Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, please help


  • This topic is locked This topic is locked
31 replies to this topic

#1 darkchild101

darkchild101

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 26 April 2012 - 04:22 PM

My MS Essentials detected infections listed below. I deleted/removed the infections but my laptop has not run properly since. It is not playing youtube and other flv vidoes and keeps buffering and freezins. When i switch it on and as programs load there is a strange swoosh sound and the same sound comes when i am closing the computer down. There is also a strange little dialogue window that comes up about a minute after switching on and it says server busy. I dont know what this is. Please help. the infections and their locations are below


Adware:Win32/Hotbar
C:\Users\Tendai\AppData\Local\temp\_te2B58.exe


Adware:Win32/Hotbar
C:\ProramFiles\ShopperReports3\bin\3.1.71.0\ShopperReportsUninstaller.exe


Adware:Win32/ShopperReports
C:\Users\Tendai\AppData\Local\temp\_te2B58.exe

BC AdBot (Login to Remove)

 


#2 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 26 April 2012 - 05:59 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Tendai at 22:04:52 on 2012-04-26
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.704 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox/131245e70ac32cba
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\tendai\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\tendai\appdata\local\temp\_uninst_11363129.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tendai\appdata\roaming\mozilla\firefox\profiles\0tep400u.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\vdownloader\addons\npVDownloader.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 11363129;11363129;c:\windows\system32\drivers\11363129.sys [2012-4-15 133208]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 38013711;38013711;c:\windows\system32\drivers\38013711.sys [2011-6-24 128016]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-10-5 9216]
.
=============== Created Last 30 ================
.
2012-04-26 14:35:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7d1fb600-4c96-4c59-b973-6243f25ae8b2}\MpKsl2e56577c.sys
2012-04-26 12:45:24 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7d1fb600-4c96-4c59-b973-6243f25ae8b2}\mpengine.dll
2012-04-25 11:48:04 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-19 00:11:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:11:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 19:33:47 133208 ----a-w- c:\windows\system32\drivers\11363129.sys
2012-04-14 17:35:43 -------- dcsh--w- C:\$RECYCLE.BIN
2012-04-14 17:24:26 -------- d-----w- c:\users\tendai\appdata\local\temp
2012-04-11 00:18:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 00:17:50 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 00:17:50 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 00:17:50 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:17:50 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 00:16:55 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 00:16:54 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 23:45:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-10 21:41:01 -------- d-----w- c:\program files\Essentials Codec Pack
2012-04-06 01:37:07 98560 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2012-04-06 01:37:07 14848 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2012-04-06 01:37:07 12416 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2012-04-06 01:37:07 12416 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-04-06 01:37:07 123776 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2012-04-06 01:37:07 12288 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2012-04-06 01:37:07 12288 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-04-06 01:35:06 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2012-04-06 01:35:06 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2012-04-06 01:35:06 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2012-04-06 00:51:16 -------- dc----w- C:\Download
2012-04-06 00:46:38 -------- dc----w- C:\AllShare
2012-03-29 19:19:24 -------- d-----w- c:\program files\iPod
2012-03-29 19:19:15 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 00:16:08 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-26 00:15:02 88 --sh--r- c:\programdata\E0C60D2CBC.sys
2012-03-20 19:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-12 00:18:51 25893376 -c--a-w- C:\Samsung AllShare.msi
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-01-26 10:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe
.
============= FINISH: 22:07:25.26 ===============

Attached Files


Edited by darkchild101, 26 April 2012 - 07:12 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 28 April 2012 - 02:45 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 28 April 2012 - 02:53 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 28 April 2012 - 09:10 PM

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
SUPERAntiSpyware
Secunia PSI (2.0.0.3003)
CCleaner
JavaFX 2.0.3
Java™ 6 Update 31
Java™ 7 Update 3
Adobe Flash Player 11.2.202.233
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 28 April 2012 - 09:16 PM

Hello


let me have the report from combofix when it is complete
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 29 April 2012 - 10:51 AM

ComboFix 12-04-28.01 - Tendai 29/04/2012 16:22:02.6.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.767 [GMT 1:00]
Running from: c:\users\Tendai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV2HV9KE\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tendai\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\3DAudio.ax
c:\windows\system32\bdaplgin.ax
c:\windows\system32\cero.rs
c:\windows\system32\declrds.ax
c:\windows\system32\esrb.rs
c:\windows\system32\g711codc.ax
c:\windows\system32\grb.rs
c:\windows\system32\iac25_32.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\Kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\Mpeg2Data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\MSNP.ax
c:\windows\system32\muzdecode.ax
c:\windows\system32\muzeffect.ax
c:\windows\system32\muzmp4sp.ax
c:\windows\system32\muzmpgsp.ax
c:\windows\system32\muzoggsp.ax
c:\windows\system32\oflc.rs
c:\windows\system32\pegi-fi.rs
c:\windows\system32\pegi-pt.rs
c:\windows\system32\pegi.rs
c:\windows\system32\pegibbfc.rs
c:\windows\system32\psisrndr.ax
c:\windows\system32\usk.rs
c:\windows\system32\VBICodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\WEB.rs
c:\windows\system32\WSTPager.ax
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 15:31 . 2012-04-29 15:35 -------- d-----w- c:\users\Tendai\AppData\Local\temp
2012-04-29 15:31 . 2012-04-29 15:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-29 15:31 . 2012-04-29 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 02:34 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E22F23E-499E-4B3A-A02F-3C197E74B3CD}\mpengine.dll
2012-04-28 16:08 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-19 00:11 . 2012-04-19 00:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:11 . 2012-04-19 00:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 19:33 . 2012-04-15 20:30 133208 ----a-w- c:\windows\system32\drivers\11363129.sys
2012-04-14 22:56 . 2012-04-14 23:04 -------- d-----w- c:\users\Tendai\AppData\Roaming\Audacity
2012-04-13 03:03 . 2012-04-22 19:47 -------- d-----w- c:\users\Tendai\AppData\Roaming\Media Player Classic
2012-04-11 00:18 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 00:17 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 00:17 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 00:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:17 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 00:16 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 00:16 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 23:45 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 21:41 . 2012-04-19 12:05 -------- d-----w- c:\program files\Essentials Codec Pack
2012-04-06 01:37 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2012-04-06 01:37 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2012-04-06 01:37 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2012-04-06 01:37 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-04-06 01:37 . 2010-04-27 02:25 123776 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2012-04-06 01:37 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2012-04-06 01:37 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-04-06 01:35 . 2010-07-04 18:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2012-04-06 01:35 . 2010-06-14 08:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2012-04-06 01:35 . 2010-06-14 08:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2012-04-06 00:51 . 2012-04-06 00:51 -------- dc----w- C:\Download
2012-04-06 00:46 . 2012-04-06 00:46 -------- dc----w- C:\AllShare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-08-13 14:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 00:16 . 2012-01-25 02:36 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-26 00:15 . 2012-01-25 02:36 88 --sh--r- c:\programdata\E0C60D2CBC.sys
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 19:44 . 2011-04-27 14:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-12 00:18 . 2012-03-12 00:21 25893376 -c--a-w- C:\Samsung AllShare.msi
2012-02-14 15:45 . 2012-03-15 02:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-15 02:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-15 02:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-15 02:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-15 02:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 18:53 . 2012-02-10 18:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9546D6B6-4965-4CCD-9B9A-C3ACB2544BE9}\gapaengine.dll
2012-02-02 15:16 . 2012-03-15 02:04 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-06-15 02:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 01:15 . 2012-03-11 23:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 01:15 . 2012-01-31 01:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 01:15 . 2012-01-31 01:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 01:15 . 2012-01-31 01:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 01:15 . 2012-01-31 01:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 01:15 . 2012-01-31 01:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 01:15 . 2012-01-31 01:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 01:15 . 2012-01-31 01:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 01:15 . 2012-01-31 01:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 01:15 . 2012-01-31 01:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 01:15 . 2012-03-11 23:09 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 01:15 . 2012-03-11 23:09 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-01-31 01:15 . 2012-03-11 23:09 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 01:15 . 2012-01-31 01:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 01:15 . 2012-01-31 01:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 01:15 . 2012-01-31 01:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 01:15 . 2012-01-31 01:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 01:15 . 2012-01-31 01:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 01:15 . 2012-01-31 01:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 01:15 . 2012-01-31 01:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 01:15 . 2012-01-31 01:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 01:15 . 2012-01-31 01:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 01:15 . 2012-01-31 01:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2010-01-26 10:11 . 2012-02-04 19:14 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-03-13 04:39 . 2012-04-13 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17146504]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Tendai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_11363129.lnk - c:\users\Tendai\AppData\Local\temp\_uninst_11363129.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-10-17 45056]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 17:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 13:09 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 16:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-01 15:37 3772416 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 19:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2006-12-15 17:11 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2006-12-13 14:42 554640 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Volume Indicator]
2006-12-13 09:33 94208 ----a-w- c:\program files\TOSHIBA\Utilities\VolControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-14 19:07 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
S0 11363129;11363129;c:\windows\system32\DRIVERS\11363129.sys [2012-04-15 133208]
S1 38013711;38013711;c:\windows\system32\DRIVERS\38013711.sys [2009-09-25 128016]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-17 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 00:11]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox/131245e70ac32cba
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\0tep400u.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\04\0d\00,-H"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Toshiba TEMPRO\TemproSvc.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\Synaptics\Scrybe\scrybe.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-04-29 16:47:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 15:47
.
Pre-Run: 14,954,090,496 bytes free
Post-Run: 14,993,985,536 bytes free
.
- - End Of File - - ABF35041DE0DAEF892D566F08AD0D49D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 April 2012 - 11:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 29 April 2012 - 11:33 AM

17:29:01.0870 4248 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:29:02.0063 4248 ============================================================
17:29:02.0063 4248 Current date / time: 2012/04/29 17:29:02.0063
17:29:02.0063 4248 SystemInfo:
17:29:02.0063 4248
17:29:02.0063 4248 OS Version: 6.0.6002 ServicePack: 2.0
17:29:02.0063 4248 Product type: Workstation
17:29:02.0063 4248 ComputerName: TENDAI-PC
17:29:02.0064 4248 UserName: Tendai
17:29:02.0064 4248 Windows directory: C:\Windows
17:29:02.0064 4248 System windows directory: C:\Windows
17:29:02.0064 4248 Processor architecture: Intel x86
17:29:02.0064 4248 Number of processors: 1
17:29:02.0064 4248 Page size: 0x1000
17:29:02.0064 4248 Boot type: Normal boot
17:29:02.0064 4248 ============================================================
17:29:05.0065 4248 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:29:05.0068 4248 ============================================================
17:29:05.0068 4248 \Device\Harddisk0\DR0:
17:29:05.0080 4248 MBR partitions:
17:29:05.0080 4248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6CD8800
17:29:05.0080 4248 ============================================================
17:29:05.0136 4248 C: <-> \Device\Harddisk0\DR0\Partition0
17:29:05.0136 4248 ============================================================
17:29:05.0136 4248 Initialize success
17:29:05.0136 4248 ============================================================
17:29:27.0753 1912 ============================================================
17:29:27.0753 1912 Scan started
17:29:27.0753 1912 Mode: Manual;
17:29:27.0753 1912 ============================================================
17:29:28.0399 1912 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:29:28.0402 1912 !SASCORE - ok
17:29:28.0705 1912 11363129 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\11363129.sys
17:29:28.0711 1912 11363129 - ok
17:29:28.0815 1912 38013711 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\38013711.sys
17:29:28.0932 1912 38013711 - ok
17:29:29.0119 1912 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
17:29:29.0122 1912 61883 - ok
17:29:29.0356 1912 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:29:29.0362 1912 ACPI - ok
17:29:29.0503 1912 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:29.0509 1912 AdobeFlashPlayerUpdateSvc - ok
17:29:29.0742 1912 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:29:29.0760 1912 adp94xx - ok
17:29:29.0832 1912 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:29:29.0850 1912 adpahci - ok
17:29:29.0892 1912 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:29:29.0895 1912 adpu160m - ok
17:29:29.0977 1912 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:29:29.0981 1912 adpu320 - ok
17:29:30.0037 1912 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:29:30.0039 1912 AeLookupSvc - ok
17:29:30.0281 1912 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:29:30.0343 1912 AFD - ok
17:29:30.0371 1912 AgereModemAudio (1cb677bf1dabd3baf4f944e2c90d6c73) C:\Windows\system32\agrsmsvc.exe
17:29:30.0372 1912 AgereModemAudio - ok
17:29:30.0561 1912 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
17:29:30.0631 1912 AgereSoftModem - ok
17:29:30.0668 1912 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:29:30.0670 1912 agp440 - ok
17:29:30.0701 1912 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:29:30.0704 1912 aic78xx - ok
17:29:31.0242 1912 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
17:29:31.0242 1912 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
17:29:31.0265 1912 Akamai ( HiddenFile.Multi.Generic ) - warning
17:29:31.0265 1912 Akamai - detected HiddenFile.Multi.Generic (1)
17:29:31.0484 1912 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:29:31.0488 1912 ALG - ok
17:29:31.0640 1912 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:29:31.0641 1912 aliide - ok
17:29:31.0679 1912 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:29:31.0681 1912 amdagp - ok
17:29:31.0736 1912 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:29:31.0738 1912 amdide - ok
17:29:31.0791 1912 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:29:31.0793 1912 AmdK7 - ok
17:29:31.0830 1912 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:29:31.0832 1912 AmdK8 - ok
17:29:31.0898 1912 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:29:31.0899 1912 Appinfo - ok
17:29:32.0113 1912 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:29:32.0121 1912 Apple Mobile Device - ok
17:29:32.0170 1912 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:29:32.0173 1912 arc - ok
17:29:32.0229 1912 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:29:32.0232 1912 arcsas - ok
17:29:32.0347 1912 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:29:32.0349 1912 AsyncMac - ok
17:29:32.0730 1912 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:29:32.0730 1912 atapi - ok
17:29:32.0908 1912 athr (69660af85f35a658d258fc8567318328) C:\Windows\system32\DRIVERS\athr.sys
17:29:32.0956 1912 athr - ok
17:29:33.0060 1912 Ati External Event Utility (cdab1fb2ac6160ef35b44d6337a04dd4) C:\Windows\system32\Ati2evxx.exe
17:29:33.0067 1912 Ati External Event Utility - ok
17:29:33.0154 1912 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:29:33.0176 1912 AudioEndpointBuilder - ok
17:29:33.0195 1912 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:29:33.0200 1912 Audiosrv - ok
17:29:33.0290 1912 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
17:29:33.0293 1912 Avc - ok
17:29:33.0702 1912 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
17:29:33.0774 1912 BecHelperService - ok
17:29:34.0050 1912 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:29:34.0051 1912 Beep - ok
17:29:34.0197 1912 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:29:34.0206 1912 BFE - ok
17:29:34.0327 1912 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
17:29:34.0341 1912 BITS - ok
17:29:34.0373 1912 blbdrive - ok
17:29:34.0504 1912 BoiHwsetup (e55df0e45b80871199410aae44233548) C:\Windows\system32\drivers\BoiHwSetup.sys
17:29:34.0505 1912 BoiHwsetup - ok
17:29:34.0748 1912 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:29:34.0773 1912 Bonjour Service - ok
17:29:34.0878 1912 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:29:34.0889 1912 bowser - ok
17:29:34.0939 1912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:29:34.0941 1912 BrFiltLo - ok
17:29:34.0970 1912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:29:34.0971 1912 BrFiltUp - ok
17:29:35.0044 1912 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:29:35.0046 1912 Browser - ok
17:29:35.0088 1912 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:29:35.0090 1912 Brserid - ok
17:29:35.0148 1912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:29:35.0150 1912 BrSerWdm - ok
17:29:35.0216 1912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:29:35.0217 1912 BrUsbMdm - ok
17:29:35.0299 1912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:29:35.0300 1912 BrUsbSer - ok
17:29:35.0332 1912 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:29:35.0334 1912 BTHMODEM - ok
17:29:35.0425 1912 catchme - ok
17:29:35.0900 1912 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:29:35.0904 1912 cdfs - ok
17:29:35.0983 1912 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:29:35.0988 1912 cdrom - ok
17:29:36.0045 1912 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:29:36.0047 1912 CertPropSvc - ok
17:29:36.0249 1912 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
17:29:36.0258 1912 CFSvcs - ok
17:29:36.0315 1912 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:29:36.0317 1912 circlass - ok
17:29:36.0377 1912 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:29:36.0383 1912 CLFS - ok
17:29:36.0527 1912 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:36.0530 1912 clr_optimization_v2.0.50727_32 - ok
17:29:37.0117 1912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:29:37.0123 1912 clr_optimization_v4.0.30319_32 - ok
17:29:37.0218 1912 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:29:37.0221 1912 CmBatt - ok
17:29:37.0282 1912 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:29:37.0284 1912 cmdide - ok
17:29:37.0333 1912 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:29:37.0334 1912 Compbatt - ok
17:29:37.0374 1912 COMSysApp - ok
17:29:37.0395 1912 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:29:37.0396 1912 crcdisk - ok
17:29:37.0455 1912 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:29:37.0457 1912 Crusoe - ok
17:29:37.0574 1912 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:29:37.0578 1912 CryptSvc - ok
17:29:37.0706 1912 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:29:37.0715 1912 DcomLaunch - ok
17:29:37.0762 1912 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:29:37.0765 1912 DfsC - ok
17:29:38.0023 1912 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:29:38.0178 1912 DFSR - ok
17:29:38.0382 1912 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:29:38.0390 1912 Dhcp - ok
17:29:38.0517 1912 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:29:38.0521 1912 disk - ok
17:29:38.0616 1912 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:29:38.0621 1912 Dnscache - ok
17:29:38.0680 1912 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:29:38.0687 1912 dot3svc - ok
17:29:38.0742 1912 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:29:38.0745 1912 DPS - ok
17:29:38.0796 1912 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:29:38.0797 1912 drmkaud - ok
17:29:38.0964 1912 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:29:38.0991 1912 DXGKrnl - ok
17:29:39.0069 1912 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:29:39.0073 1912 E1G60 - ok
17:29:39.0207 1912 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:29:39.0210 1912 EapHost - ok
17:29:39.0275 1912 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:29:39.0280 1912 Ecache - ok
17:29:39.0387 1912 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:29:39.0395 1912 elxstor - ok
17:29:39.0840 1912 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:29:39.0856 1912 EMDMgmt - ok
17:29:39.0949 1912 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:29:39.0954 1912 EventSystem - ok
17:29:39.0992 1912 ewusbnet - ok
17:29:40.0010 1912 ew_hwusbdev - ok
17:29:40.0063 1912 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:29:40.0067 1912 exfat - ok
17:29:40.0128 1912 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:29:40.0132 1912 fastfat - ok
17:29:40.0214 1912 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:29:40.0216 1912 fdc - ok
17:29:40.0286 1912 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:29:40.0289 1912 fdPHost - ok
17:29:40.0337 1912 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:29:40.0340 1912 FDResPub - ok
17:29:40.0384 1912 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:29:40.0388 1912 FileInfo - ok
17:29:40.0443 1912 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:29:40.0446 1912 Filetrace - ok
17:29:40.0521 1912 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:29:40.0523 1912 flpydisk - ok
17:29:40.0571 1912 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:29:40.0582 1912 FltMgr - ok
17:29:40.0746 1912 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:29:40.0811 1912 FontCache - ok
17:29:40.0959 1912 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:40.0962 1912 FontCache3.0.0.0 - ok
17:29:41.0015 1912 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
17:29:41.0017 1912 FsUsbExDisk - ok
17:29:41.0497 1912 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe
17:29:41.0503 1912 FsUsbExService - ok
17:29:41.0599 1912 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:29:41.0600 1912 Fs_Rec - ok
17:29:41.0673 1912 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:29:41.0676 1912 gagp30kx - ok
17:29:41.0768 1912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:29:41.0773 1912 GEARAspiWDM - ok
17:29:41.0941 1912 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:29:42.0016 1912 gpsvc - ok
17:29:42.0459 1912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:29:42.0463 1912 gupdate - ok
17:29:42.0481 1912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:29:42.0483 1912 gupdatem - ok
17:29:42.0657 1912 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:29:42.0665 1912 gusvc - ok
17:29:42.0727 1912 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:29:42.0734 1912 HdAudAddService - ok
17:29:42.0870 1912 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:29:42.0901 1912 HDAudBus - ok
17:29:42.0938 1912 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:29:42.0940 1912 HidBth - ok
17:29:43.0027 1912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:29:43.0029 1912 HidIr - ok
17:29:43.0131 1912 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
17:29:43.0134 1912 hidserv - ok
17:29:43.0182 1912 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:29:43.0184 1912 HidUsb - ok
17:29:43.0256 1912 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:29:43.0261 1912 hkmsvc - ok
17:29:43.0321 1912 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:29:43.0325 1912 HpCISSs - ok
17:29:43.0452 1912 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
17:29:43.0481 1912 HTTP - ok
17:29:43.0525 1912 huawei_cdcacm - ok
17:29:43.0554 1912 huawei_enumerator - ok
17:29:43.0592 1912 hwdatacard - ok
17:29:43.0658 1912 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:29:43.0660 1912 i2omp - ok
17:29:43.0773 1912 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:29:43.0775 1912 i8042prt - ok
17:29:43.0899 1912 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:29:43.0905 1912 iaStorV - ok
17:29:44.0078 1912 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:29:44.0081 1912 IDriverT - ok
17:29:44.0351 1912 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:44.0410 1912 idsvc - ok
17:29:44.0449 1912 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:29:44.0454 1912 iirsp - ok
17:29:44.0802 1912 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:29:44.0814 1912 IKEEXT - ok
17:29:45.0122 1912 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
17:29:45.0199 1912 IntcAzAudAddService - ok
17:29:45.0394 1912 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:29:45.0394 1912 intelide - ok
17:29:45.0453 1912 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:29:45.0455 1912 intelppm - ok
17:29:45.0541 1912 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:29:45.0545 1912 IPBusEnum - ok
17:29:45.0623 1912 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:29:45.0625 1912 IpFilterDriver - ok
17:29:45.0677 1912 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:29:45.0684 1912 iphlpsvc - ok
17:29:45.0701 1912 IpInIp - ok
17:29:45.0735 1912 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:29:45.0745 1912 IPMIDRV - ok
17:29:45.0814 1912 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:29:45.0818 1912 IPNAT - ok
17:29:45.0974 1912 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:29:46.0027 1912 iPod Service - ok
17:29:46.0072 1912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:29:46.0074 1912 IRENUM - ok
17:29:46.0170 1912 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:29:46.0173 1912 isapnp - ok
17:29:46.0241 1912 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:29:46.0246 1912 iScsiPrt - ok
17:29:46.0294 1912 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:29:46.0296 1912 iteatapi - ok
17:29:46.0334 1912 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:29:46.0336 1912 iteraid - ok
17:29:46.0396 1912 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:29:46.0397 1912 kbdclass - ok
17:29:46.0447 1912 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:29:46.0449 1912 kbdhid - ok
17:29:46.0560 1912 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:29:46.0563 1912 KeyIso - ok
17:29:46.0633 1912 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
17:29:46.0641 1912 KR10I - ok
17:29:46.0700 1912 KR10N (0f9e83709cbb60b1549f3a65d0ab6e4f) C:\Windows\system32\drivers\kr10n.sys
17:29:46.0706 1912 KR10N - ok
17:29:46.0766 1912 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:29:46.0791 1912 KSecDD - ok
17:29:46.0899 1912 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:29:46.0910 1912 KtmRm - ok
17:29:46.0988 1912 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
17:29:47.0005 1912 LanmanServer - ok
17:29:47.0394 1912 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:29:47.0403 1912 LanmanWorkstation - ok
17:29:47.0615 1912 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:29:47.0620 1912 lltdio - ok
17:29:47.0847 1912 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:29:47.0869 1912 lltdsvc - ok
17:29:47.0972 1912 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:29:47.0975 1912 lmhosts - ok
17:29:48.0068 1912 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:29:48.0088 1912 LSI_FC - ok
17:29:48.0184 1912 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:29:48.0187 1912 LSI_SAS - ok
17:29:48.0270 1912 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:29:48.0273 1912 LSI_SCSI - ok
17:29:48.0524 1912 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:29:48.0528 1912 luafv - ok
17:29:48.0648 1912 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
17:29:48.0661 1912 massfilter - ok
17:29:48.0771 1912 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:29:48.0781 1912 megasas - ok
17:29:48.0874 1912 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:29:48.0878 1912 MMCSS - ok
17:29:48.0971 1912 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:29:48.0974 1912 Modem - ok
17:29:49.0128 1912 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:29:49.0134 1912 monitor - ok
17:29:49.0233 1912 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:29:49.0235 1912 mouclass - ok
17:29:49.0295 1912 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:29:49.0307 1912 mouhid - ok
17:29:49.0409 1912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:29:49.0411 1912 MountMgr - ok
17:29:49.0716 1912 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:29:49.0735 1912 MpFilter - ok
17:29:49.0829 1912 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:29:49.0853 1912 mpio - ok
17:29:49.0903 1912 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:29:49.0906 1912 mpsdrv - ok
17:29:50.0017 1912 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:29:50.0048 1912 MpsSvc - ok
17:29:50.0080 1912 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:29:50.0083 1912 Mraid35x - ok
17:29:50.0166 1912 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:29:50.0170 1912 MRxDAV - ok
17:29:50.0297 1912 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:29:50.0299 1912 mrxsmb - ok
17:29:50.0374 1912 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:29:50.0380 1912 mrxsmb10 - ok
17:29:50.0425 1912 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:29:50.0427 1912 mrxsmb20 - ok
17:29:50.0489 1912 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:29:50.0492 1912 msahci - ok
17:29:50.0554 1912 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:29:50.0572 1912 msdsm - ok
17:29:50.0675 1912 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:29:50.0728 1912 MSDTC - ok
17:29:50.0872 1912 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
17:29:50.0875 1912 MSDV - ok
17:29:50.0947 1912 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:29:50.0949 1912 Msfs - ok
17:29:51.0042 1912 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:29:51.0043 1912 msisadrv - ok
17:29:51.0110 1912 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:29:51.0115 1912 MSiSCSI - ok
17:29:51.0134 1912 msiserver - ok
17:29:51.0203 1912 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:29:51.0205 1912 MSKSSRV - ok
17:29:51.0495 1912 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:29:51.0496 1912 MsMpSvc - ok
17:29:51.0582 1912 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:29:51.0599 1912 MSPCLOCK - ok
17:29:51.0679 1912 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:29:51.0736 1912 MSPQM - ok
17:29:51.0857 1912 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:29:51.0863 1912 MsRPC - ok
17:29:51.0923 1912 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:29:51.0926 1912 mssmbios - ok
17:29:51.0974 1912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:29:51.0976 1912 MSTEE - ok
17:29:52.0043 1912 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:29:52.0047 1912 Mup - ok
17:29:52.0164 1912 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:29:52.0193 1912 napagent - ok
17:29:52.0359 1912 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:29:52.0364 1912 NativeWifiP - ok
17:29:52.0624 1912 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:29:52.0631 1912 NDIS - ok
17:29:52.0706 1912 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:29:52.0708 1912 NdisTapi - ok
17:29:52.0787 1912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:29:52.0789 1912 Ndisuio - ok
17:29:53.0000 1912 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:29:53.0004 1912 NdisWan - ok
17:29:53.0052 1912 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:29:53.0059 1912 NDProxy - ok
17:29:53.0087 1912 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:29:53.0090 1912 NetBIOS - ok
17:29:53.0377 1912 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:29:53.0401 1912 netbt - ok
17:29:53.0523 1912 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:29:53.0536 1912 Netlogon - ok
17:29:53.0999 1912 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:29:54.0006 1912 Netman - ok
17:29:54.0135 1912 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:29:54.0143 1912 netprofm - ok
17:29:54.0266 1912 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:54.0270 1912 NetTcpPortSharing - ok
17:29:54.0346 1912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:29:54.0348 1912 nfrd960 - ok
17:29:54.0469 1912 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:29:54.0473 1912 NisDrv - ok
17:29:54.0868 1912 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:29:54.0875 1912 NisSrv - ok
17:29:55.0070 1912 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:29:55.0089 1912 NlaSvc - ok
17:29:55.0305 1912 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
17:29:55.0317 1912 nosGetPlusHelper - ok
17:29:55.0460 1912 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\NPF.sys
17:29:55.0463 1912 NPF - ok
17:29:55.0521 1912 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:29:55.0523 1912 Npfs - ok
17:29:55.0585 1912 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:29:55.0590 1912 nsi - ok
17:29:55.0670 1912 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:29:55.0671 1912 nsiproxy - ok
17:29:55.0888 1912 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:29:55.0903 1912 Ntfs - ok
17:29:55.0962 1912 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:29:55.0966 1912 ntrigdigi - ok
17:29:56.0047 1912 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:29:56.0048 1912 Null - ok
17:29:56.0114 1912 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:29:56.0135 1912 nvraid - ok
17:29:56.0187 1912 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:29:56.0189 1912 nvstor - ok
17:29:56.0233 1912 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:29:56.0279 1912 nv_agp - ok
17:29:56.0299 1912 NwlnkFlt - ok
17:29:56.0320 1912 NwlnkFwd - ok
17:29:56.0427 1912 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:29:56.0431 1912 ohci1394 - ok
17:29:56.0649 1912 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:29:56.0682 1912 p2pimsvc - ok
17:29:56.0714 1912 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:29:56.0727 1912 p2psvc - ok
17:29:56.0849 1912 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:29:56.0853 1912 Parport - ok
17:29:56.0943 1912 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:29:56.0946 1912 partmgr - ok
17:29:57.0011 1912 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:29:57.0013 1912 Parvdm - ok
17:29:57.0060 1912 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:29:57.0065 1912 PcaSvc - ok
17:29:57.0125 1912 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:29:57.0130 1912 pci - ok
17:29:57.0164 1912 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:29:57.0166 1912 pciide - ok
17:29:57.0215 1912 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
17:29:57.0222 1912 pcmcia - ok
17:29:57.0437 1912 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:29:57.0464 1912 PEAUTH - ok
17:29:57.0515 1912 pfc - ok
17:29:57.0787 1912 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:29:57.0848 1912 pla - ok
17:29:58.0434 1912 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:29:58.0451 1912 PlugPlay - ok
17:29:58.0563 1912 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:29:58.0600 1912 PNRPAutoReg - ok
17:29:58.0625 1912 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:29:58.0641 1912 PNRPsvc - ok
17:29:59.0011 1912 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:29:59.0025 1912 PolicyAgent - ok
17:29:59.0173 1912 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:29:59.0174 1912 PptpMiniport - ok
17:29:59.0254 1912 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:29:59.0257 1912 Processor - ok
17:29:59.0336 1912 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:29:59.0344 1912 ProfSvc - ok
17:29:59.0415 1912 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:29:59.0422 1912 ProtectedStorage - ok
17:29:59.0556 1912 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:29:59.0558 1912 PSched - ok
17:29:59.0658 1912 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
17:29:59.0660 1912 PSI - ok
17:29:59.0748 1912 qkbfiltr (63591bf8b30ba8891ee69f53f03495f6) C:\Windows\system32\DRIVERS\qkbfiltr.sys
17:29:59.0749 1912 qkbfiltr - ok
17:29:59.0910 1912 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:29:59.0982 1912 ql2300 - ok
17:30:00.0048 1912 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:30:00.0053 1912 ql40xx - ok
17:30:00.0163 1912 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:30:00.0186 1912 QWAVE - ok
17:30:00.0420 1912 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:30:00.0422 1912 QWAVEdrv - ok
17:30:01.0025 1912 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
17:30:01.0102 1912 R300 - ok
17:30:01.0399 1912 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
17:30:01.0402 1912 RapiMgr - ok
17:30:01.0979 1912 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:30:01.0981 1912 RasAcd - ok
17:30:02.0060 1912 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:30:02.0066 1912 RasAuto - ok
17:30:02.0138 1912 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:02.0139 1912 Rasl2tp - ok
17:30:02.0224 1912 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:30:02.0234 1912 RasMan - ok
17:30:02.0295 1912 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:02.0298 1912 RasPppoe - ok
17:30:02.0348 1912 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:30:02.0350 1912 RasSstp - ok
17:30:02.0468 1912 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:30:02.0475 1912 rdbss - ok
17:30:02.0626 1912 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:02.0628 1912 RDPCDD - ok
17:30:02.0698 1912 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:30:02.0706 1912 rdpdr - ok
17:30:02.0730 1912 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:30:02.0732 1912 RDPENCDD - ok
17:30:02.0811 1912 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:30:02.0816 1912 RDPWD - ok
17:30:02.0897 1912 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:30:02.0902 1912 RemoteAccess - ok
17:30:03.0000 1912 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:30:03.0006 1912 RemoteRegistry - ok
17:30:03.0394 1912 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared files\RichVideo.exe
17:30:03.0400 1912 RichVideo - ok
17:30:03.0464 1912 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:30:03.0467 1912 RpcLocator - ok
17:30:03.0635 1912 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
17:30:03.0643 1912 RpcSs - ok
17:30:03.0700 1912 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:30:03.0702 1912 rspndr - ok
17:30:03.0765 1912 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:30:03.0767 1912 RTL8023xp - ok
17:30:03.0893 1912 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:30:03.0896 1912 SamSs - ok
17:30:04.0119 1912 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:30:04.0121 1912 SASDIFSV - ok
17:30:04.0157 1912 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:30:04.0160 1912 SASKUTIL - ok
17:30:04.0224 1912 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:30:04.0227 1912 sbp2port - ok
17:30:04.0290 1912 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:30:04.0296 1912 SCardSvr - ok
17:30:04.0402 1912 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:30:04.0427 1912 Schedule - ok
17:30:04.0465 1912 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:30:04.0466 1912 SCPolicySvc - ok
17:30:04.0761 1912 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
17:30:04.0807 1912 ScrybeUpdater - ok
17:30:04.0986 1912 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:30:04.0993 1912 SDRSVC - ok
17:30:05.0089 1912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:30:05.0090 1912 secdrv - ok
17:30:05.0211 1912 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:30:05.0215 1912 seclogon - ok
17:30:05.0415 1912 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
17:30:05.0425 1912 Secunia PSI Agent - ok
17:30:05.0490 1912 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
17:30:05.0509 1912 Secunia Update Agent - ok
17:30:05.0727 1912 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
17:30:05.0733 1912 SENS - ok
17:30:05.0803 1912 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:30:05.0805 1912 Serenum - ok
17:30:05.0848 1912 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:30:05.0852 1912 Serial - ok
17:30:05.0912 1912 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:30:05.0914 1912 sermouse - ok
17:30:06.0056 1912 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:30:06.0062 1912 SessionEnv - ok
17:30:06.0091 1912 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:30:06.0093 1912 sffdisk - ok
17:30:06.0128 1912 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:30:06.0130 1912 sffp_mmc - ok
17:30:06.0164 1912 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:30:06.0166 1912 sffp_sd - ok
17:30:06.0261 1912 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:30:06.0263 1912 sfloppy - ok
17:30:06.0346 1912 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:30:06.0357 1912 SharedAccess - ok
17:30:06.0484 1912 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:30:06.0491 1912 ShellHWDetection - ok
17:30:06.0555 1912 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:30:06.0558 1912 sisagp - ok
17:30:06.0612 1912 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:30:06.0614 1912 SiSRaid2 - ok
17:30:06.0697 1912 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:30:06.0700 1912 SiSRaid4 - ok
17:30:07.0110 1912 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:30:07.0245 1912 slsvc - ok
17:30:07.0414 1912 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:30:07.0420 1912 SLUINotify - ok
17:30:07.0545 1912 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:30:07.0548 1912 Smb - ok
17:30:07.0679 1912 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:30:07.0685 1912 SNMPTRAP - ok
17:30:07.0750 1912 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:30:07.0752 1912 spldr - ok
17:30:07.0831 1912 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:30:07.0835 1912 Spooler - ok
17:30:07.0901 1912 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:30:07.0909 1912 srv - ok
17:30:07.0999 1912 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:30:08.0003 1912 srv2 - ok
17:30:08.0061 1912 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:08.0065 1912 srvnet - ok
17:30:08.0145 1912 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:30:08.0150 1912 SSDPSRV - ok
17:30:08.0213 1912 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:30:08.0221 1912 SstpSvc - ok
17:30:08.0349 1912 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\Windows\system32\DRIVERS\ss_bus.sys
17:30:08.0353 1912 ss_bus - ok
17:30:08.0511 1912 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\Windows\system32\DRIVERS\ss_mdfl.sys
17:30:08.0591 1912 ss_mdfl - ok
17:30:08.0847 1912 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\Windows\system32\DRIVERS\ss_mdm.sys
17:30:08.0852 1912 ss_mdm - ok
17:30:08.0929 1912 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:30:08.0938 1912 stisvc - ok
17:30:08.0991 1912 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:30:08.0993 1912 swenum - ok
17:30:09.0079 1912 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:30:09.0103 1912 swprv - ok
17:30:09.0149 1912 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:30:09.0153 1912 Symc8xx - ok
17:30:09.0189 1912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:30:09.0191 1912 Sym_hi - ok
17:30:09.0219 1912 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:30:09.0240 1912 Sym_u3 - ok
17:30:09.0407 1912 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\Windows\system32\DRIVERS\SynTP.sys
17:30:09.0486 1912 SynTP - ok
17:30:09.0703 1912 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:30:09.0729 1912 SysMain - ok
17:30:09.0813 1912 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:30:09.0820 1912 TabletInputService - ok
17:30:09.0902 1912 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:30:09.0908 1912 TapiSrv - ok
17:30:09.0983 1912 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:30:09.0989 1912 TBS - ok
17:30:10.0186 1912 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
17:30:10.0197 1912 Tcpip - ok
17:30:10.0237 1912 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:10.0246 1912 Tcpip6 - ok
17:30:10.0317 1912 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
17:30:10.0319 1912 tcpipreg - ok
17:30:10.0389 1912 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:30:10.0391 1912 tdcmdpst - ok
17:30:10.0468 1912 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:30:10.0470 1912 TDPIPE - ok
17:30:10.0524 1912 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:30:10.0527 1912 TDTCP - ok
17:30:10.0596 1912 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:30:10.0600 1912 tdx - ok
17:30:10.0740 1912 TemproMonitoringService (c1a2e886c8e68b1eeaa57a53309aef67) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
17:30:10.0742 1912 TemproMonitoringService - ok
17:30:10.0806 1912 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:30:10.0809 1912 TermDD - ok
17:30:10.0928 1912 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:30:10.0937 1912 TermService - ok
17:30:11.0062 1912 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:30:11.0068 1912 Themes - ok
17:30:11.0154 1912 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:30:11.0157 1912 THREADORDER - ok
17:30:11.0290 1912 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
17:30:11.0300 1912 TODDSrv - ok
17:30:11.0474 1912 TosCoSrv (fe267a802103687e45de449be05ce87c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:30:11.0493 1912 TosCoSrv - ok
17:30:11.0569 1912 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:30:11.0574 1912 TrkWks - ok
17:30:11.0664 1912 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:30:11.0665 1912 TrustedInstaller - ok
17:30:11.0793 1912 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:11.0795 1912 tssecsrv - ok
17:30:11.0885 1912 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:30:11.0887 1912 tunmp - ok
17:30:12.0070 1912 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:12.0146 1912 tunnel - ok
17:30:12.0254 1912 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:30:12.0265 1912 TVALZ - ok
17:30:12.0319 1912 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:30:12.0321 1912 uagp35 - ok
17:30:12.0393 1912 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:30:12.0399 1912 udfs - ok
17:30:12.0545 1912 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:30:12.0553 1912 UI0Detect - ok
17:30:12.0614 1912 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:30:12.0618 1912 uliagpkx - ok
17:30:12.0679 1912 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:30:12.0687 1912 uliahci - ok
17:30:12.0746 1912 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:30:12.0750 1912 UlSata - ok
17:30:12.0905 1912 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:30:12.0910 1912 ulsata2 - ok
17:30:13.0030 1912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:30:13.0032 1912 umbus - ok
17:30:13.0104 1912 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:30:13.0110 1912 upnphost - ok
17:30:13.0190 1912 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:13.0193 1912 usbccgp - ok
17:30:13.0230 1912 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:30:13.0234 1912 usbcir - ok
17:30:13.0289 1912 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:30:13.0291 1912 usbehci - ok
17:30:13.0355 1912 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:13.0360 1912 usbhub - ok
17:30:13.0558 1912 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:30:13.0560 1912 usbohci - ok
17:30:13.0691 1912 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:13.0692 1912 usbprint - ok
17:30:13.0750 1912 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:30:13.0752 1912 usbscan - ok
17:30:14.0123 1912 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:14.0127 1912 USBSTOR - ok
17:30:14.0297 1912 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:30:14.0299 1912 usbuhci - ok
17:30:14.0715 1912 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:30:14.0722 1912 UxSms - ok
17:30:14.0831 1912 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:30:14.0854 1912 vds - ok
17:30:14.0911 1912 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:14.0914 1912 vga - ok
17:30:14.0957 1912 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:30:14.0960 1912 VgaSave - ok
17:30:15.0025 1912 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:30:15.0027 1912 viaagp - ok
17:30:15.0067 1912 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:30:15.0069 1912 ViaC7 - ok
17:30:15.0138 1912 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:30:15.0140 1912 viaide - ok
17:30:15.0205 1912 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:30:15.0207 1912 volmgr - ok
17:30:15.0276 1912 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:30:15.0284 1912 volmgrx - ok
17:30:15.0382 1912 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:30:15.0387 1912 volsnap - ok
17:30:15.0469 1912 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:30:15.0473 1912 vsmraid - ok
17:30:15.0602 1912 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:30:15.0687 1912 VSS - ok
17:30:15.0774 1912 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:30:15.0781 1912 W32Time - ok
17:30:15.0864 1912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:30:15.0866 1912 WacomPen - ok
17:30:15.0928 1912 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:15.0931 1912 Wanarp - ok
17:30:15.0971 1912 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:15.0977 1912 Wanarpv6 - ok
17:30:16.0149 1912 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
17:30:16.0159 1912 WcesComm - ok
17:30:16.0242 1912 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:30:16.0340 1912 wcncsvc - ok
17:30:16.0383 1912 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:30:16.0389 1912 WcsPlugInService - ok
17:30:16.0477 1912 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:30:16.0480 1912 Wd - ok
17:30:16.0590 1912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:30:16.0608 1912 Wdf01000 - ok
17:30:16.0714 1912 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:30:16.0721 1912 WdiServiceHost - ok
17:30:16.0739 1912 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:30:16.0745 1912 WdiSystemHost - ok
17:30:16.0821 1912 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:30:16.0830 1912 WebClient - ok
17:30:16.0911 1912 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:30:16.0920 1912 Wecsvc - ok
17:30:17.0041 1912 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:30:17.0047 1912 wercplsupport - ok
17:30:17.0112 1912 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:30:17.0120 1912 WerSvc - ok
17:30:17.0266 1912 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:30:17.0273 1912 WinDefend - ok
17:30:17.0311 1912 WinHttpAutoProxySvc - ok
17:30:17.0381 1912 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:30:17.0386 1912 Winmgmt - ok
17:30:17.0595 1912 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:30:17.0655 1912 WinRM - ok
17:30:17.0794 1912 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
17:30:17.0796 1912 winusb - ok
17:30:17.0890 1912 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:30:17.0916 1912 Wlansvc - ok
17:30:18.0007 1912 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:30:18.0009 1912 WmiAcpi - ok
17:30:18.0129 1912 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:30:18.0133 1912 wmiApSrv - ok
17:30:18.0339 1912 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:30:18.0372 1912 WMPNetworkSvc - ok
17:30:18.0417 1912 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:30:18.0428 1912 WPCSvc - ok
17:30:18.0516 1912 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:30:18.0523 1912 WPDBusEnum - ok
17:30:18.0637 1912 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:30:18.0639 1912 WpdUsb - ok
17:30:18.0992 1912 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:30:19.0008 1912 WPFFontCache_v0400 - ok
17:30:19.0054 1912 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:19.0056 1912 ws2ifsl - ok
17:30:19.0125 1912 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
17:30:19.0131 1912 wscsvc - ok
17:30:19.0155 1912 WSearch - ok
17:30:19.0489 1912 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:30:19.0613 1912 wuauserv - ok
17:30:19.0957 1912 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:19.0960 1912 WUDFRd - ok
17:30:20.0012 1912 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:30:20.0019 1912 wudfsvc - ok
17:30:20.0127 1912 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:30:20.0131 1912 ZTEusbmdm6k - ok
17:30:20.0200 1912 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:30:20.0204 1912 ZTEusbnmea - ok
17:30:20.0344 1912 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:30:20.0348 1912 ZTEusbser6k - ok
17:30:20.0447 1912 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0
17:30:20.0502 1912 \Device\Harddisk0\DR0 - ok
17:30:20.0518 1912 Boot (0x1200) (1ab8fc2f11760e7f493899d6eed91de1) \Device\Harddisk0\DR0\Partition0
17:30:20.0520 1912 \Device\Harddisk0\DR0\Partition0 - ok
17:30:20.0528 1912 ============================================================
17:30:20.0528 1912 Scan finished
17:30:20.0528 1912 ============================================================
17:30:20.0562 3776 Detected object count: 1
17:30:20.0562 3776 Actual detected object count: 1
17:30:38.0078 3776 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:30:38.0078 3776 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 April 2012 - 11:47 AM

Let me have the aswMBR report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 29 April 2012 - 12:45 PM

Hi is it normal for the computer to freeze while the aswMBR tool scans. The computer froze for a good 15 minutes and it wouldnt respond, the mouse stopped working etc. I had to switch it off and back on again

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 April 2012 - 12:51 PM

Hello

is it normal - no

but then again is it uncommon - again no it happens


try to run it once more and if it does not run just let me know and we will move on



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 29 April 2012 - 12:55 PM

Ok let me try again

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 April 2012 - 01:06 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 29 April 2012 - 01:16 PM

:thumbsup:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 18:41:25
-----------------------------
18:41:25.825 OS Version: Windows 6.0.6002 Service Pack 2
18:41:25.825 Number of processors: 1 586 0xE08
18:41:25.827 ComputerName: TENDAI-PC UserName: Tendai
18:43:07.851 Initialize success
18:43:44.781 AVAST engine defs: 12042900
18:55:55.339 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:55:55.347 Disk 0 Vendor: FUJITSU_MHV2060BH_PL 0000002A Size: 57231MB BusType: 3
18:55:55.372 Disk 0 MBR read successfully
18:55:55.387 Disk 0 MBR scan
18:55:55.420 Disk 0 Windows VISTA default MBR code
18:55:55.450 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:55:55.470 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 55729 MB offset 3074048
18:55:55.486 Disk 0 scanning sectors +117207040
18:55:55.572 Disk 0 scanning C:\Windows\system32\drivers
18:56:14.930 Service scanning
18:57:13.489 Modules scanning
18:57:21.360 Disk 0 trace - called modules:
18:57:21.389 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:57:21.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b7e898]
18:57:21.779 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x84ba5918]
18:57:21.791 5 acpi.sys[8823a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8550d528]
18:57:22.920 AVAST engine scan C:\Windows
18:57:27.922 AVAST engine scan C:\Windows\system32
19:03:38.913 AVAST engine scan C:\Windows\system32\drivers
19:04:13.268 AVAST engine scan C:\Users\Tendai
19:08:20.364 AVAST engine scan C:\ProgramData
19:09:47.876 Scan finished successfully
19:15:47.726 Disk 0 MBR has been saved successfully to "C:\Users\Tendai\Desktop\MBR.dat"
19:15:47.740 The log file has been saved successfully to "C:\Users\Tendai\Desktop\aswMBR.txt"

Edited by darkchild101, 29 April 2012 - 01:16 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 April 2012 - 02:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\windows\system32\drivers\11363129.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users