Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lots of trojans...


  • This topic is locked This topic is locked
31 replies to this topic

#1 i_h8_trojans

i_h8_trojans

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 25 April 2012 - 12:52 AM

I recently had to do a restore with my computer due to it having several trojans as well as trojan downloaders. I really don't know what happened, as it was perfectly fine the day before. Then the next day, my internet explorer kept popping up(no random pages, just the home page)and wouldn't stop popping up, in addition to my desktop being unusable until I closed out the internet explorer process through the task manager. Then when I ran a scan with AnviSmartDefender, it found some trojans(mabryobj.dll, lg_background.bmp, vundo.br, iframe.b)and it removed them and then told me to reboot to finish the removal. Upon rebooting, the desktop froze and I couldn't see anything but my mouse cursor. I eventually ended up doing a system restore, but I would still like to know for sure if everything was removed.

I always appreciate any help and time I can get and am spared.

Now for the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by OS at 19:35:11 on 2012-04-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2167 [GMT -10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files\epson\portcommunicationservice\PCSVC.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Games\chess\chess.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files (x86)\TeleTracker Online\TeleTracker.exe
C:\PROGRA~2\TELETR~1\Modal.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\TELETR~1\TELETR~2.EXE
C:\Windows\splwow64.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://icam.t-mobile.com/
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyServer = 121.78.112.77:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EpsonAPD4SV] C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\OS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\OS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: qpay123.com
Trusted Zone: t-mobile.com
Trusted Zone: t-mobile.com\watson
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {FC14D208-0AF3-4BF5-9498-59C09229491B} - hxxps://www.qpay123.com/WQVPS/activeX/PrinterActiveX.ocx
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E1453FB0-B8B4-4DD5-8B79-D4F70569B718} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E2576EDF-15A4-4A39-BA40-2ACB580764BB} : DhcpNameServer = 172.18.68.215 172.18.68.215 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [EpsonAPD4SV] C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OS\AppData\Roaming\Mozilla\Firefox\Profiles\d0a0dftw.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\OS\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-1-10 913752]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-3-17 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-3-17 55296]
R2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service;C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe [2011-8-10 397312]
R2 EPSON_Port_Communication_Service;EPSON Port Communication Service;C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe [2011-8-10 578048]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 136176]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-3 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-9-29 243232]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;C:\Windows\system32\DRIVERS\TMUSB64.SYS --> C:\Windows\system32\DRIVERS\TMUSB64.SYS [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver;\??\C:\Windows\system32\DRIVERS\pcslpt.sys --> C:\Windows\system32\DRIVERS\pcslpt.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-7-31 2421384]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-25 05:00:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F972B10-7FD2-4A80-A7D7-7CB6372320BF}\offreg.dll
2012-04-25 04:50:25 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F972B10-7FD2-4A80-A7D7-7CB6372320BF}\mpengine.dll
2012-04-25 04:49:32 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 04:49:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-25 04:48:15 -------- d-----w- C:\72f562e9d8b7289b0a4502
2012-04-25 02:58:13 -------- d-----w- C:\Users\OS\AppData\Roaming\Anvisoft
2012-04-24 23:27:39 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-24 21:32:47 -------- d-----w- C:\Users\OS\AppData\Local\adaware
2012-04-24 21:32:44 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-24 21:32:28 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-24 21:32:28 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-24 21:32:01 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-24 21:31:02 -------- d-----w- C:\Users\OS\AppData\Roaming\Ad-Aware Antivirus
2012-04-23 22:48:54 -------- d-----w- C:\Users\OS\AppData\Local\cute
2012-04-16 01:47:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 21:33:01 -------- d-----w- C:\Users\OS\AppData\Local\Logitech® Webcam Software
2012-04-15 21:20:07 -------- d-----w- C:\Users\OS\AppData\Local\LogiShrd
2012-04-14 03:34:18 53248 ----a-r- C:\Users\OS\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-14 03:33:02 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-04-14 03:30:24 -------- d-----w- C:\ProgramData\boost_interprocess
2012-04-14 03:29:44 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-13 13:03:56 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 13:03:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-13 13:03:55 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-13 13:00:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 13:00:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 13:00:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-13 13:00:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 13:00:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 13:00:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 13:00:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 00:52:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-12 20:24:22 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-09 21:22:30 4916384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-04-08 04:57:42 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-07 20:58:09 -------- d-----w- C:\Program Files\iPod
2012-04-07 20:58:08 -------- d-----w- C:\Program Files\iTunes
2012-04-07 20:58:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-06 05:20:55 98816 ----a-w- C:\Windows\sed.exe
2012-04-06 05:20:55 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-06 05:20:55 256000 ----a-w- C:\Windows\PEV.exe
2012-04-06 05:20:55 208896 ----a-w- C:\Windows\MBR.exe
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-04 02:29:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-04-03 23:25:40 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-04-03 19:37:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-03 19:37:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-31 00:41:12 -------- d-----w- C:\sn0wbreeze
2012-03-30 21:26:57 -------- d-----w- C:\Users\OS\AppData\Local\{10C4419D-7AAF-11E1-826D-B8AC6F996F26}
2012-03-30 00:18:27 -------- d-----w- C:\Program Files (x86)\Ultra MKV Converter
2012-03-29 20:07:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-03-29 20:07:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 06:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 06:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 21:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:36:08.95 ===============

Edited by i_h8_trojans, 25 April 2012 - 12:54 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 29 April 2012 - 07:44 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 02 May 2012 - 12:15 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 02 May 2012 - 12:39 AM

I apologize for the lack of a reply. I was away from a computer and was unable to respond. I had wiped the computer thinking that maybe everyone was really busy, and I wouldn't get a chance, even though it says 5 days. So not wanting to take for granted someone would come and help me, I just went ahead and reset the hard drive back to factory. My computer seems to be fine now, but the next time I would be at that particular computer would be in two days, if you were still willing to check some things on there.

Again, my apologies for the lack of a reply.

Edited by i_h8_trojans, 02 May 2012 - 12:39 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 02 May 2012 - 12:50 AM

Greetings

If you want me to check it out - No problem send me the report when you are ready


you say you will be at the computer in 2 days (which is fine) but how long will you have the computer, because of the dynamics of the process it can take a couple of days to do this

I am normaly on all night if that would make it easier for you



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 02 May 2012 - 01:27 AM

I would actually have the computer all day. Or to be precise, all day(for the most part) for four days.

Edited by i_h8_trojans, 02 May 2012 - 01:29 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 02 May 2012 - 02:25 AM

that would be more than enough just keep in mind I do most of my work around this time ( 5 hours before now up tp 2 hours after now) now is 3:30 am for me

Gringo

Edited by gringo_pr, 02 May 2012 - 02:27 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 04 May 2012 - 04:36 PM

Ok. I'm just posting letting you know I'm at the computer. I'll also be here for the next two days if anything. Just let me know when you get a chance. Thanks!!!!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 04 May 2012 - 09:52 PM

run combofix as per my instructions and let me have the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 04 May 2012 - 11:39 PM

ComboFix 12-05-04.03 - PC1 05/04/2012 18:05:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2582 [GMT -10:00]
Running from: c:\users\PC1\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iexplorer
c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll
c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\iexplorer\iExplorer.exe
c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll
c:\program files (x86)\iexplorer\isxdl.dll
c:\program files (x86)\iexplorer\MPCrashReporter.dll
c:\program files (x86)\iexplorer\MPUpdater.dll
c:\program files (x86)\iexplorer\msvcr71.dll
c:\program files (x86)\iexplorer\PodPhone2.dll
c:\program files (x86)\iexplorer\unins000.dat
c:\program files (x86)\iexplorer\unins000.exe
c:\program files (x86)\iexplorer\unins000.msg
c:\windows\SysWow64\~GLH0044.TMP
c:\windows\SysWow64\~GLH0045.TMP
c:\windows\SysWow64\~GLH0046.TMP
c:\windows\SysWow64\~GLH0047.TMP
c:\windows\SysWow64\~GLH0048.TMP
c:\windows\SysWow64\~GLH0049.TMP
c:\windows\SysWow64\~GLH004a.TMP
c:\windows\SysWow64\~GLH004b.TMP
c:\windows\SysWow64\~GLH004c.TMP
c:\windows\SysWow64\~GLH004d.TMP
c:\windows\SysWow64\~GLH004e.TMP
c:\windows\SysWow64\~GLH004f.TMP
c:\windows\SysWow64\~GLH0051.TMP
c:\windows\SysWow64\~GLH0052.TMP
c:\windows\SysWow64\~GLH0053.TMP
c:\windows\SysWow64\~GLH0055.TMP
c:\windows\SysWow64\~GLH0056.TMP
c:\windows\SysWow64\~GLH0059.TMP
c:\windows\SysWow64\~GLH005a.TMP
c:\windows\SysWow64\~GLH005d.TMP
c:\windows\SysWow64\~GLH005e.TMP
c:\windows\SysWow64\~GLH0062.TMP
c:\windows\SysWow64\~GLH0064.TMP
c:\windows\SysWow64\~GLH0065.TMP
c:\windows\SysWow64\~GLH0067.TMP
c:\windows\SysWow64\~GLH006a.TMP
c:\windows\SysWow64\~GLH006c.TMP
c:\windows\SysWow64\~GLH006d.TMP
c:\windows\SysWow64\~GLH006f.TMP
c:\windows\SysWow64\~GLH0072.TMP
c:\windows\SysWow64\~GLH0074.TMP
c:\windows\SysWow64\~GLH0075.TMP
c:\windows\SysWow64\~GLH0077.TMP
c:\windows\SysWow64\~GLH007a.TMP
c:\windows\SysWow64\~GLH007c.TMP
c:\windows\SysWow64\~GLH007d.TMP
c:\windows\SysWow64\~GLH007e.TMP
c:\windows\SysWow64\~GLH007f.TMP
c:\windows\SysWow64\~GLH0081.TMP
c:\windows\SysWow64\~GLH0083.TMP
c:\windows\SysWow64\~GLH0086.TMP
c:\windows\SysWow64\~GLH0088.TMP
c:\windows\SysWow64\~GLH0089.TMP
c:\windows\SysWow64\~GLH008b.TMP
c:\windows\SysWow64\~GLH0096.TMP
c:\windows\SysWow64\~GLH009d.TMP
c:\windows\SysWow64\~GLH009e.TMP
c:\windows\SysWow64\~GLH00a0.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 02:40 . 2012-04-13 11:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF9C4F57-7E46-4B09-84A4-251AFB2801E1}\mpengine.dll
2012-05-05 02:34 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-05 02:34 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-04 23:27 . 2012-05-04 23:27 -------- d-----w- c:\windows\system32\SPReview
2012-05-04 23:26 . 2012-05-04 23:26 -------- d-----w- c:\windows\system32\EventProviders
2012-05-04 23:23 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-04 23:23 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-04 23:23 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-04 02:34 . 2012-05-04 02:34 -------- d-----w- c:\program files (x86)\BrowserProtect
2012-05-03 23:53 . 2012-04-13 11:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 22:41 . 2012-05-03 22:41 -------- d-----w- c:\program files (x86)\Qpay
2012-05-03 22:41 . 2003-03-19 09:20 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll
2012-05-03 22:41 . 2003-02-21 16:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-01 22:56 . 2006-07-07 22:40 73728 ------w- c:\windows\SysWow64\BRCrypt.dll
2012-05-01 22:55 . 2012-05-01 22:57 -------- d-----w- c:\programdata\Brother
2012-05-01 22:46 . 2012-05-01 22:47 -------- d-----w- c:\programdata\epson
2012-05-01 22:46 . 2011-09-29 11:00 12288 ----a-w- c:\windows\system32\EAPDM32.dll
2012-05-01 22:46 . 2011-06-17 03:46 1127360 ----a-w- c:\windows\system32\EpsStmApi.dll
2012-05-01 22:46 . 2011-06-17 00:04 202240 ----a-w- c:\windows\system32\EAPApiData.dll
2012-05-01 22:46 . 2012-05-01 22:46 -------- d-----w- c:\program files\Common Files\EPSON
2012-05-01 22:46 . 2012-05-01 22:46 -------- d-----w- c:\program files\EPSON
2012-05-01 22:46 . 2011-09-29 19:06 475136 ----a-w- c:\windows\system32\EAPPHPMUI.dll
2012-05-01 22:46 . 2011-09-28 06:25 18944 ----a-w- c:\windows\system32\eaptmco.dll
2012-05-01 22:46 . 2011-09-27 20:26 233984 ----a-w- c:\windows\system32\EAPPHPM.dll
2012-05-01 22:46 . 2011-07-18 22:41 148992 ----a-w- c:\windows\system32\EAPTMLM.dll
2012-05-01 22:46 . 2012-05-01 22:46 -------- d-----w- c:\program files (x86)\EPSON
2012-05-01 22:08 . 2009-06-06 03:47 278581 ----a-w- c:\windows\SysWow64\temp.004
2012-05-01 22:05 . 2009-06-06 03:47 278581 ----a-w- c:\windows\SysWow64\temp.003
2012-05-01 21:46 . 2009-06-06 03:47 278581 ----a-w- c:\windows\SysWow64\temp.002
2012-05-01 21:42 . 2009-06-06 03:47 278581 ----a-w- c:\windows\SysWow64\temp.001
2012-05-01 21:29 . 2012-05-01 21:29 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-05-01 20:27 . 2010-11-20 13:26 3205120 ----a-w- c:\windows\system32\mmcndmgr.dll
2012-05-01 20:26 . 2010-11-20 13:27 316928 ----a-w- c:\windows\system32\tapisrv.dll
2012-05-01 20:25 . 2010-11-20 13:27 36352 ----a-w- c:\windows\system32\wdiasqmmodule.dll
2012-05-01 20:23 . 2011-12-17 03:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-01 20:23 . 2010-11-27 04:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-05-01 20:23 . 2012-05-01 20:23 -------- d-----w- c:\program files (x86)\IObit
2012-05-01 20:22 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-05-01 20:22 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-05-01 20:22 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-05-01 20:11 . 2012-05-01 20:11 -------- d-----w- c:\program files (x86)\LastPass
2012-05-01 19:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-01 19:56 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-01 19:56 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-05-01 19:56 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-05-01 19:56 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-05-01 19:56 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-01 19:56 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-05-01 19:55 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-01 19:55 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-05-01 19:55 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-05-01 19:55 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-01 19:55 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-01 19:55 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-01 19:55 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-01 19:55 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-01 19:55 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-01 19:55 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-05-01 19:55 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-05-01 19:52 . 2012-05-01 19:52 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-01 19:41 . 2012-05-01 19:41 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-01 19:41 . 2012-05-01 19:41 -------- d-----w- c:\windows\system32\Wat
2012-04-30 05:17 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 05:17 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 05:17 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-30 05:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-30 05:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-30 05:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-30 05:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-30 05:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-30 05:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-30 05:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-29 21:49 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-04-29 21:49 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-29 21:47 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-04-29 21:46 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-29 21:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-29 21:46 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-29 21:46 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-29 21:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-29 21:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-29 21:46 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-29 21:46 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-04-29 21:46 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-04-29 21:46 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-04-29 21:46 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-04-29 21:46 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-04-29 21:46 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-29 21:44 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-29 21:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-29 21:43 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-29 21:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-29 21:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-29 05:46 . 2012-04-29 05:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-29 05:46 . 2012-04-29 05:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-29 04:59 . 2012-04-29 04:59 -------- d-----w- c:\programdata\Malwarebytes
2012-04-29 04:59 . 2012-04-29 04:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-29 04:59 . 2012-04-05 01:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-29 04:48 . 2012-04-29 04:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-29 04:47 . 2012-04-29 04:48 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-29 04:23 . 2012-04-29 04:23 -------- d-----w- c:\program files (x86)\WinSCP
2012-04-29 03:53 . 2012-05-03 20:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-29 03:53 . 2012-05-03 20:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-29 03:53 . 2012-04-29 03:53 -------- d-----w- c:\windows\system32\Macromed
2012-04-29 03:43 . 2012-04-29 03:43 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-29 03:43 . 2009-05-18 23:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-29 03:43 . 2008-04-17 22:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-29 03:43 . 2008-04-17 22:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-29 03:42 . 2012-04-29 03:42 -------- d-----w- c:\program files\iPod
2012-04-29 03:42 . 2012-04-29 03:43 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-29 03:42 . 2012-04-29 03:43 -------- d-----w- c:\program files\iTunes
2012-04-29 03:42 . 2012-04-29 03:43 -------- d-----w- c:\program files (x86)\iTunes
2012-04-29 03:42 . 2012-04-29 03:42 -------- d-----w- c:\programdata\Apple Computer
2012-04-29 03:42 . 2012-04-29 03:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-04-29 03:41 . 2012-04-29 03:41 -------- d-----w- c:\program files\Common Files\Apple
2012-04-29 03:41 . 2012-04-29 03:41 -------- d-----w- c:\program files\Bonjour
2012-04-29 03:41 . 2012-04-29 03:41 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-29 03:41 . 2012-04-29 03:42 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-04-29 03:41 . 2012-04-29 03:41 -------- d-----w- c:\programdata\Apple
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 23:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-28 19:46 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-21 06:44 . 2012-03-21 06:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 06:44 . 2012-03-21 06:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 21:04 . 2012-03-01 21:04 63096 ----a-w- c:\windows\system32\drivers\TMUSB64.sys
2012-02-15 21:01 . 2012-02-15 21:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 21:01 . 2012-02-15 21:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-20 4786048]
"BrowserProtect"="c:\program files (x86)\BrowserProtect\BpAuto.lnk" [2012-05-04 2250]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-25 421888]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver;c:\windows\system32\DRIVERS\pcslpt.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BpSvc;BrowserProtect Anti-Hijack Service;c:\program files (x86)\BrowserProtect\BpSvc.exe [2011-11-12 1867776]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service;c:\program files\epson\portcommunicationservice\DeviceControlLog.exe [2011-08-10 397312]
S2 EPSON_Port_Communication_Service;EPSON Port Communication Service;c:\program files\epson\portcommunicationservice\PCSVC.exe [2011-08-10 578048]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\DRIVERS\TMUSB64.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 20:49]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1050778268-2946649128-3989322545-1001Core.job
- c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 02:58]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1050778268-2946649128-3989322545-1001UA.job
- c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
Trusted Zone: google.com

Trusted Zone: t-mobile.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {FC14D208-0AF3-4BF5-9498-59C09229491B} - hxxps://www.qpay123.com/WQVPS/activeX/PrinterActiveX.ocx
FF - ProfilePath - c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\qtkk9z35.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-05-04 18:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 04:15
.
Pre-Run: 445,307,801,600 bytes free
Post-Run: 445,027,692,544 bytes free
.
- - End Of File - - A5832B9C73D8FF70D1C81BA66CE32389

No problems so far. Computer seems to be ok.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 05 May 2012 - 12:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 05 May 2012 - 12:18 AM

Would it be ok if I replied to you with the logs tomorrow? It's getting late where I live.

Edited by i_h8_trojans, 05 May 2012 - 12:18 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 05 May 2012 - 12:35 AM

of course and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 i_h8_trojans

i_h8_trojans
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 05 May 2012 - 06:40 PM

Here are the logs you requested:

From TDSS:

13:22:13.0823 2024 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:22:14.0494 2024 ============================================================
13:22:14.0494 2024 Current date / time: 2012/05/05 13:22:14.0494
13:22:14.0494 2024 SystemInfo:
13:22:14.0494 2024
13:22:14.0510 2024 OS Version: 6.1.7601 ServicePack: 1.0
13:22:14.0510 2024 Product type: Workstation
13:22:14.0510 2024 ComputerName: PC1-PC
13:22:14.0510 2024 UserName: PC1
13:22:14.0510 2024 Windows directory: C:\Windows
13:22:14.0510 2024 System windows directory: C:\Windows
13:22:14.0510 2024 Running under WOW64
13:22:14.0510 2024 Processor architecture: Intel x64
13:22:14.0510 2024 Number of processors: 2
13:22:14.0510 2024 Page size: 0x1000
13:22:14.0510 2024 Boot type: Normal boot
13:22:14.0510 2024 ============================================================
13:22:15.0399 2024 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:22:15.0430 2024 ============================================================
13:22:15.0430 2024 \Device\Harddisk0\DR0:
13:22:15.0430 2024 MBR partitions:
13:22:15.0430 2024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D00800, BlocksNum 0x32000
13:22:15.0430 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D32800, BlocksNum 0x38653030
13:22:15.0430 2024 ============================================================
13:22:15.0446 2024 C: <-> \Device\Harddisk0\DR0\Partition1
13:22:15.0446 2024 ============================================================
13:22:15.0446 2024 Initialize success
13:22:15.0446 2024 ============================================================
13:22:18.0503 2028 ============================================================
13:22:18.0503 2028 Scan started
13:22:18.0503 2028 Mode: Manual;
13:22:18.0503 2028 ============================================================
13:22:19.0533 2028 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:22:19.0533 2028 !SASCORE - ok
13:22:19.0704 2028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:22:19.0704 2028 1394ohci - ok
13:22:19.0751 2028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:22:19.0751 2028 ACPI - ok
13:22:19.0798 2028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:22:19.0798 2028 AcpiPmi - ok
13:22:19.0892 2028 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:19.0907 2028 AdobeFlashPlayerUpdateSvc - ok
13:22:19.0938 2028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:22:19.0954 2028 adp94xx - ok
13:22:19.0970 2028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:22:19.0985 2028 adpahci - ok
13:22:19.0985 2028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:22:20.0001 2028 adpu320 - ok
13:22:20.0016 2028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:22:20.0016 2028 AeLookupSvc - ok
13:22:20.0110 2028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:22:20.0110 2028 AFD - ok
13:22:20.0141 2028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:22:20.0141 2028 agp440 - ok
13:22:20.0157 2028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:22:20.0172 2028 ALG - ok
13:22:20.0172 2028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:22:20.0188 2028 aliide - ok
13:22:20.0188 2028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:22:20.0188 2028 amdide - ok
13:22:20.0219 2028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:22:20.0219 2028 AmdK8 - ok
13:22:20.0235 2028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:22:20.0235 2028 AmdPPM - ok
13:22:20.0250 2028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:22:20.0250 2028 amdsata - ok
13:22:20.0266 2028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:22:20.0282 2028 amdsbs - ok
13:22:20.0297 2028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:22:20.0297 2028 amdxata - ok
13:22:20.0328 2028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:22:20.0328 2028 AppID - ok
13:22:20.0360 2028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:22:20.0360 2028 AppIDSvc - ok
13:22:20.0406 2028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:22:20.0406 2028 Appinfo - ok
13:22:20.0484 2028 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:22:20.0500 2028 Apple Mobile Device - ok
13:22:20.0516 2028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:22:20.0531 2028 arc - ok
13:22:20.0531 2028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:22:20.0531 2028 arcsas - ok
13:22:20.0562 2028 aspnet_state - ok
13:22:20.0594 2028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:22:20.0594 2028 AsyncMac - ok
13:22:20.0609 2028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:22:20.0609 2028 atapi - ok
13:22:20.0687 2028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:22:20.0687 2028 AudioEndpointBuilder - ok
13:22:20.0703 2028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:22:20.0703 2028 AudioSrv - ok
13:22:20.0765 2028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:22:20.0765 2028 AxInstSV - ok
13:22:20.0812 2028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:22:20.0828 2028 b06bdrv - ok
13:22:20.0843 2028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:22:20.0843 2028 b57nd60a - ok
13:22:20.0874 2028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:22:20.0874 2028 BDESVC - ok
13:22:20.0906 2028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:22:20.0906 2028 Beep - ok
13:22:21.0015 2028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:22:21.0030 2028 BFE - ok
13:22:21.0093 2028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:22:21.0093 2028 BITS - ok
13:22:21.0124 2028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:22:21.0124 2028 blbdrive - ok
13:22:21.0186 2028 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:22:21.0202 2028 Bonjour Service - ok
13:22:21.0264 2028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:22:21.0264 2028 bowser - ok
13:22:21.0436 2028 BpSvc (fbb960abbb15ac7e97c8a549e4cb7a4c) C:\Program Files (x86)\BrowserProtect\BpSvc.exe
13:22:21.0452 2028 BpSvc - ok
13:22:21.0498 2028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:22:21.0498 2028 BrFiltLo - ok
13:22:21.0498 2028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:22:21.0498 2028 BrFiltUp - ok
13:22:21.0530 2028 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:22:21.0530 2028 BridgeMP - ok
13:22:21.0576 2028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:22:21.0576 2028 Browser - ok
13:22:21.0639 2028 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
13:22:21.0654 2028 BrSerIb - ok
13:22:21.0670 2028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:22:21.0686 2028 Brserid - ok
13:22:21.0686 2028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:22:21.0701 2028 BrSerWdm - ok
13:22:21.0701 2028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:22:21.0701 2028 BrUsbMdm - ok
13:22:21.0701 2028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:22:21.0701 2028 BrUsbSer - ok
13:22:21.0732 2028 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
13:22:21.0732 2028 BrUsbSIb - ok
13:22:21.0732 2028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:22:21.0732 2028 BTHMODEM - ok
13:22:21.0764 2028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:22:21.0764 2028 bthserv - ok
13:22:21.0779 2028 catchme - ok
13:22:21.0795 2028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:22:21.0810 2028 cdfs - ok
13:22:21.0857 2028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:22:21.0857 2028 cdrom - ok
13:22:21.0904 2028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:22:21.0920 2028 CertPropSvc - ok
13:22:21.0920 2028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:22:21.0920 2028 circlass - ok
13:22:21.0951 2028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:22:21.0966 2028 CLFS - ok
13:22:22.0013 2028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:22.0013 2028 clr_optimization_v2.0.50727_32 - ok
13:22:22.0044 2028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:22.0044 2028 clr_optimization_v2.0.50727_64 - ok
13:22:22.0107 2028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:22.0107 2028 clr_optimization_v4.0.30319_32 - ok
13:22:22.0138 2028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:22.0138 2028 clr_optimization_v4.0.30319_64 - ok
13:22:22.0154 2028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:22:22.0154 2028 CmBatt - ok
13:22:22.0185 2028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:22:22.0185 2028 cmdide - ok
13:22:22.0247 2028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:22:22.0263 2028 CNG - ok
13:22:22.0263 2028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:22:22.0278 2028 Compbatt - ok
13:22:22.0310 2028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:22:22.0310 2028 CompositeBus - ok
13:22:22.0325 2028 COMSysApp - ok
13:22:22.0341 2028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:22:22.0341 2028 crcdisk - ok
13:22:22.0403 2028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:22:22.0403 2028 CryptSvc - ok
13:22:22.0481 2028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:22:22.0497 2028 DcomLaunch - ok
13:22:22.0528 2028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:22:22.0544 2028 defragsvc - ok
13:22:22.0575 2028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:22:22.0590 2028 DfsC - ok
13:22:22.0668 2028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:22:22.0668 2028 Dhcp - ok
13:22:22.0700 2028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:22:22.0700 2028 discache - ok
13:22:22.0715 2028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:22:22.0715 2028 Disk - ok
13:22:22.0778 2028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:22:22.0778 2028 Dnscache - ok
13:22:22.0824 2028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:22:22.0824 2028 dot3svc - ok
13:22:22.0871 2028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:22:22.0871 2028 DPS - ok
13:22:22.0887 2028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:22:22.0887 2028 drmkaud - ok
13:22:22.0980 2028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:22:22.0996 2028 DXGKrnl - ok
13:22:23.0043 2028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:22:23.0058 2028 EapHost - ok
13:22:23.0324 2028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:22:23.0370 2028 ebdrv - ok
13:22:23.0495 2028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:22:23.0495 2028 EFS - ok
13:22:23.0573 2028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:22:23.0589 2028 ehRecvr - ok
13:22:23.0620 2028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:22:23.0620 2028 ehSched - ok
13:22:23.0682 2028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:22:23.0698 2028 elxstor - ok
13:22:23.0792 2028 EPSON_Device_Control_Log_Service (529a2250b2d041f2b81387dfec2b2415) C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
13:22:23.0807 2028 EPSON_Device_Control_Log_Service - ok
13:22:23.0823 2028 EPSON_PCS_Parallel_Port_Driver (dcae3edc971645df604d6c79603bb1ef) C:\Windows\system32\DRIVERS\pcslpt.sys
13:22:23.0823 2028 EPSON_PCS_Parallel_Port_Driver - ok
13:22:23.0854 2028 EPSON_Port_Communication_Service (eae9ce594d2438c9f740315a0ffe5453) C:\Program Files\epson\portcommunicationservice\PCSVC.exe
13:22:23.0870 2028 EPSON_Port_Communication_Service - ok
13:22:23.0901 2028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:22:23.0901 2028 ErrDev - ok
13:22:23.0948 2028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:22:23.0963 2028 EventSystem - ok
13:22:23.0979 2028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:22:23.0979 2028 exfat - ok
13:22:24.0010 2028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:22:24.0010 2028 fastfat - ok
13:22:24.0072 2028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:22:24.0088 2028 Fax - ok
13:22:24.0088 2028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:22:24.0088 2028 fdc - ok
13:22:24.0104 2028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:22:24.0104 2028 fdPHost - ok
13:22:24.0119 2028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:22:24.0119 2028 FDResPub - ok
13:22:24.0119 2028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:22:24.0119 2028 FileInfo - ok
13:22:24.0135 2028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:22:24.0135 2028 Filetrace - ok
13:22:24.0135 2028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:22:24.0135 2028 flpydisk - ok
13:22:24.0228 2028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:22:24.0228 2028 FltMgr - ok
13:22:24.0338 2028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:22:24.0353 2028 FontCache - ok
13:22:24.0416 2028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:24.0416 2028 FontCache3.0.0.0 - ok
13:22:24.0509 2028 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
13:22:24.0525 2028 ForceWare Intelligent Application Manager (IAM) - ok
13:22:24.0572 2028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:22:24.0572 2028 FsDepends - ok
13:22:24.0603 2028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:22:24.0603 2028 Fs_Rec - ok
13:22:24.0681 2028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:22:24.0696 2028 fvevol - ok
13:22:24.0743 2028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:22:24.0743 2028 gagp30kx - ok
13:22:24.0806 2028 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
13:22:24.0806 2028 GameConsoleService - ok
13:22:24.0837 2028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:22:24.0837 2028 GEARAspiWDM - ok
13:22:24.0915 2028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:22:24.0930 2028 gpsvc - ok
13:22:24.0946 2028 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
13:22:24.0946 2028 GREGService - ok
13:22:24.0962 2028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:22:24.0977 2028 hcw85cir - ok
13:22:25.0040 2028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:22:25.0055 2028 HdAudAddService - ok
13:22:25.0086 2028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:22:25.0102 2028 HDAudBus - ok
13:22:25.0118 2028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:22:25.0118 2028 HidBatt - ok
13:22:25.0133 2028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:22:25.0133 2028 HidBth - ok
13:22:25.0149 2028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:22:25.0149 2028 HidIr - ok
13:22:25.0164 2028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:22:25.0164 2028 hidserv - ok
13:22:25.0196 2028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:22:25.0196 2028 HidUsb - ok
13:22:25.0227 2028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:22:25.0227 2028 hkmsvc - ok
13:22:25.0274 2028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:22:25.0274 2028 HomeGroupListener - ok
13:22:25.0320 2028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:22:25.0336 2028 HomeGroupProvider - ok
13:22:25.0352 2028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:22:25.0352 2028 HpSAMD - ok
13:22:25.0430 2028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:22:25.0445 2028 HTTP - ok
13:22:25.0476 2028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:22:25.0476 2028 hwpolicy - ok
13:22:25.0523 2028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:22:25.0523 2028 i8042prt - ok
13:22:25.0601 2028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:22:25.0601 2028 iaStorV - ok
13:22:25.0710 2028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:25.0726 2028 idsvc - ok
13:22:25.0773 2028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:22:25.0773 2028 iirsp - ok
13:22:25.0835 2028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:22:25.0851 2028 IKEEXT - ok
13:22:25.0976 2028 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
13:22:25.0991 2028 IntcAzAudAddService - ok
13:22:26.0054 2028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:22:26.0054 2028 intelide - ok
13:22:26.0069 2028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:22:26.0069 2028 intelppm - ok
13:22:26.0100 2028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:22:26.0100 2028 IPBusEnum - ok
13:22:26.0147 2028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:26.0147 2028 IpFilterDriver - ok
13:22:26.0225 2028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:22:26.0241 2028 iphlpsvc - ok
13:22:26.0288 2028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:22:26.0288 2028 IPMIDRV - ok
13:22:26.0303 2028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:22:26.0303 2028 IPNAT - ok
13:22:26.0412 2028 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:22:26.0412 2028 iPod Service - ok
13:22:26.0428 2028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:22:26.0428 2028 IRENUM - ok
13:22:26.0475 2028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:22:26.0475 2028 isapnp - ok
13:22:26.0522 2028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:22:26.0537 2028 iScsiPrt - ok
13:22:26.0584 2028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:22:26.0584 2028 kbdclass - ok
13:22:26.0631 2028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:22:26.0631 2028 kbdhid - ok
13:22:26.0678 2028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:26.0678 2028 KeyIso - ok
13:22:26.0693 2028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:22:26.0709 2028 KSecDD - ok
13:22:26.0724 2028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:22:26.0724 2028 KSecPkg - ok
13:22:26.0740 2028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:22:26.0740 2028 ksthunk - ok
13:22:26.0787 2028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:22:26.0802 2028 KtmRm - ok
13:22:26.0834 2028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:22:26.0849 2028 LanmanServer - ok
13:22:26.0880 2028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:22:26.0880 2028 LanmanWorkstation - ok
13:22:26.0912 2028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:22:26.0927 2028 lltdio - ok
13:22:26.0958 2028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:22:26.0974 2028 lltdsvc - ok
13:22:26.0990 2028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:22:26.0990 2028 lmhosts - ok
13:22:27.0021 2028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:22:27.0021 2028 LSI_FC - ok
13:22:27.0021 2028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:22:27.0036 2028 LSI_SAS - ok
13:22:27.0036 2028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:22:27.0036 2028 LSI_SAS2 - ok
13:22:27.0052 2028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:22:27.0052 2028 LSI_SCSI - ok
13:22:27.0052 2028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:22:27.0052 2028 luafv - ok
13:22:27.0099 2028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:22:27.0099 2028 Mcx2Svc - ok
13:22:27.0099 2028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:22:27.0099 2028 megasas - ok
13:22:27.0130 2028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:22:27.0130 2028 MegaSR - ok
13:22:27.0146 2028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:22:27.0161 2028 MMCSS - ok
13:22:27.0161 2028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:22:27.0161 2028 Modem - ok
13:22:27.0177 2028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:22:27.0177 2028 monitor - ok
13:22:27.0208 2028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:22:27.0208 2028 mouclass - ok
13:22:27.0239 2028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:22:27.0239 2028 mouhid - ok
13:22:27.0286 2028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:22:27.0286 2028 mountmgr - ok
13:22:27.0348 2028 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:22:27.0348 2028 MozillaMaintenance - ok
13:22:27.0395 2028 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:22:27.0411 2028 MpFilter - ok
13:22:27.0458 2028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:22:27.0458 2028 mpio - ok
13:22:27.0489 2028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:22:27.0489 2028 mpsdrv - ok
13:22:27.0598 2028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:22:27.0614 2028 MpsSvc - ok
13:22:27.0645 2028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:22:27.0645 2028 MRxDAV - ok
13:22:27.0692 2028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:27.0692 2028 mrxsmb - ok
13:22:27.0723 2028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:27.0723 2028 mrxsmb10 - ok
13:22:27.0770 2028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:27.0770 2028 mrxsmb20 - ok
13:22:27.0816 2028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:22:27.0816 2028 msahci - ok
13:22:27.0863 2028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:22:27.0879 2028 msdsm - ok
13:22:27.0910 2028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:22:27.0910 2028 MSDTC - ok
13:22:27.0957 2028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:22:27.0957 2028 Msfs - ok
13:22:27.0972 2028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:22:27.0972 2028 mshidkmdf - ok
13:22:28.0019 2028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:22:28.0019 2028 msisadrv - ok
13:22:28.0066 2028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:22:28.0066 2028 MSiSCSI - ok
13:22:28.0082 2028 msiserver - ok
13:22:28.0144 2028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:22:28.0144 2028 MSKSSRV - ok
13:22:28.0222 2028 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:22:28.0222 2028 MsMpSvc - ok
13:22:28.0222 2028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:28.0238 2028 MSPCLOCK - ok
13:22:28.0253 2028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:22:28.0253 2028 MSPQM - ok
13:22:28.0316 2028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:22:28.0331 2028 MsRPC - ok
13:22:28.0347 2028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:22:28.0347 2028 mssmbios - ok
13:22:28.0347 2028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:22:28.0347 2028 MSTEE - ok
13:22:28.0362 2028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:22:28.0362 2028 MTConfig - ok
13:22:28.0378 2028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:22:28.0378 2028 Mup - ok
13:22:28.0456 2028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:22:28.0456 2028 napagent - ok
13:22:28.0503 2028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:22:28.0503 2028 NativeWifiP - ok
13:22:28.0565 2028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:22:28.0581 2028 NDIS - ok
13:22:28.0596 2028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:22:28.0596 2028 NdisCap - ok
13:22:28.0628 2028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:28.0628 2028 NdisTapi - ok
13:22:28.0674 2028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:28.0674 2028 Ndisuio - ok
13:22:28.0721 2028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:28.0721 2028 NdisWan - ok
13:22:28.0752 2028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:22:28.0768 2028 NDProxy - ok
13:22:28.0877 2028 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:22:28.0893 2028 Nero BackItUp Scheduler 4.0 - ok
13:22:28.0924 2028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:22:28.0924 2028 NetBIOS - ok
13:22:28.0971 2028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:22:28.0971 2028 NetBT - ok
13:22:29.0018 2028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:29.0018 2028 Netlogon - ok
13:22:29.0080 2028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:22:29.0096 2028 Netman - ok
13:22:29.0174 2028 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0174 2028 NetMsmqActivator - ok
13:22:29.0174 2028 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0189 2028 NetPipeActivator - ok
13:22:29.0220 2028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:22:29.0236 2028 netprofm - ok
13:22:29.0252 2028 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0252 2028 NetTcpActivator - ok
13:22:29.0252 2028 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0252 2028 NetTcpPortSharing - ok
13:22:29.0283 2028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:22:29.0298 2028 nfrd960 - ok
13:22:29.0330 2028 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:22:29.0345 2028 NisDrv - ok
13:22:29.0408 2028 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:22:29.0423 2028 NisSrv - ok
13:22:29.0470 2028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:22:29.0470 2028 NlaSvc - ok
13:22:29.0657 2028 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
13:22:29.0688 2028 NOBU - ok
13:22:29.0782 2028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:22:29.0782 2028 Npfs - ok
13:22:29.0798 2028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:22:29.0798 2028 nsi - ok
13:22:29.0813 2028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:22:29.0813 2028 nsiproxy - ok
13:22:29.0860 2028 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
13:22:29.0860 2028 nSvcIp - ok
13:22:30.0000 2028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:22:30.0016 2028 Ntfs - ok
13:22:30.0063 2028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:22:30.0063 2028 Null - ok
13:22:30.0110 2028 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:22:30.0125 2028 NVENETFD - ok
13:22:30.0500 2028 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:30.0671 2028 nvlddmkm - ok
13:22:30.0765 2028 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
13:22:30.0765 2028 NVNET - ok
13:22:30.0827 2028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:22:30.0827 2028 nvraid - ok
13:22:30.0874 2028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:22:30.0874 2028 nvstor - ok
13:22:30.0890 2028 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
13:22:30.0890 2028 nvstor64 - ok
13:22:30.0936 2028 nvsvc (59dd481e0063f8f7ea8b9f149fcacf32) C:\Windows\system32\nvvsvc.exe
13:22:30.0936 2028 nvsvc - ok
13:22:30.0968 2028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:22:30.0968 2028 nv_agp - ok
13:22:30.0999 2028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:22:31.0014 2028 ohci1394 - ok
13:22:31.0046 2028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:31.0046 2028 p2pimsvc - ok
13:22:31.0092 2028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:22:31.0108 2028 p2psvc - ok
13:22:31.0139 2028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:22:31.0139 2028 Parport - ok
13:22:31.0186 2028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:22:31.0186 2028 partmgr - ok
13:22:31.0217 2028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:22:31.0217 2028 PcaSvc - ok
13:22:31.0248 2028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:22:31.0248 2028 pci - ok
13:22:31.0264 2028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:22:31.0264 2028 pciide - ok
13:22:31.0280 2028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:22:31.0295 2028 pcmcia - ok
13:22:31.0295 2028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:22:31.0295 2028 pcw - ok
13:22:31.0342 2028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:22:31.0358 2028 PEAUTH - ok
13:22:31.0436 2028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:22:31.0436 2028 PerfHost - ok
13:22:31.0560 2028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:22:31.0592 2028 pla - ok
13:22:31.0670 2028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:22:31.0670 2028 PlugPlay - ok
13:22:31.0685 2028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:22:31.0701 2028 PNRPAutoReg - ok
13:22:31.0732 2028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:31.0732 2028 PNRPsvc - ok
13:22:31.0763 2028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:22:31.0779 2028 PolicyAgent - ok
13:22:31.0810 2028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:22:31.0810 2028 Power - ok
13:22:31.0888 2028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:22:31.0888 2028 PptpMiniport - ok
13:22:31.0919 2028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:22:31.0919 2028 Processor - ok
13:22:31.0966 2028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:22:31.0966 2028 ProfSvc - ok
13:22:32.0013 2028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:32.0013 2028 ProtectedStorage - ok
13:22:32.0075 2028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:22:32.0075 2028 Psched - ok
13:22:32.0184 2028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:22:32.0216 2028 ql2300 - ok
13:22:32.0262 2028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:22:32.0278 2028 ql40xx - ok
13:22:32.0309 2028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:22:32.0309 2028 QWAVE - ok
13:22:32.0325 2028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:22:32.0325 2028 QWAVEdrv - ok
13:22:32.0340 2028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:22:32.0340 2028 RasAcd - ok
13:22:32.0356 2028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:22:32.0356 2028 RasAgileVpn - ok
13:22:32.0387 2028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:22:32.0387 2028 RasAuto - ok
13:22:32.0434 2028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:22:32.0434 2028 Rasl2tp - ok
13:22:32.0512 2028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:22:32.0528 2028 RasMan - ok
13:22:32.0543 2028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:22:32.0543 2028 RasPppoe - ok
13:22:32.0559 2028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:22:32.0559 2028 RasSstp - ok
13:22:32.0606 2028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:22:32.0621 2028 rdbss - ok
13:22:32.0637 2028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:22:32.0637 2028 rdpbus - ok
13:22:32.0637 2028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:22:32.0637 2028 RDPCDD - ok
13:22:32.0668 2028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:22:32.0668 2028 RDPENCDD - ok
13:22:32.0668 2028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:22:32.0684 2028 RDPREFMP - ok
13:22:32.0715 2028 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:22:32.0715 2028 RDPWD - ok
13:22:32.0777 2028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:22:32.0793 2028 rdyboost - ok
13:22:32.0824 2028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:22:32.0824 2028 RemoteAccess - ok
13:22:32.0855 2028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:22:32.0855 2028 RemoteRegistry - ok
13:22:32.0886 2028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:22:32.0886 2028 RpcEptMapper - ok
13:22:32.0902 2028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:22:32.0902 2028 RpcLocator - ok
13:22:32.0964 2028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:22:32.0980 2028 RpcSs - ok
13:22:32.0980 2028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:22:32.0996 2028 rspndr - ok
13:22:33.0042 2028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:33.0042 2028 SamSs - ok
13:22:33.0105 2028 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:22:33.0105 2028 SASDIFSV - ok
13:22:33.0136 2028 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:22:33.0136 2028 SASKUTIL - ok
13:22:33.0183 2028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:22:33.0183 2028 sbp2port - ok
13:22:33.0230 2028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:22:33.0245 2028 SCardSvr - ok
13:22:33.0276 2028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:22:33.0276 2028 scfilter - ok
13:22:33.0386 2028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:22:33.0386 2028 Schedule - ok
13:22:33.0432 2028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:22:33.0432 2028 SCPolicySvc - ok
13:22:33.0495 2028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:22:33.0510 2028 SDRSVC - ok
13:22:33.0542 2028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:22:33.0542 2028 secdrv - ok
13:22:33.0588 2028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:22:33.0588 2028 seclogon - ok
13:22:33.0604 2028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:22:33.0604 2028 SENS - ok
13:22:33.0651 2028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:22:33.0651 2028 SensrSvc - ok
13:22:33.0682 2028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:22:33.0682 2028 Serenum - ok
13:22:33.0698 2028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:22:33.0698 2028 Serial - ok
13:22:33.0729 2028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:22:33.0729 2028 sermouse - ok
13:22:33.0791 2028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:22:33.0791 2028 SessionEnv - ok
13:22:33.0822 2028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:22:33.0838 2028 sffdisk - ok
13:22:33.0838 2028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:22:33.0838 2028 sffp_mmc - ok
13:22:33.0854 2028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:22:33.0854 2028 sffp_sd - ok
13:22:33.0854 2028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:22:33.0854 2028 sfloppy - ok
13:22:33.0900 2028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:22:33.0916 2028 SharedAccess - ok
13:22:33.0963 2028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:22:33.0963 2028 ShellHWDetection - ok
13:22:33.0978 2028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:22:33.0978 2028 SiSRaid2 - ok
13:22:33.0994 2028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:22:33.0994 2028 SiSRaid4 - ok
13:22:34.0056 2028 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:22:34.0056 2028 SmartDefragDriver - ok
13:22:34.0072 2028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:22:34.0072 2028 Smb - ok
13:22:34.0119 2028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:22:34.0119 2028 SNMPTRAP - ok
13:22:34.0134 2028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:22:34.0134 2028 spldr - ok
13:22:34.0181 2028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:22:34.0181 2028 Spooler - ok
13:22:34.0368 2028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:22:34.0415 2028 sppsvc - ok
13:22:34.0478 2028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:22:34.0478 2028 sppuinotify - ok
13:22:34.0540 2028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:22:34.0571 2028 srv - ok
13:22:34.0602 2028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:22:34.0618 2028 srv2 - ok
13:22:34.0665 2028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:22:34.0665 2028 srvnet - ok
13:22:34.0696 2028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:22:34.0696 2028 SSDPSRV - ok
13:22:34.0696 2028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:22:34.0712 2028 SstpSvc - ok
13:22:34.0727 2028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:22:34.0743 2028 stexstor - ok
13:22:34.0836 2028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:22:34.0836 2028 stisvc - ok
13:22:34.0883 2028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:22:34.0883 2028 swenum - ok
13:22:34.0930 2028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:22:34.0946 2028 swprv - ok
13:22:35.0086 2028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:22:35.0086 2028 SysMain - ok
13:22:35.0195 2028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:22:35.0195 2028 TabletInputService - ok
13:22:35.0273 2028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:22:35.0273 2028 TapiSrv - ok
13:22:35.0289 2028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:22:35.0289 2028 TBS - ok
13:22:35.0445 2028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:22:35.0476 2028 Tcpip - ok
13:22:35.0648 2028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:22:35.0663 2028 TCPIP6 - ok
13:22:35.0741 2028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:22:35.0741 2028 tcpipreg - ok
13:22:35.0772 2028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:22:35.0772 2028 TDPIPE - ok
13:22:35.0804 2028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:22:35.0804 2028 TDTCP - ok
13:22:35.0850 2028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:22:35.0866 2028 tdx - ok
13:22:35.0897 2028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:22:35.0897 2028 TermDD - ok
13:22:35.0960 2028 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:22:35.0960 2028 TermService - ok
13:22:35.0975 2028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:22:35.0975 2028 Themes - ok
13:22:36.0006 2028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:22:36.0006 2028 THREADORDER - ok
13:22:36.0069 2028 TMUSB (5b16ba491b268bf8d97d580687ff6e4e) C:\Windows\system32\DRIVERS\TMUSB64.SYS
13:22:36.0069 2028 TMUSB - ok
13:22:36.0084 2028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:22:36.0100 2028 TrkWks - ok
13:22:36.0162 2028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:22:36.0162 2028 TrustedInstaller - ok
13:22:36.0209 2028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:22:36.0209 2028 tssecsrv - ok
13:22:36.0272 2028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:22:36.0272 2028 TsUsbFlt - ok
13:22:36.0334 2028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:22:36.0334 2028 tunnel - ok
13:22:36.0365 2028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:22:36.0365 2028 uagp35 - ok
13:22:36.0428 2028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:22:36.0443 2028 udfs - ok
13:22:36.0490 2028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:22:36.0490 2028 UI0Detect - ok
13:22:36.0537 2028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:22:36.0552 2028 uliagpkx - ok
13:22:36.0599 2028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:22:36.0599 2028 umbus - ok
13:22:36.0599 2028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:22:36.0615 2028 UmPass - ok
13:22:36.0662 2028 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
13:22:36.0677 2028 Updater Service - ok
13:22:36.0724 2028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:22:36.0740 2028 upnphost - ok
13:22:36.0771 2028 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:22:36.0771 2028 USBAAPL64 - ok
13:22:36.0818 2028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:22:36.0818 2028 usbccgp - ok
13:22:36.0864 2028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:22:36.0864 2028 usbcir - ok
13:22:36.0864 2028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:22:36.0864 2028 usbehci - ok
13:22:36.0896 2028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:22:36.0896 2028 usbhub - ok
13:22:36.0911 2028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:22:36.0927 2028 usbohci - ok
13:22:36.0942 2028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:22:36.0942 2028 usbprint - ok
13:22:36.0974 2028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:22:36.0989 2028 usbscan - ok
13:22:37.0005 2028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
13:22:37.0005 2028 USBSTOR - ok
13:22:37.0005 2028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:22:37.0020 2028 usbuhci - ok
13:22:37.0020 2028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:22:37.0020 2028 UxSms - ok
13:22:37.0067 2028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:22:37.0067 2028 VaultSvc - ok
13:22:37.0083 2028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:22:37.0083 2028 vdrvroot - ok
13:22:37.0145 2028 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:22:37.0161 2028 vds - ok
13:22:37.0176 2028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:22:37.0176 2028 vga - ok
13:22:37.0192 2028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:22:37.0192 2028 VgaSave - ok
13:22:37.0208 2028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:22:37.0223 2028 vhdmp - ok
13:22:37.0254 2028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:22:37.0254 2028 viaide - ok
13:22:37.0270 2028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:22:37.0270 2028 volmgr - ok
13:22:37.0317 2028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:22:37.0332 2028 volmgrx - ok
13:22:37.0364 2028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:22:37.0364 2028 volsnap - ok
13:22:37.0395 2028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:22:37.0395 2028 vsmraid - ok
13:22:37.0520 2028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:22:37.0535 2028 VSS - ok
13:22:37.0598 2028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:22:37.0598 2028 vwifibus - ok
13:22:37.0644 2028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:22:37.0644 2028 W32Time - ok
13:22:37.0660 2028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:22:37.0660 2028 WacomPen - ok
13:22:37.0691 2028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:37.0691 2028 WANARP - ok
13:22:37.0707 2028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:37.0707 2028 Wanarpv6 - ok
13:22:37.0816 2028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:22:37.0847 2028 WatAdminSvc - ok
13:22:37.0941 2028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:22:37.0972 2028 wbengine - ok
13:22:38.0034 2028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:22:38.0034 2028 WbioSrvc - ok
13:22:38.0081 2028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:22:38.0097 2028 wcncsvc - ok
13:22:38.0112 2028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:22:38.0112 2028 WcsPlugInService - ok
13:22:38.0112 2028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:22:38.0112 2028 Wd - ok
13:22:38.0159 2028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:22:38.0175 2028 Wdf01000 - ok
13:22:38.0190 2028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:22:38.0190 2028 WdiServiceHost - ok
13:22:38.0190 2028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:22:38.0206 2028 WdiSystemHost - ok
13:22:38.0268 2028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:22:38.0284 2028 WebClient - ok
13:22:38.0315 2028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:22:38.0331 2028 Wecsvc - ok
13:22:38.0346 2028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:22:38.0346 2028 wercplsupport - ok
13:22:38.0378 2028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:22:38.0378 2028 WerSvc - ok
13:22:38.0409 2028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:22:38.0409 2028 WfpLwf - ok
13:22:38.0409 2028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:22:38.0409 2028 WIMMount - ok
13:22:38.0440 2028 WinDefend - ok
13:22:38.0456 2028 WinHttpAutoProxySvc - ok
13:22:38.0518 2028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:22:38.0518 2028 Winmgmt - ok
13:22:38.0674 2028 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:22:38.0705 2028 WinRM - ok
13:22:38.0846 2028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:22:38.0846 2028 WinUsb - ok
13:22:38.0924 2028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:22:38.0955 2028 Wlansvc - ok
13:22:39.0002 2028 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:22:39.0002 2028 wlcrasvc - ok
13:22:39.0189 2028 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:22:39.0220 2028 wlidsvc - ok
13:22:39.0267 2028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:22:39.0267 2028 WmiAcpi - ok
13:22:39.0314 2028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:22:39.0314 2028 wmiApSrv - ok
13:22:39.0360 2028 WMPNetworkSvc - ok
13:22:39.0392 2028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:22:39.0392 2028 WPCSvc - ok
13:22:39.0438 2028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:22:39.0454 2028 WPDBusEnum - ok
13:22:39.0470 2028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:22:39.0470 2028 ws2ifsl - ok
13:22:39.0501 2028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:22:39.0501 2028 wscsvc - ok
13:22:39.0501 2028 WSearch - ok
13:22:39.0704 2028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:22:39.0704 2028 wuauserv - ok
13:22:39.0828 2028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:22:39.0828 2028 WudfPf - ok
13:22:39.0860 2028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:22:39.0875 2028 WUDFRd - ok
13:22:39.0938 2028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:22:39.0938 2028 wudfsvc - ok
13:22:39.0969 2028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:22:39.0984 2028 WwanSvc - ok
13:22:40.0016 2028 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
13:22:42.0137 2028 \Device\Harddisk0\DR0 - ok
13:22:42.0153 2028 Boot (0x1200) (d34d93223bf59b8789a059ad33e95b93) \Device\Harddisk0\DR0\Partition0
13:22:42.0153 2028 \Device\Harddisk0\DR0\Partition0 - ok
13:22:42.0153 2028 Boot (0x1200) (c1e7ee5748750f3c8b888607d93c387d) \Device\Harddisk0\DR0\Partition1
13:22:42.0168 2028 \Device\Harddisk0\DR0\Partition1 - ok
13:22:42.0168 2028 ============================================================
13:22:42.0168 2028 Scan finished
13:22:42.0168 2028 ============================================================
13:22:42.0168 4856 Detected object count: 0
13:22:42.0168 4856 Actual detected object count: 0


From aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 13:23:53
-----------------------------
13:23:53.058 OS Version: Windows x64 6.1.7601 Service Pack 1
13:23:53.058 Number of processors: 2 586 0x603
13:23:53.058 ComputerName: PC1-PC UserName: PC1
13:23:54.103 Initialize success
13:26:32.152 AVAST engine defs: 12050501
13:30:50.353 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
13:30:50.353 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
13:30:50.384 Disk 0 MBR read successfully
13:30:50.384 Disk 0 MBR scan
13:30:50.384 Disk 0 unknown MBR code
13:30:50.384 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14848 MB offset 2048
13:30:50.415 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 30410752
13:30:50.431 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461990 MB offset 30615552
13:30:50.446 Disk 0 scanning C:\Windows\system32\drivers
13:30:59.229 Service scanning
13:31:19.214 Modules scanning
13:31:19.229 Disk 0 trace - called modules:
13:31:19.245 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
13:31:19.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bea060]
13:31:19.760 3 CLASSPNP.SYS[fffff88001b5d43f] -> nt!IofCallDriver -> [0xfffffa800488be40]
13:31:19.775 5 ACPI.sys[fffff88000f057a1] -> nt!IofCallDriver -> \Device\00000054[0xfffffa8004893060]
13:31:20.992 AVAST engine scan C:\Windows
13:31:24.128 AVAST engine scan C:\Windows\system32
13:34:00.580 AVAST engine scan C:\Windows\system32\drivers
13:34:11.206 AVAST engine scan C:\Users\PC1
13:35:48.522 AVAST engine scan C:\ProgramData
13:36:21.475 Scan finished successfully
13:37:36.970 Disk 0 MBR has been saved successfully to "C:\Users\PC1\Desktop\MBR.dat"
13:37:36.986 The log file has been saved successfully to "C:\Users\PC1\Desktop\aswMBR.txt"

I know you may not be on yet, but just let me know what to do when you get a chance. Thanks!!!!!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 PM

Posted 05 May 2012 - 08:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users