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\Zynga\prxtbZyn2.dll
BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\Zynga\prxtbZyn2.dll
Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\Zynga\prxtbZyn2.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-Zynga Toolbar - c:\program files (x86)\Zynga\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\teamviewer\version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
**************************************************************************
.
Completion time: 2012-04-25 11:35:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 16:35
ComboFix2.txt 2012-04-25 12:54
ComboFix3.txt 2012-04-25 00:38
ComboFix4.txt 2012-04-24 08:33
.
Pre-Run: 216,682,487,808 bytes free
Post-Run: 216,521,613,312 bytes free
.
- - End Of File - - A7943C3679229500A83D07F36740E3A4

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 01:05 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 06:02 PM

Update for Microsoft Office 2007 (KB2508958)
3DMark Vantage
Acrobat.com
Activision®
Adobe Acrobat 5.0
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnkhSVN 2.1.10129.17
Apple Application Support
Apple Software Update
ASUSUpdate
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Beyond Compare Version 3.1.10
Bing Bar
BitTorrent
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
Blur™
Citrix XenApp Web Plugin
Click'N Design 3D (V5)
Connect
Connectivity Library and TI-Nspire™ handheld drivers
Crystal Reports for Visual Studio
Curse Client
DDL Digital Access Online
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DevExpress 2010.2 Components
DevExpress 2011.1 Components
DevExpress 2011.1 IDETools
DevExpress Example Runner
Dexpot
DirectXInstallService
Dotfuscator Software Services - Community Edition
Dragon Age: Origins
Dropbox
DVD Flick 1.3.0.7
EMC 10 Content
ExamView Player
ExamView Pro
FastStone Image Viewer 4.2
FastStone Photo Resizer 3.1
Fiddler2
Free M4a to MP3 Converter 6.2
Free Realms
Futuremark SystemInfo
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Holt Calendar Planner v2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2565057)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
ImgBurn
Java Auto Updater
Java™ 6 Update 25
JetBrains Omea Reader
JPEG-EXIF_autorotate
Kernel Outlook PST Viewer ver 10.09.01
kuler
League of Legends
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
Microsoft Default Manager
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft F# Runtime for Silverlight 4
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight 4 SDK
Microsoft Silverlight Tools for Visual Studio 2010
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft UI Engine
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mouse and Keyboard Events Recorder 1.0
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Notepad++
NuGet
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
PC Probe II
PDF Settings CS4
PE Builder 3.1.10a
PE Photo
Photoshop Camera Raw
QuickTime
Realtek High Definition Audio Driver
Roblox
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
SAP Crystal Reports, version for Visual Studio 2010
SctMedia
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Singularity™
Skype Toolbars
Skype™ 4.2
Sloppy
SQL Compare 9
SQL Data Compare 9
SQL Data Generator 1
SQL Dependency Tracker 2
SQL Doc 2
SQL Multi Script 1
SQL Packager 6
SQL Prompt 5
SQL Search 1
SQL Source Control 2
SSMS Integration Pack 1
Star Wars: The Old Republic
StarCraft II Beta
studiologic ROES
Suite Shared Configuration CS4
TeamViewer 6
TeamViewer 7
Telerik JustDecompile Beta
The Lord of the Rings Online™
TI-Nspire™ Computer Link Software
tools-windows
Turbine Download Manager
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
VIP Casino
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
VMware Player
WBFS Manager 3.0
WCF RIA Services Toolkit
WCF RIA Services V1.0 SP1
Windows Grep 2.3
Windows Media Player Firefox Plugin
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
XAML Power Toys 2010
Xiph.Org Open Codecs 0.85.17777
ZOTAC FireStorm
Zynga Toolbar

Edited by ShayneJ, 25 April 2012 - 06:04 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:31 PM

Posted 25 April 2012 - 09:49 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.0
Bing Bar
BitTorrent
Java™ 6 Update 25
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ShayneJ

ShayneJ
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2012 - 10:04 PM

I had to reboot (I use this PC for alot of Application Development/Consulting work). Hopefully, I haven't messed up the process. I will do these things right now.

I would like to know where you saw "Peer To Peer" file sharing? I use TeamViewer and DropBox on a regular basis for my consulting work and to share files in the office, my laptop, this PC and my iPhone. But, other than that there "shouldn't" be ANY P2P software on this PC. Please let me know what I am overlooking so I can remove it.

Thanks again for your help. I am going to do these other recommendations right now...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users