Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot delete trojan in system restore


  • This topic is locked This topic is locked
22 replies to this topic

#1 lopezprojects

lopezprojects

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 30 April 2012 - 06:24 PM

Hi,

I realised I'd picked up some malware when it sent spam emails to every contact in my address book.
My Panda Cloud anti-virus scan highlighted it was a trojan "A0030162.exe" file in my system restore folder but was unable to neutralise / delete it

Since I've found this (a few days ago) I've done the following:
- Scanned with Malwarebytes (came up clean)
- Scanned with Microsoft Security Essentials (came up clean)
- Scanned with AntiSpyWare (came up clean)
- Used CCleaner (came up clean)
- Turned off system restore, restarted machine, and turned system restore back on (no change)

I saw one entry on Panda Cloud encylopedia that suggested the files in system restore are no longer harmful
but I'd like to know for sure (and ideally get rid of the file altogether).

DDS File
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Louise at 23:40:21 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1466 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\SYSTEM32\Rezip.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Users\Louise\AppData\Roaming\Dmailer\Dmailer_Backup_Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Dmailer_Backup_Manager.exe] c:\users\louise\appdata\roaming\dmailer\Dmailer_Backup_Manager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\louise\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\louise\appdata\roaming\micros~1\windows\startm~1\programs\startup\btguar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\users\louise\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\louise\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\louise\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\louise\appdata\roaming\micros~1\windows\startm~1\programs\startup\palmon~1.lnk - c:\palm\register.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{1374E2F0-E666-4722-8657-870DAF6CC44E} : DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{1374E2F0-E666-4722-8657-870DAF6CC44E}\24564786 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1374E2F0-E666-4722-8657-870DAF6CC44E}\249616473686 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1374E2F0-E666-4722-8657-870DAF6CC44E}\5435359444 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7F23A7EA-FAF6-47F7-B13F-B41A686205C1} : DhcpNameServer = 87.194.255.154 87.194.255.155
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\louise\appdata\roaming\mozilla\firefox\profiles\hs5lej2a.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\louise\appdata\roaming\mozilla\firefox\profiles\hs5lej2a.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\plugins\npLightshot.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-11-23 126216]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-5-15 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-25 654408]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-1-5 144136]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-11-30 112904]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2010-5-15 311296]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-5-15 2320920]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-15 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-5-15 232960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-25 22344]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-25 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-9-25 286248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-25 33320]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-25 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-4-16 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
.
=============== Created Last 30 ================
.
2012-04-30 18:21:06 -------- d-----w- c:\windows\system32\DBBK
2012-04-30 18:11:41 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{460431b8-8d6e-4582-bc9e-6002299dc181}\mpengine.dll
2012-04-30 00:49:31 691 ----a-w- c:\users\louise\appdata\roaming\GetValue.vbs
2012-04-30 00:49:31 35 ----a-w- c:\users\louise\appdata\roaming\SetValue.bat
2012-04-30 00:47:57 8336 ----a-w- c:\windows\system32\tmp.reg
2012-04-30 00:12:18 -------- d-----w- C:\Autoruns
2012-04-29 10:45:17 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-29 07:36:40 -------- d-----w- c:\program files\CCleaner
2012-04-25 23:19:02 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{91cecaf9-085f-416c-86c1-d547a4944640}\gapaengine.dll
2012-04-25 23:13:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-25 23:13:47 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 06:03:37 -------- d-----w- c:\users\louise\appdata\roaming\Malwarebytes
2012-04-25 06:03:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 06:03:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-25 06:03:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-24 23:27:16 -------- d-----w- c:\users\louise\appdata\roaming\SUPERAntiSpyware.com
2012-04-24 23:26:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-24 09:51:28 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ae2492a2-b49e-46b2-aac2-d9eb6d3b928a}\mpengine.dll
2012-04-16 18:49:01 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 18:49:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 18:49:00 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 18:49:00 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-02 21:02:22 -------- d-----w- c:\program files\uTorrent
2012-04-02 21:01:24 -------- d-----w- c:\users\louise\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2012-04-15 16:11:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-15 16:11:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-20 19:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 22:52:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-04-26 21:19:47 80873256 ----a-w- c:\program files\iTunesSetup.exe
.
============= FINISH: 23:41:48.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 01 May 2012 - 12:45 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Microsoft Security Essentials
AV: Panda Cloud Antivirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 01 May 2012 - 07:17 PM

Hi, thanks for the quick reply. I followed all the steps you laid out. Haven't noticed any change in the computer (beyond sending out the initial batch of spam emails I haven't seen anything strange but because the trojan file kept appearing in the Panda Cloud scan I wanted to get it checked out). Log files are pasted below.

Check up log
Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
``````````End of Log````````````


COMBO FIX log
ComboFix 12-05-01.02 - Louise 02/05/2012 0:48.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1819 [GMT 1:00]
Running from: c:\users\Louise\Desktop\Download-to-Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Louise\AppData\Roaming\vso_ts_preview.xml
c:\windows\_detmp.2
c:\windows\system32\tmp.reg
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-01 23:59 . 2012-05-01 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 23:53 . 2012-05-01 23:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE2492A2-B49E-46B2-AAC2-D9EB6D3B928A}\offreg.dll
2012-04-30 18:21 . 2012-04-30 18:56 -------- d-----w- c:\windows\system32\DBBK
2012-04-30 00:49 . 2012-04-30 00:49 691 ----a-w- c:\users\Louise\AppData\Roaming\GetValue.vbs
2012-04-30 00:49 . 2012-04-30 00:49 35 ----a-w- c:\users\Louise\AppData\Roaming\SetValue.bat
2012-04-30 00:12 . 2012-04-30 00:12 -------- d-----w- C:\Autoruns
2012-04-29 07:36 . 2012-04-29 07:36 -------- d-----w- c:\program files\CCleaner
2012-04-25 23:13 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\users\Louise\AppData\Roaming\Malwarebytes
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 23:27 . 2012-04-24 23:27 -------- d-----w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com
2012-04-24 23:26 . 2012-04-24 23:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-24 09:51 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE2492A2-B49E-46B2-AAC2-D9EB6D3B928A}\mpengine.dll
2012-04-16 18:49 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 18:49 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 18:49 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 18:49 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-02 21:02 . 2012-04-02 21:02 -------- d-----w- c:\program files\uTorrent
2012-04-02 21:01 . 2012-04-30 22:22 -------- d-----w- c:\users\Louise\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 16:11 . 2012-03-29 19:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 16:11 . 2011-05-19 20:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 22:52 . 2010-11-21 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-10-09 21:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-16 17:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-16 17:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-16 17:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-16 17:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-16 17:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-16 17:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-16 17:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-16 17:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-16 17:39 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-04-26 21:19 . 2011-04-26 21:20 80873256 ----a-w- c:\program files\iTunesSetup.exe
2012-03-17 18:02 . 2011-08-18 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Dmailer_Backup_Manager.exe"="c:\users\Louise\AppData\Roaming\Dmailer\Dmailer_Backup_Manager.exe" [2011-08-13 28911208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 169496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
.
c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-16 1254912]
Dropbox.lnk - c:\users\Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
palmOne Registration.lnk - c:\palm\register.exe [2005-6-21 2355200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
HotSync Manager.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-17 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-17 33320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:11]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\hs5lej2a.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-02 01:09:27
ComboFix-quarantined-files.txt 2012-05-02 00:09
.
Pre-Run: 29,909,426,176 bytes free
Post-Run: 29,958,225,920 bytes free
.
- - End Of File - - EA2E71D3A1D321BF19D9E989C067017B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 01 May 2012 - 10:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 02 May 2012 - 01:42 AM

Hi, I've run both reports. I didn't have to reboot at all. logs are below as requested:

TDSSKiller log
07:06:24.0719 5260 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
07:06:24.0890 5260 ============================================================
07:06:24.0890 5260 Current date / time: 2012/05/02 07:06:24.0890
07:06:24.0890 5260 SystemInfo:
07:06:24.0890 5260
07:06:24.0890 5260 OS Version: 6.1.7600 ServicePack: 0.0
07:06:24.0890 5260 Product type: Workstation
07:06:24.0890 5260 ComputerName: LOUISE-LAPTOP2
07:06:24.0890 5260 UserName: Louise
07:06:24.0890 5260 Windows directory: C:\windows
07:06:24.0890 5260 System windows directory: C:\windows
07:06:24.0890 5260 Processor architecture: Intel x86
07:06:24.0890 5260 Number of processors: 4
07:06:24.0890 5260 Page size: 0x1000
07:06:24.0890 5260 Boot type: Normal boot
07:06:24.0890 5260 ============================================================
07:06:25.0561 5260 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:06:25.0561 5260 ============================================================
07:06:25.0561 5260 \Device\Harddisk0\DR0:
07:06:25.0561 5260 MBR partitions:
07:06:25.0561 5260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
07:06:25.0561 5260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xE000000
07:06:25.0592 5260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10833000, BlocksNum 0x14BFB000
07:06:25.0592 5260 ============================================================
07:06:25.0639 5260 C: <-> \Device\Harddisk0\DR0\Partition1
07:06:25.0686 5260 D: <-> \Device\Harddisk0\DR0\Partition2
07:06:25.0686 5260 ============================================================
07:06:25.0686 5260 Initialize success
07:06:25.0686 5260 ============================================================
07:06:33.0829 4812 ============================================================
07:06:33.0829 4812 Scan started
07:06:33.0829 4812 Mode: Manual;
07:06:33.0829 4812 ============================================================
07:06:34.0313 4812 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
07:06:34.0313 4812 1394ohci - ok
07:06:34.0344 4812 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
07:06:34.0344 4812 ACPI - ok
07:06:34.0375 4812 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
07:06:34.0375 4812 AcpiPmi - ok
07:06:34.0484 4812 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
07:06:34.0484 4812 Adobe LM Service - ok
07:06:34.0609 4812 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:06:34.0609 4812 AdobeFlashPlayerUpdateSvc - ok
07:06:34.0687 4812 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
07:06:34.0687 4812 adp94xx - ok
07:06:34.0718 4812 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
07:06:34.0718 4812 adpahci - ok
07:06:34.0749 4812 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
07:06:34.0749 4812 adpu320 - ok
07:06:34.0796 4812 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
07:06:34.0796 4812 AeLookupSvc - ok
07:06:34.0859 4812 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
07:06:34.0874 4812 AFD - ok
07:06:34.0905 4812 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
07:06:34.0905 4812 agp440 - ok
07:06:34.0952 4812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
07:06:34.0952 4812 aic78xx - ok
07:06:34.0999 4812 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
07:06:34.0999 4812 ALG - ok
07:06:35.0015 4812 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
07:06:35.0015 4812 aliide - ok
07:06:35.0046 4812 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
07:06:35.0046 4812 amdagp - ok
07:06:35.0093 4812 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
07:06:35.0093 4812 amdide - ok
07:06:35.0139 4812 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
07:06:35.0139 4812 AmdK8 - ok
07:06:35.0155 4812 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
07:06:35.0155 4812 AmdPPM - ok
07:06:35.0217 4812 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
07:06:35.0217 4812 amdsata - ok
07:06:35.0233 4812 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
07:06:35.0233 4812 amdsbs - ok
07:06:35.0264 4812 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
07:06:35.0264 4812 amdxata - ok
07:06:35.0295 4812 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
07:06:35.0311 4812 AppID - ok
07:06:35.0342 4812 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
07:06:35.0342 4812 AppIDSvc - ok
07:06:35.0358 4812 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
07:06:35.0373 4812 Appinfo - ok
07:06:35.0498 4812 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:06:35.0498 4812 Apple Mobile Device - ok
07:06:35.0576 4812 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
07:06:35.0576 4812 arc - ok
07:06:35.0607 4812 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
07:06:35.0607 4812 arcsas - ok
07:06:35.0623 4812 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
07:06:35.0623 4812 AsyncMac - ok
07:06:35.0690 4812 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
07:06:35.0690 4812 atapi - ok
07:06:35.0768 4812 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
07:06:35.0768 4812 AudioEndpointBuilder - ok
07:06:35.0784 4812 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
07:06:35.0784 4812 Audiosrv - ok
07:06:35.0831 4812 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
07:06:35.0831 4812 AxInstSV - ok
07:06:35.0878 4812 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
07:06:35.0893 4812 b06bdrv - ok
07:06:35.0940 4812 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
07:06:35.0956 4812 b57nd60x - ok
07:06:36.0158 4812 BCM43XX (2a61f5c96032afdb0a6171cc591472f7) C:\windows\system32\DRIVERS\bcmwl6.sys
07:06:36.0174 4812 BCM43XX - ok
07:06:36.0299 4812 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
07:06:36.0299 4812 BDESVC - ok
07:06:36.0361 4812 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
07:06:36.0361 4812 Beep - ok
07:06:36.0392 4812 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
07:06:36.0408 4812 BFE - ok
07:06:36.0470 4812 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\system32\qmgr.dll
07:06:36.0470 4812 BITS - ok
07:06:36.0502 4812 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
07:06:36.0533 4812 blbdrive - ok
07:06:36.0689 4812 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:06:36.0689 4812 Bonjour Service - ok
07:06:36.0751 4812 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
07:06:36.0751 4812 bowser - ok
07:06:36.0767 4812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
07:06:36.0767 4812 BrFiltLo - ok
07:06:36.0782 4812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
07:06:36.0782 4812 BrFiltUp - ok
07:06:36.0860 4812 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
07:06:36.0860 4812 BridgeMP - ok
07:06:36.0907 4812 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
07:06:36.0907 4812 Browser - ok
07:06:36.0954 4812 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
07:06:36.0954 4812 Brserid - ok
07:06:36.0985 4812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
07:06:36.0985 4812 BrSerWdm - ok
07:06:37.0001 4812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
07:06:37.0001 4812 BrUsbMdm - ok
07:06:37.0032 4812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
07:06:37.0032 4812 BrUsbSer - ok
07:06:37.0094 4812 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
07:06:37.0094 4812 BthEnum - ok
07:06:37.0110 4812 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
07:06:37.0110 4812 BTHMODEM - ok
07:06:37.0141 4812 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
07:06:37.0157 4812 BthPan - ok
07:06:37.0188 4812 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
07:06:37.0188 4812 BTHPORT - ok
07:06:37.0235 4812 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
07:06:37.0235 4812 bthserv - ok
07:06:37.0250 4812 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
07:06:37.0250 4812 BTHUSB - ok
07:06:37.0313 4812 btwampfl (ad1aa3b85f1b9125e31935df98266b37) C:\windows\system32\drivers\btwampfl.sys
07:06:37.0313 4812 btwampfl - ok
07:06:37.0344 4812 btwaudio (d146b5897a47500444bfa1f2cb2e3173) C:\windows\system32\drivers\btwaudio.sys
07:06:37.0344 4812 btwaudio - ok
07:06:37.0375 4812 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\DRIVERS\btwavdt.sys
07:06:37.0391 4812 btwavdt - ok
07:06:37.0484 4812 btwdins (765c410d031b9d55bfe09fe3f233262a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:06:37.0484 4812 btwdins - ok
07:06:37.0531 4812 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
07:06:37.0531 4812 btwl2cap - ok
07:06:37.0562 4812 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
07:06:37.0578 4812 btwrchid - ok
07:06:37.0703 4812 catchme - ok
07:06:37.0734 4812 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
07:06:37.0734 4812 cdfs - ok
07:06:37.0781 4812 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
07:06:37.0781 4812 cdrom - ok
07:06:37.0812 4812 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
07:06:37.0812 4812 CertPropSvc - ok
07:06:37.0843 4812 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
07:06:37.0843 4812 circlass - ok
07:06:37.0874 4812 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
07:06:37.0890 4812 CLFS - ok
07:06:37.0968 4812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:06:37.0984 4812 clr_optimization_v2.0.50727_32 - ok
07:06:38.0046 4812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:06:38.0046 4812 clr_optimization_v4.0.30319_32 - ok
07:06:38.0077 4812 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
07:06:38.0077 4812 CmBatt - ok
07:06:38.0093 4812 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
07:06:38.0093 4812 cmdide - ok
07:06:38.0155 4812 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
07:06:38.0155 4812 CNG - ok
07:06:38.0202 4812 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
07:06:38.0202 4812 Compbatt - ok
07:06:38.0233 4812 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
07:06:38.0233 4812 CompositeBus - ok
07:06:38.0249 4812 COMSysApp - ok
07:06:38.0280 4812 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
07:06:38.0280 4812 crcdisk - ok
07:06:38.0327 4812 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
07:06:38.0327 4812 CryptSvc - ok
07:06:38.0389 4812 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
07:06:38.0389 4812 DcomLaunch - ok
07:06:38.0436 4812 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
07:06:38.0452 4812 defragsvc - ok
07:06:38.0498 4812 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
07:06:38.0498 4812 DfsC - ok
07:06:38.0545 4812 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
07:06:38.0545 4812 Dhcp - ok
07:06:38.0576 4812 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
07:06:38.0576 4812 discache - ok
07:06:38.0608 4812 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
07:06:38.0608 4812 Disk - ok
07:06:38.0654 4812 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
07:06:38.0654 4812 Dnscache - ok
07:06:38.0701 4812 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
07:06:38.0701 4812 dot3svc - ok
07:06:38.0764 4812 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
07:06:38.0764 4812 Dot4 - ok
07:06:38.0795 4812 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\windows\system32\DRIVERS\Dot4Prt.sys
07:06:38.0795 4812 Dot4Print - ok
07:06:38.0810 4812 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
07:06:38.0826 4812 dot4usb - ok
07:06:38.0857 4812 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
07:06:38.0857 4812 DPS - ok
07:06:38.0904 4812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
07:06:38.0904 4812 drmkaud - ok
07:06:38.0951 4812 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\windows\system32\DRIVERS\dsNcAdpt.sys
07:06:38.0951 4812 dsNcAdpt - ok
07:06:39.0013 4812 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
07:06:39.0029 4812 dsNcService - ok
07:06:39.0091 4812 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
07:06:39.0107 4812 DXGKrnl - ok
07:06:39.0169 4812 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
07:06:39.0169 4812 EapHost - ok
07:06:39.0325 4812 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
07:06:39.0372 4812 ebdrv - ok
07:06:39.0497 4812 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
07:06:39.0497 4812 EFS - ok
07:06:39.0590 4812 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
07:06:39.0606 4812 ehRecvr - ok
07:06:39.0653 4812 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
07:06:39.0653 4812 ehSched - ok
07:06:39.0746 4812 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
07:06:39.0746 4812 ElbyCDIO - ok
07:06:39.0809 4812 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
07:06:39.0824 4812 elxstor - ok
07:06:39.0840 4812 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
07:06:39.0840 4812 ErrDev - ok
07:06:39.0902 4812 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
07:06:39.0918 4812 EventSystem - ok
07:06:39.0934 4812 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
07:06:39.0934 4812 exfat - ok
07:06:39.0965 4812 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
07:06:39.0965 4812 fastfat - ok
07:06:40.0012 4812 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
07:06:40.0027 4812 Fax - ok
07:06:40.0058 4812 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
07:06:40.0058 4812 fdc - ok
07:06:40.0090 4812 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
07:06:40.0090 4812 fdPHost - ok
07:06:40.0121 4812 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
07:06:40.0121 4812 FDResPub - ok
07:06:40.0136 4812 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
07:06:40.0136 4812 FileInfo - ok
07:06:40.0152 4812 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
07:06:40.0152 4812 Filetrace - ok
07:06:40.0246 4812 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:06:40.0261 4812 FLEXnet Licensing Service - ok
07:06:40.0292 4812 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
07:06:40.0308 4812 flpydisk - ok
07:06:40.0339 4812 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
07:06:40.0339 4812 FltMgr - ok
07:06:40.0417 4812 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
07:06:40.0433 4812 FontCache - ok
07:06:40.0542 4812 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:06:40.0542 4812 FontCache3.0.0.0 - ok
07:06:40.0573 4812 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
07:06:40.0573 4812 FsDepends - ok
07:06:40.0620 4812 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
07:06:40.0636 4812 fssfltr - ok
07:06:40.0807 4812 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:06:40.0823 4812 fsssvc - ok
07:06:40.0979 4812 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
07:06:40.0979 4812 Fs_Rec - ok
07:06:41.0026 4812 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
07:06:41.0026 4812 fvevol - ok
07:06:41.0088 4812 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
07:06:41.0088 4812 gagp30kx - ok
07:06:41.0150 4812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:06:41.0150 4812 GEARAspiWDM - ok
07:06:41.0213 4812 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
07:06:41.0213 4812 gpsvc - ok
07:06:41.0369 4812 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:06:41.0369 4812 gupdate - ok
07:06:41.0400 4812 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:06:41.0416 4812 gupdatem - ok
07:06:41.0478 4812 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:06:41.0478 4812 gusvc - ok
07:06:41.0509 4812 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
07:06:41.0509 4812 hcw85cir - ok
07:06:41.0540 4812 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
07:06:41.0540 4812 HdAudAddService - ok
07:06:41.0572 4812 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
07:06:41.0572 4812 HDAudBus - ok
07:06:41.0618 4812 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
07:06:41.0618 4812 HECI - ok
07:06:41.0634 4812 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
07:06:41.0634 4812 HidBatt - ok
07:06:41.0650 4812 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
07:06:41.0650 4812 HidBth - ok
07:06:41.0681 4812 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
07:06:41.0681 4812 HidIr - ok
07:06:41.0712 4812 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
07:06:41.0712 4812 hidserv - ok
07:06:41.0743 4812 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
07:06:41.0759 4812 HidUsb - ok
07:06:41.0806 4812 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
07:06:41.0806 4812 hkmsvc - ok
07:06:41.0837 4812 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
07:06:41.0837 4812 HomeGroupListener - ok
07:06:41.0868 4812 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
07:06:41.0868 4812 HomeGroupProvider - ok
07:06:42.0024 4812 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:06:42.0040 4812 hpqcxs08 - ok
07:06:42.0055 4812 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:06:42.0055 4812 hpqddsvc - ok
07:06:42.0086 4812 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
07:06:42.0086 4812 HpSAMD - ok
07:06:42.0149 4812 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
07:06:42.0149 4812 HPSLPSVC - ok
07:06:42.0211 4812 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\windows\system32\Drivers\ANDROIDUSB.sys
07:06:42.0211 4812 HTCAND32 - ok
07:06:42.0289 4812 htcnprot (339adefad60353f960e3ca67ce468c24) C:\windows\system32\DRIVERS\htcnprot.sys
07:06:42.0289 4812 htcnprot - ok
07:06:42.0336 4812 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
07:06:42.0352 4812 HTTP - ok
07:06:42.0383 4812 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
07:06:42.0383 4812 hwpolicy - ok
07:06:42.0430 4812 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
07:06:42.0430 4812 i8042prt - ok
07:06:42.0476 4812 iaStor (26541a068572f650a2fa490726fe81be) C:\windows\system32\DRIVERS\iaStor.sys
07:06:42.0492 4812 iaStor - ok
07:06:42.0554 4812 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
07:06:42.0554 4812 iaStorV - ok
07:06:42.0679 4812 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:06:42.0695 4812 idsvc - ok
07:06:43.0210 4812 igfx (0dab2d553be272359bcce55c3449937e) C:\windows\system32\DRIVERS\igdkmd32.sys
07:06:43.0397 4812 igfx - ok
07:06:43.0553 4812 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
07:06:43.0553 4812 iirsp - ok
07:06:43.0631 4812 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
07:06:43.0646 4812 IKEEXT - ok
07:06:43.0709 4812 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
07:06:43.0709 4812 Impcd - ok
07:06:43.0927 4812 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
07:06:43.0958 4812 IntcAzAudAddService - ok
07:06:44.0114 4812 IntcDAud (bf31740828a26ab451803e3b35432651) C:\windows\system32\DRIVERS\IntcDAud.sys
07:06:44.0114 4812 IntcDAud - ok
07:06:44.0146 4812 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
07:06:44.0146 4812 intelide - ok
07:06:44.0177 4812 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
07:06:44.0177 4812 intelppm - ok
07:06:44.0192 4812 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
07:06:44.0192 4812 IPBusEnum - ok
07:06:44.0208 4812 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:06:44.0224 4812 IpFilterDriver - ok
07:06:44.0286 4812 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
07:06:44.0302 4812 iphlpsvc - ok
07:06:44.0333 4812 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
07:06:44.0333 4812 IPMIDRV - ok
07:06:44.0364 4812 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
07:06:44.0364 4812 IPNAT - ok
07:06:44.0520 4812 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
07:06:44.0536 4812 iPod Service - ok
07:06:44.0567 4812 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
07:06:44.0567 4812 IRENUM - ok
07:06:44.0598 4812 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
07:06:44.0614 4812 isapnp - ok
07:06:44.0629 4812 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
07:06:44.0629 4812 iScsiPrt - ok
07:06:44.0660 4812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
07:06:44.0676 4812 kbdclass - ok
07:06:44.0707 4812 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
07:06:44.0707 4812 kbdhid - ok
07:06:44.0738 4812 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
07:06:44.0754 4812 KeyIso - ok
07:06:44.0770 4812 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
07:06:44.0770 4812 KSecDD - ok
07:06:44.0801 4812 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
07:06:44.0801 4812 KSecPkg - ok
07:06:44.0848 4812 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
07:06:44.0863 4812 KtmRm - ok
07:06:44.0926 4812 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\System32\srvsvc.dll
07:06:44.0926 4812 LanmanServer - ok
07:06:44.0972 4812 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
07:06:44.0972 4812 LanmanWorkstation - ok
07:06:45.0019 4812 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
07:06:45.0019 4812 lltdio - ok
07:06:45.0050 4812 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
07:06:45.0066 4812 lltdsvc - ok
07:06:45.0082 4812 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
07:06:45.0082 4812 lmhosts - ok
07:06:45.0222 4812 LMS (259e9d38f7cabb068530101f87b6c202) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:06:45.0238 4812 LMS - ok
07:06:45.0269 4812 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
07:06:45.0269 4812 LSI_FC - ok
07:06:45.0300 4812 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
07:06:45.0300 4812 LSI_SAS - ok
07:06:45.0331 4812 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
07:06:45.0331 4812 LSI_SAS2 - ok
07:06:45.0347 4812 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
07:06:45.0347 4812 LSI_SCSI - ok
07:06:45.0378 4812 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
07:06:45.0378 4812 luafv - ok
07:06:45.0440 4812 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\windows\system32\drivers\massfilter.sys
07:06:45.0440 4812 massfilter - ok
07:06:45.0487 4812 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
07:06:45.0503 4812 Mcx2Svc - ok
07:06:45.0518 4812 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
07:06:45.0518 4812 megasas - ok
07:06:45.0565 4812 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
07:06:45.0565 4812 MegaSR - ok
07:06:45.0659 4812 Microsoft SharePoint Workspace Audit Service - ok
07:06:45.0690 4812 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:06:45.0690 4812 MMCSS - ok
07:06:45.0721 4812 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
07:06:45.0721 4812 Modem - ok
07:06:45.0752 4812 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
07:06:45.0752 4812 monitor - ok
07:06:45.0784 4812 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
07:06:45.0799 4812 mouclass - ok
07:06:45.0815 4812 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
07:06:45.0815 4812 mouhid - ok
07:06:45.0830 4812 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
07:06:45.0846 4812 mountmgr - ok
07:06:45.0862 4812 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
07:06:45.0862 4812 mpio - ok
07:06:45.0893 4812 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
07:06:45.0893 4812 mpsdrv - ok
07:06:45.0955 4812 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
07:06:45.0971 4812 MpsSvc - ok
07:06:45.0986 4812 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
07:06:46.0002 4812 MRxDAV - ok
07:06:46.0049 4812 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
07:06:46.0049 4812 mrxsmb - ok
07:06:46.0111 4812 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:06:46.0111 4812 mrxsmb10 - ok
07:06:46.0127 4812 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:06:46.0127 4812 mrxsmb20 - ok
07:06:46.0158 4812 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
07:06:46.0158 4812 msahci - ok
07:06:46.0189 4812 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
07:06:46.0189 4812 msdsm - ok
07:06:46.0220 4812 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
07:06:46.0220 4812 MSDTC - ok
07:06:46.0252 4812 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
07:06:46.0252 4812 Msfs - ok
07:06:46.0267 4812 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
07:06:46.0267 4812 mshidkmdf - ok
07:06:46.0298 4812 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
07:06:46.0298 4812 msisadrv - ok
07:06:46.0345 4812 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
07:06:46.0345 4812 MSiSCSI - ok
07:06:46.0361 4812 msiserver - ok
07:06:46.0392 4812 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
07:06:46.0392 4812 MSKSSRV - ok
07:06:46.0408 4812 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
07:06:46.0408 4812 MSPCLOCK - ok
07:06:46.0423 4812 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
07:06:46.0423 4812 MSPQM - ok
07:06:46.0454 4812 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
07:06:46.0454 4812 MsRPC - ok
07:06:46.0486 4812 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
07:06:46.0486 4812 mssmbios - ok
07:06:46.0501 4812 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
07:06:46.0501 4812 MSTEE - ok
07:06:46.0517 4812 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
07:06:46.0517 4812 MTConfig - ok
07:06:46.0548 4812 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
07:06:46.0548 4812 Mup - ok
07:06:46.0673 4812 NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
07:06:46.0673 4812 NanoServiceMain - ok
07:06:46.0720 4812 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
07:06:46.0720 4812 napagent - ok
07:06:46.0782 4812 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
07:06:46.0782 4812 NativeWifiP - ok
07:06:46.0860 4812 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
07:06:46.0860 4812 NDIS - ok
07:06:46.0907 4812 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
07:06:46.0907 4812 NdisCap - ok
07:06:46.0938 4812 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
07:06:46.0938 4812 NdisTapi - ok
07:06:46.0954 4812 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
07:06:46.0954 4812 Ndisuio - ok
07:06:46.0969 4812 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
07:06:46.0969 4812 NdisWan - ok
07:06:47.0000 4812 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
07:06:47.0000 4812 NDProxy - ok
07:06:47.0094 4812 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\windows\system32\HPZinw12.dll
07:06:47.0094 4812 Net Driver HPZ12 - ok
07:06:47.0125 4812 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
07:06:47.0125 4812 NetBIOS - ok
07:06:47.0172 4812 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
07:06:47.0172 4812 NetBT - ok
07:06:47.0219 4812 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
07:06:47.0219 4812 Netlogon - ok
07:06:47.0281 4812 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
07:06:47.0281 4812 Netman - ok
07:06:47.0312 4812 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
07:06:47.0328 4812 netprofm - ok
07:06:47.0422 4812 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:06:47.0422 4812 NetTcpPortSharing - ok
07:06:47.0453 4812 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
07:06:47.0453 4812 nfrd960 - ok
07:06:47.0500 4812 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
07:06:47.0500 4812 NlaSvc - ok
07:06:47.0515 4812 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
07:06:47.0515 4812 Npfs - ok
07:06:47.0531 4812 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
07:06:47.0546 4812 nsi - ok
07:06:47.0546 4812 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
07:06:47.0546 4812 nsiproxy - ok
07:06:47.0656 4812 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
07:06:47.0687 4812 Ntfs - ok
07:06:47.0687 4812 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
07:06:47.0687 4812 Null - ok
07:06:47.0734 4812 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
07:06:47.0749 4812 nvraid - ok
07:06:47.0780 4812 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
07:06:47.0780 4812 nvstor - ok
07:06:47.0796 4812 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
07:06:47.0796 4812 nv_agp - ok
07:06:47.0812 4812 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
07:06:47.0827 4812 ohci1394 - ok
07:06:47.0921 4812 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:06:47.0921 4812 ose - ok
07:06:48.0233 4812 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:06:48.0389 4812 osppsvc - ok
07:06:48.0529 4812 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:06:48.0545 4812 p2pimsvc - ok
07:06:48.0592 4812 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
07:06:48.0607 4812 p2psvc - ok
07:06:48.0670 4812 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\windows\system32\drivers\PalmUSBD.sys
07:06:48.0685 4812 PalmUSBD - ok
07:06:48.0716 4812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
07:06:48.0716 4812 Parport - ok
07:06:48.0748 4812 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
07:06:48.0748 4812 partmgr - ok
07:06:48.0763 4812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
07:06:48.0763 4812 Parvdm - ok
07:06:48.0873 4812 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
07:06:48.0873 4812 PassThru Service - ok
07:06:48.0920 4812 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
07:06:48.0920 4812 PcaSvc - ok
07:06:48.0983 4812 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
07:06:48.0983 4812 pccsmcfd - ok
07:06:49.0014 4812 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
07:06:49.0014 4812 pci - ok
07:06:49.0029 4812 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
07:06:49.0029 4812 pciide - ok
07:06:49.0061 4812 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
07:06:49.0061 4812 pcmcia - ok
07:06:49.0092 4812 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
07:06:49.0092 4812 pcw - ok
07:06:49.0123 4812 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
07:06:49.0123 4812 PEAUTH - ok
07:06:49.0217 4812 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
07:06:49.0248 4812 pla - ok
07:06:49.0373 4812 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
07:06:49.0388 4812 PlugPlay - ok
07:06:49.0435 4812 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\windows\system32\HPZipm12.dll
07:06:49.0451 4812 Pml Driver HPZ12 - ok
07:06:49.0482 4812 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
07:06:49.0482 4812 PNRPAutoReg - ok
07:06:49.0513 4812 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
07:06:49.0513 4812 PNRPsvc - ok
07:06:49.0638 4812 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\windows\system32\DRIVERS\point32.sys
07:06:49.0638 4812 Point32 - ok
07:06:49.0685 4812 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
07:06:49.0700 4812 PolicyAgent - ok
07:06:49.0731 4812 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
07:06:49.0747 4812 Power - ok
07:06:49.0778 4812 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
07:06:49.0778 4812 PptpMiniport - ok
07:06:49.0794 4812 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
07:06:49.0809 4812 Processor - ok
07:06:49.0856 4812 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
07:06:49.0856 4812 ProfSvc - ok
07:06:49.0903 4812 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
07:06:49.0903 4812 ProtectedStorage - ok
07:06:49.0950 4812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
07:06:49.0950 4812 Psched - ok
07:06:50.0012 4812 PSINAflt (32b3fc7498240fe4a14a454a7c6a0bcc) C:\windows\system32\DRIVERS\PSINAflt.sys
07:06:50.0012 4812 PSINAflt - ok
07:06:50.0043 4812 PSINFile (5f039f535860c865e497b4cd55cea741) C:\windows\system32\DRIVERS\PSINFile.sys
07:06:50.0059 4812 PSINFile - ok
07:06:50.0106 4812 PSINKNC (bd28cb758d82df2e39a3fad7baaa8d6d) C:\windows\system32\DRIVERS\psinknc.sys
07:06:50.0106 4812 PSINKNC - ok
07:06:50.0153 4812 PSINProc (1bc0fd2c2289f98bbb02bda36f41724f) C:\windows\system32\DRIVERS\PSINProc.sys
07:06:50.0153 4812 PSINProc - ok
07:06:50.0168 4812 PSINProt (cf71fbec125cbebc363d71b5fd4fdada) C:\windows\system32\DRIVERS\PSINProt.sys
07:06:50.0184 4812 PSINProt - ok
07:06:50.0277 4812 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
07:06:50.0293 4812 ql2300 - ok
07:06:50.0449 4812 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
07:06:50.0449 4812 ql40xx - ok
07:06:50.0480 4812 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
07:06:50.0496 4812 QWAVE - ok
07:06:50.0511 4812 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
07:06:50.0511 4812 QWAVEdrv - ok
07:06:50.0527 4812 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
07:06:50.0527 4812 RasAcd - ok
07:06:50.0574 4812 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
07:06:50.0574 4812 RasAgileVpn - ok
07:06:50.0605 4812 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
07:06:50.0621 4812 RasAuto - ok
07:06:50.0652 4812 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
07:06:50.0652 4812 Rasl2tp - ok
07:06:50.0683 4812 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
07:06:50.0699 4812 RasMan - ok
07:06:50.0714 4812 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
07:06:50.0714 4812 RasPppoe - ok
07:06:50.0761 4812 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
07:06:50.0761 4812 RasSstp - ok
07:06:50.0792 4812 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
07:06:50.0792 4812 rdbss - ok
07:06:50.0808 4812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
07:06:50.0808 4812 rdpbus - ok
07:06:50.0839 4812 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
07:06:50.0839 4812 RDPCDD - ok
07:06:50.0870 4812 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
07:06:50.0870 4812 RDPENCDD - ok
07:06:50.0901 4812 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
07:06:50.0901 4812 RDPREFMP - ok
07:06:50.0948 4812 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
07:06:50.0948 4812 RDPWD - ok
07:06:50.0979 4812 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
07:06:50.0979 4812 rdyboost - ok
07:06:51.0011 4812 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
07:06:51.0026 4812 RemoteAccess - ok
07:06:51.0057 4812 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
07:06:51.0057 4812 RemoteRegistry - ok
07:06:51.0104 4812 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe
07:06:51.0120 4812 Rezip - ok
07:06:51.0151 4812 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
07:06:51.0151 4812 RFCOMM - ok
07:06:51.0276 4812 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files\CyberLink\Shared files\RichVideo.exe
07:06:51.0291 4812 RichVideo - ok
07:06:51.0338 4812 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
07:06:51.0338 4812 RimUsb - ok
07:06:51.0401 4812 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
07:06:51.0401 4812 RimVSerPort - ok
07:06:51.0432 4812 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
07:06:51.0432 4812 ROOTMODEM - ok
07:06:51.0479 4812 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
07:06:51.0479 4812 RpcEptMapper - ok
07:06:51.0510 4812 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
07:06:51.0510 4812 RpcLocator - ok
07:06:51.0557 4812 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
07:06:51.0572 4812 RpcSs - ok
07:06:51.0603 4812 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
07:06:51.0603 4812 rspndr - ok
07:06:51.0650 4812 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
07:06:51.0666 4812 RTL8167 - ok
07:06:51.0713 4812 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
07:06:51.0713 4812 rtport - ok
07:06:51.0759 4812 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
07:06:51.0775 4812 SABI - ok
07:06:51.0806 4812 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
07:06:51.0822 4812 SamSs - ok
07:06:51.0853 4812 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
07:06:51.0853 4812 sbp2port - ok
07:06:51.0884 4812 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
07:06:51.0900 4812 SCardSvr - ok
07:06:51.0915 4812 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
07:06:51.0915 4812 scfilter - ok
07:06:51.0993 4812 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
07:06:52.0009 4812 Schedule - ok
07:06:52.0056 4812 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
07:06:52.0056 4812 SCPolicySvc - ok
07:06:52.0087 4812 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
07:06:52.0103 4812 SDRSVC - ok
07:06:52.0134 4812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
07:06:52.0134 4812 secdrv - ok
07:06:52.0149 4812 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
07:06:52.0149 4812 seclogon - ok
07:06:52.0181 4812 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
07:06:52.0196 4812 SENS - ok
07:06:52.0212 4812 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
07:06:52.0227 4812 SensrSvc - ok
07:06:52.0243 4812 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
07:06:52.0243 4812 Serenum - ok
07:06:52.0290 4812 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
07:06:52.0290 4812 Serial - ok
07:06:52.0305 4812 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
07:06:52.0305 4812 sermouse - ok
07:06:52.0415 4812 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:06:52.0430 4812 ServiceLayer - ok
07:06:52.0477 4812 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
07:06:52.0477 4812 SessionEnv - ok
07:06:52.0524 4812 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
07:06:52.0524 4812 sffdisk - ok
07:06:52.0539 4812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
07:06:52.0539 4812 sffp_mmc - ok
07:06:52.0555 4812 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
07:06:52.0555 4812 sffp_sd - ok
07:06:52.0586 4812 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
07:06:52.0586 4812 sfloppy - ok
07:06:52.0633 4812 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
07:06:52.0649 4812 SharedAccess - ok
07:06:52.0695 4812 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
07:06:52.0695 4812 ShellHWDetection - ok
07:06:52.0742 4812 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
07:06:52.0742 4812 sisagp - ok
07:06:52.0773 4812 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
07:06:52.0789 4812 SiSRaid2 - ok
07:06:52.0805 4812 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
07:06:52.0805 4812 SiSRaid4 - ok
07:06:52.0820 4812 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
07:06:52.0836 4812 Smb - ok
07:06:52.0898 4812 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
07:06:52.0898 4812 SNMPTRAP - ok
07:06:52.0914 4812 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
07:06:52.0914 4812 spldr - ok
07:06:52.0961 4812 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
07:06:52.0976 4812 Spooler - ok
07:06:53.0148 4812 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
07:06:53.0195 4812 sppsvc - ok
07:06:53.0319 4812 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
07:06:53.0319 4812 sppuinotify - ok
07:06:53.0413 4812 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
07:06:53.0413 4812 srv - ok
07:06:53.0475 4812 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
07:06:53.0475 4812 srv2 - ok
07:06:53.0522 4812 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
07:06:53.0522 4812 srvnet - ok
07:06:53.0569 4812 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
07:06:53.0569 4812 SSDPSRV - ok
07:06:53.0585 4812 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
07:06:53.0585 4812 SstpSvc - ok
07:06:53.0616 4812 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
07:06:53.0616 4812 stexstor - ok
07:06:53.0678 4812 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
07:06:53.0694 4812 StiSvc - ok
07:06:53.0709 4812 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
07:06:53.0709 4812 swenum - ok
07:06:53.0741 4812 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
07:06:53.0756 4812 swprv - ok
07:06:53.0803 4812 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
07:06:53.0803 4812 SynTP - ok
07:06:53.0881 4812 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
07:06:53.0912 4812 SysMain - ok
07:06:53.0943 4812 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
07:06:53.0943 4812 TabletInputService - ok
07:06:53.0990 4812 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
07:06:54.0006 4812 TapiSrv - ok
07:06:54.0021 4812 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
07:06:54.0021 4812 TBS - ok
07:06:54.0177 4812 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
07:06:54.0193 4812 Tcpip - ok
07:06:54.0224 4812 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
07:06:54.0240 4812 TCPIP6 - ok
07:06:54.0271 4812 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
07:06:54.0271 4812 tcpipreg - ok
07:06:54.0287 4812 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
07:06:54.0287 4812 TDPIPE - ok
07:06:54.0333 4812 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
07:06:54.0333 4812 TDTCP - ok
07:06:54.0349 4812 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
07:06:54.0349 4812 tdx - ok
07:06:54.0365 4812 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
07:06:54.0365 4812 TermDD - ok
07:06:54.0427 4812 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
07:06:54.0427 4812 TermService - ok
07:06:54.0458 4812 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
07:06:54.0458 4812 Themes - ok
07:06:54.0489 4812 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
07:06:54.0505 4812 THREADORDER - ok
07:06:54.0536 4812 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
07:06:54.0536 4812 TrkWks - ok
07:06:54.0614 4812 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
07:06:54.0614 4812 TrustedInstaller - ok
07:06:54.0630 4812 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
07:06:54.0630 4812 tssecsrv - ok
07:06:54.0677 4812 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
07:06:54.0677 4812 tunnel - ok
07:06:54.0708 4812 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
07:06:54.0708 4812 uagp35 - ok
07:06:54.0755 4812 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
07:06:54.0770 4812 udfs - ok
07:06:54.0801 4812 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
07:06:54.0801 4812 UI0Detect - ok
07:06:54.0833 4812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
07:06:54.0848 4812 uliagpkx - ok
07:06:54.0879 4812 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
07:06:54.0879 4812 umbus - ok
07:06:54.0895 4812 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
07:06:54.0895 4812 UmPass - ok
07:06:55.0129 4812 UNS (48e114762941941d5821eaae29d75e9e) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:06:55.0160 4812 UNS - ok
07:06:55.0301 4812 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
07:06:55.0301 4812 upnphost - ok
07:06:55.0394 4812 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
07:06:55.0394 4812 USBAAPL - ok
07:06:55.0441 4812 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
07:06:55.0441 4812 usbccgp - ok
07:06:55.0472 4812 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
07:06:55.0472 4812 usbcir - ok
07:06:55.0503 4812 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
07:06:55.0503 4812 usbehci - ok
07:06:55.0535 4812 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
07:06:55.0535 4812 usbhub - ok
07:06:55.0581 4812 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
07:06:55.0581 4812 usbohci - ok
07:06:55.0628 4812 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
07:06:55.0628 4812 usbprint - ok
07:06:55.0659 4812 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
07:06:55.0659 4812 usbscan - ok
07:06:55.0691 4812 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
07:06:55.0691 4812 USBSTOR - ok
07:06:55.0706 4812 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
07:06:55.0706 4812 usbuhci - ok
07:06:55.0769 4812 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
07:06:55.0784 4812 usbvideo - ok
07:06:55.0815 4812 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
07:06:55.0815 4812 UxSms - ok
07:06:55.0847 4812 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
07:06:55.0862 4812 VaultSvc - ok
07:06:55.0893 4812 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
07:06:55.0909 4812 VClone - ok
07:06:55.0956 4812 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
07:06:55.0956 4812 vdrvroot - ok
07:06:55.0987 4812 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
07:06:56.0003 4812 vds - ok
07:06:56.0018 4812 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
07:06:56.0018 4812 vga - ok
07:06:56.0065 4812 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
07:06:56.0065 4812 VgaSave - ok
07:06:56.0112 4812 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
07:06:56.0112 4812 vhdmp - ok
07:06:56.0143 4812 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
07:06:56.0143 4812 viaagp - ok
07:06:56.0159 4812 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
07:06:56.0159 4812 ViaC7 - ok
07:06:56.0190 4812 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
07:06:56.0190 4812 viaide - ok
07:06:56.0221 4812 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
07:06:56.0221 4812 volmgr - ok
07:06:56.0252 4812 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
07:06:56.0252 4812 volmgrx - ok
07:06:56.0283 4812 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
07:06:56.0299 4812 volsnap - ok
07:06:56.0346 4812 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
07:06:56.0346 4812 vsmraid - ok
07:06:56.0439 4812 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
07:06:56.0455 4812 VSS - ok
07:06:56.0486 4812 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
07:06:56.0486 4812 vwifibus - ok
07:06:56.0517 4812 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
07:06:56.0517 4812 vwififlt - ok
07:06:56.0533 4812 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
07:06:56.0549 4812 W32Time - ok
07:06:56.0564 4812 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
07:06:56.0564 4812 WacomPen - ok
07:06:56.0595 4812 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
07:06:56.0595 4812 WANARP - ok
07:06:56.0595 4812 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
07:06:56.0611 4812 Wanarpv6 - ok
07:06:56.0720 4812 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
07:06:56.0736 4812 WatAdminSvc - ok
07:06:56.0845 4812 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
07:06:56.0861 4812 wbengine - ok
07:06:56.0876 4812 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
07:06:56.0892 4812 WbioSrvc - ok
07:06:56.0923 4812 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
07:06:56.0939 4812 wcncsvc - ok
07:06:56.0970 4812 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
07:06:56.0970 4812 WcsPlugInService - ok
07:06:57.0048 4812 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
07:06:57.0048 4812 Wd - ok
07:06:57.0095 4812 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
07:06:57.0110 4812 Wdf01000 - ok
07:06:57.0126 4812 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:06:57.0141 4812 WdiServiceHost - ok
07:06:57.0141 4812 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
07:06:57.0157 4812 WdiSystemHost - ok
07:06:57.0204 4812 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
07:06:57.0219 4812 WebClient - ok
07:06:57.0251 4812 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
07:06:57.0251 4812 Wecsvc - ok
07:06:57.0282 4812 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
07:06:57.0282 4812 wercplsupport - ok
07:06:57.0329 4812 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
07:06:57.0329 4812 WerSvc - ok
07:06:57.0375 4812 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
07:06:57.0375 4812 WfpLwf - ok
07:06:57.0391 4812 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
07:06:57.0391 4812 WIMMount - ok
07:06:57.0500 4812 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:06:57.0516 4812 WinDefend - ok
07:06:57.0516 4812 WinHttpAutoProxySvc - ok
07:06:57.0578 4812 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
07:06:57.0594 4812 Winmgmt - ok
07:06:57.0672 4812 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
07:06:57.0703 4812 WinRM - ok
07:06:57.0812 4812 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
07:06:57.0812 4812 WinUsb - ok
07:06:57.0890 4812 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
07:06:57.0906 4812 Wlansvc - ok
07:06:58.0140 4812 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:06:58.0155 4812 wlidsvc - ok
07:06:58.0296 4812 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
07:06:58.0296 4812 WmiAcpi - ok
07:06:58.0358 4812 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
07:06:58.0374 4812 wmiApSrv - ok
07:06:58.0514 4812 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:06:58.0530 4812 WMPNetworkSvc - ok
07:06:58.0561 4812 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
07:06:58.0561 4812 WPCSvc - ok
07:06:58.0592 4812 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
07:06:58.0592 4812 WPDBusEnum - ok
07:06:58.0670 4812 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
07:06:58.0670 4812 ws2ifsl - ok
07:06:58.0717 4812 wscsvc (a661a76333057b383a06e65f0073222f) C:\windows\system32\wscsvc.dll
07:06:58.0717 4812 wscsvc - ok
07:06:58.0733 4812 WSearch - ok
07:06:58.0873 4812 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
07:06:58.0904 4812 wuauserv - ok
07:06:59.0060 4812 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
07:06:59.0060 4812 WudfPf - ok
07:06:59.0091 4812 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
07:06:59.0091 4812 WUDFRd - ok
07:06:59.0123 4812 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
07:06:59.0123 4812 wudfsvc - ok
07:06:59.0154 4812 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
07:06:59.0169 4812 WwanSvc - ok
07:06:59.0232 4812 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
07:06:59.0232 4812 yukonw7 - ok
07:06:59.0294 4812 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
07:06:59.0294 4812 ZTEusbmdm6k - ok
07:06:59.0325 4812 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
07:06:59.0341 4812 ZTEusbnmea - ok
07:06:59.0357 4812 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
07:06:59.0357 4812 ZTEusbser6k - ok
07:06:59.0419 4812 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
07:06:59.0762 4812 \Device\Harddisk0\DR0 - ok
07:06:59.0762 4812 Boot (0x1200) (8c669ff3125b9dce1ebd7ef33de00504) \Device\Harddisk0\DR0\Partition0
07:06:59.0762 4812 \Device\Harddisk0\DR0\Partition0 - ok
07:06:59.0778 4812 Boot (0x1200) (d9f896024ccc3444a93bad76714eb3b1) \Device\Harddisk0\DR0\Partition1
07:06:59.0778 4812 \Device\Harddisk0\DR0\Partition1 - ok
07:06:59.0809 4812 Boot (0x1200) (1460055b780bc15a47b2e0e0ea5acf71) \Device\Harddisk0\DR0\Partition2
07:06:59.0809 4812 \Device\Harddisk0\DR0\Partition2 - ok
07:06:59.0809 4812 ============================================================
07:06:59.0809 4812 Scan finished
07:06:59.0809 4812 ============================================================
07:06:59.0825 2436 Detected object count: 0
07:06:59.0825 2436 Actual detected object count: 0

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 07:23:32
-----------------------------
07:23:32.364 OS Version: Windows 6.1.7600
07:23:32.364 Number of processors: 4 586 0x2502
07:23:32.364 ComputerName: LOUISE-LAPTOP2 UserName: Louise
07:23:32.847 Initialize success
07:23:42.020 AVAST engine defs: 12050101
07:23:52.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:23:52.456 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
07:23:52.472 Disk 0 MBR read successfully
07:23:52.472 Disk 0 MBR scan
07:23:52.488 Disk 0 unknown MBR code
07:23:52.488 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
07:23:52.503 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
07:23:52.534 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114688 MB offset 42149888
07:23:52.550 Disk 0 Partition - 00 0F Extended LBA 169975 MB offset 277030912
07:23:52.597 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169974 MB offset 277032960
07:23:52.597 Disk 0 scanning sectors +625139712
07:23:52.690 Disk 0 scanning C:\windows\system32\drivers
07:24:05.811 Service scanning
07:24:38.555 Modules scanning
07:24:48.540 Disk 0 trace - called modules:
07:24:48.571 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
07:24:48.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e7c770]
07:24:48.586 3 CLASSPNP.SYS[837b959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863e7028]
07:24:49.101 AVAST engine scan C:\windows
07:24:52.876 AVAST engine scan C:\windows\system32
07:28:09.802 AVAST engine scan C:\windows\system32\drivers
07:28:25.075 AVAST engine scan C:\Users\Louise
07:33:38.651 AVAST engine scan C:\ProgramData
07:35:47.460 Scan finished successfully
07:40:04.221 Disk 0 MBR has been saved successfully to "C:\Users\Louise\Desktop\Virus Project\MBR.dat"
07:40:04.237 The log file has been saved successfully to "C:\Users\Louise\Desktop\Virus Project\BleepB4-aswMBR.txt"


Thank you.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 02 May 2012 - 02:31 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uInternet Settings,ProxyServer = socks=127.0.0.1:4021

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 02 May 2012 - 05:58 PM

Hi, I re-ran Combo fix and didn't have any problems running it. Log file is pasted below. Unfortunately the trojan file (A0030162.exe) is still showing up in my latest Panda scan...I was hoping that one of these programs had wiped it out but it seems determined to stay, sigh! Thanks for your help with this.

Combo Fix report
ComboFix 12-05-02.03 - Louise 02/05/2012 22:14:27.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1817 [GMT 1:00]
Running from: c:\users\Louise\Desktop\Download-to-Desktop\ComboFix.exe
Command switches used :: c:\users\Louise\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 21:21 . 2012-05-02 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 21:05 . 2012-05-02 21:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7AB7E73-0E05-4827-B695-89B97EE0FD23}\offreg.dll
2012-05-02 20:59 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7AB7E73-0E05-4827-B695-89B97EE0FD23}\mpengine.dll
2012-04-30 18:21 . 2012-04-30 18:56 -------- d-----w- c:\windows\system32\DBBK
2012-04-30 00:49 . 2012-04-30 00:49 691 ----a-w- c:\users\Louise\AppData\Roaming\GetValue.vbs
2012-04-30 00:49 . 2012-04-30 00:49 35 ----a-w- c:\users\Louise\AppData\Roaming\SetValue.bat
2012-04-30 00:12 . 2012-04-30 00:12 -------- d-----w- C:\Autoruns
2012-04-29 07:36 . 2012-04-29 07:36 -------- d-----w- c:\program files\CCleaner
2012-04-25 23:13 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\users\Louise\AppData\Roaming\Malwarebytes
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 23:27 . 2012-04-24 23:27 -------- d-----w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com
2012-04-24 23:26 . 2012-04-24 23:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-16 18:49 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 18:49 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 18:49 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 18:49 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 16:11 . 2012-03-29 19:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 16:11 . 2011-05-19 20:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 22:52 . 2010-11-21 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-10-09 21:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-16 17:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-16 17:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-16 17:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-16 17:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-16 17:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-16 17:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-16 17:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-16 17:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-16 17:39 2341376 ----a-w- c:\windows\system32\win32k.sys
2011-04-26 21:19 . 2011-04-26 21:20 80873256 ----a-w- c:\program files\iTunesSetup.exe
2012-03-17 18:02 . 2011-08-18 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Dmailer_Backup_Manager.exe"="c:\users\Louise\AppData\Roaming\Dmailer\Dmailer_Backup_Manager.exe" [2011-08-13 28911208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 169496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
.
c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-16 1254912]
Dropbox.lnk - c:\users\Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
palmOne Registration.lnk - c:\palm\register.exe [2005-6-21 2355200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
HotSync Manager.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-17 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-17 33320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:11]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\hs5lej2a.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4696)
c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-05-02 22:22:55
ComboFix-quarantined-files.txt 2012-05-02 21:22
ComboFix2.txt 2012-05-02 00:09
.
Pre-Run: 29,637,455,872 bytes free
Post-Run: 29,639,553,024 bytes free
.
- - End Of File - - 2620E66CDB523EEBDB46F86352351040

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 02 May 2012 - 09:33 PM

Hello


I want you to shut off system restore and run the panda scan (it should not show up if system restore is turned off because there is no restore points for it to find)


let me know if it finds it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 03 May 2012 - 01:26 AM

Hi, I turned off system restore (but didn't delete previous restore points - should I?). Panda is still finding the file (see log). Does it actually exist or could there be an error with Panda?

PANDA LOG

Event Date/Time Status More details
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan 03/05/2012 07:15:10 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 03/05/2012 07:15:10 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 03/05/2012 07:14:59 Started Scanning: C:\System Volume Information

Computer vaccinated 03/05/2012 07:11:02 Vaccinated. Your computer has been vaccinated.

Scan 02/05/2012 23:50:34 Canceled Scanning: All My Computer

Trojan detected Unknown name 02/05/2012 23:44:33 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Suspicious file detected 02/05/2012 23:44:32 Neutralized Location: C:\Users\Louise\Desktop\Download-to-Desktop\aswMBR.exe

Scan 02/05/2012 23:01:17 Started Scanning: All My Computer

Scan 02/05/2012 22:44:56 Finished Optimized scan

Cookie detected Unknown name 02/05/2012 22:36:51 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\X32F1408.txt

Cookie detected Unknown name 02/05/2012 22:36:51 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKSAY1G8.txt

Scan 02/05/2012 22:36:06 Started Optimized scan

Synchronization 02/05/2012 21:49:54 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Antivirus started 01/05/2012 00:18:28 Started The protection has started

Scan 30/04/2012 20:50:03 Canceled Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 20:49:56 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 20:49:50 Started Scanning: C:\System Volume Information

Scan 30/04/2012 20:33:02 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 20:32:55 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 20:32:52 Started Scanning: C:\System Volume Information

Scan 30/04/2012 19:40:15 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 19:40:15 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 19:39:09 Started Scanning: C:\System Volume Information

Synchronization 30/04/2012 19:20:43 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Scan 30/04/2012 02:01:53 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 02:01:47 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 02:01:44 Started Scanning: C:\System Volume Information

Scan 30/04/2012 01:56:03 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 01:56:03 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 01:55:48 Started Scanning: C:\System Volume Information

Scan 30/04/2012 00:54:57 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 30/04/2012 00:54:49 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 30/04/2012 00:54:46 Started Scanning: C:\System Volume Information

Scan 29/04/2012 23:47:30 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 29/04/2012 23:47:30 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 29/04/2012 23:46:43 Started Scanning: C:\System Volume Information

Synchronization 28/04/2012 00:21:42 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Synchronization 27/04/2012 00:38:54 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Antivirus stopped 26/04/2012 00:14:57 Detenido. The protection has been stopped by the user

Scan 26/04/2012 00:13:18 Finished Scanning: All My Computer

Trojan detected Unknown name 26/04/2012 00:12:42 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 25/04/2012 22:53:53 Started Scanning: All My Computer

Scan 25/04/2012 22:53:42 Canceled Optimized scan

Scan 25/04/2012 22:50:41 Started Optimized scan

Scan 25/04/2012 22:01:46 Finished Scanning: All My Computer

Trojan detected Unknown name 25/04/2012 21:24:45 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 25/04/2012 20:28:10 Started Scanning: All My Computer

Synchronization 25/04/2012 12:21:22 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Synchronization 24/04/2012 14:21:37 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Scan 24/04/2012 10:18:26 Finished Scanning: All My Computer

Trojan detected Unknown name 24/04/2012 09:15:33 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 24/04/2012 08:43:44 Started Scanning: All My Computer

Synchronization 23/04/2012 20:11:46 Synchronized. Your protection has synchronized with the cloud against the latest threats.

Scan 23/04/2012 08:56:31 Finished Scanning: All My Computer

Cookie detected Cookie/WebtrendsLive 23/04/2012 08:37:55 Deleted. Location: C:\Windows\Temp\Cookies\louise@statse.webtrendslive[1].txt

Trojan detected Unknown name 23/04/2012 07:56:02 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Cookie detected Cookie/Tribalfusion 23/04/2012 07:25:09 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1SSNDKT.txt

Cookie detected Unknown name 23/04/2012 07:25:09 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\VGY3RO1Y.txt

Cookie detected Cookie/Apmebf 23/04/2012 07:25:09 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\NSQUMVRL.txt

Cookie detected Cookie/YieldManager 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEU4D24C.txt

Cookie detected Cookie/Mediaplex 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NZR0ZVH.txt

Cookie detected Unknown name 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHOECTLY.txt

Cookie detected Cookie/Adviva 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\louise@adviva[1].txt

Cookie detected Cookie/RealMedia 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\louise@247realmedia[1].txt

Cookie detected Cookie/Adtech 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\louise@adtech[1].txt

Cookie detected Cookie/Serving-sys 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\655LBXVD.txt

Cookie detected Cookie/Casalemedia 23/04/2012 07:25:08 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JE759AO.txt

Cookie detected Cookie/Adviva 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@adviva[1].txt

Cookie detected Cookie/Adtech 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@adtech[1].txt

Cookie detected Cookie/Apmebf 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@apmebf[1].txt

Cookie detected Cookie/FastClick 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@fastclick[1].txt

Cookie detected Unknown name 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@atdmt[1].txt

Cookie detected Cookie/Mediaplex 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@mediaplex[2].txt

Cookie detected Cookie/Tribalfusion 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@tribalfusion[2].txt

Cookie detected Unknown name 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@doubleclick[2].txt

Cookie detected Cookie/Advertising 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@advertising[1].txt

Cookie detected Cookie/YieldManager 23/04/2012 07:25:07 Deleted. Location: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@ad.yieldmanager[1].txt

Scan 23/04/2012 07:22:24 Started Scanning: All My Computer

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 03 May 2012 - 02:14 AM

Hello

Does it actually exist or could there be an error with Panda?

for me it has to be an error with panda - with system restore turned off there cannot be any restore points.

while system restore is off delete any restore points that are left.

if panda still finds it I want you to uninstall panda and remove any extras it may ask you to


reinstall panda and see if it finds it again


gringo

Edited by gringo_pr, 03 May 2012 - 02:14 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 03 May 2012 - 02:55 AM

That was what confused me. However I followed all the steps and the pesky thing is still showing:
- deleted restore points with system restore still off, ran the scan [trojan still appears in scan]
- uninstalled panda, reinstalled panda, ran the scan [trojan still appears in scan]

Should I contact Panda support if it's an error with their software?

Latest Panda Scan log here:
Event Date/Time Status More details
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan 03/05/2012 08:48:26 Finished Scanning: C:\System Volume Information

Trojan detected Unknown name 03/05/2012 08:48:26 Location: C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe

Scan 03/05/2012 08:47:27 Started Scanning: C:\System Volume Information

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 03 May 2012 - 07:35 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
"C:\System Volume Information\_restore{6C3B692B-16E5-4395-B3F8-BBDEC64A80BF}\RP200\A0030162.exe" 
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 03 May 2012 - 01:58 PM

And....it's gone!! Ran the program, did a Panda scan and it came up empty. I am so grateful for your persistent help with this...huge thanks!

Blitzblank report:

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\system volume information\_restore{6c3b692b-16e5-4395-b3f8-bbdec64a80bf}\rp200\a0030162.exe", destinationFile = "(null)", replaceWithDummy = 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 PM

Posted 03 May 2012 - 02:41 PM

Greetings

That is great news!! I am going to check a few more things to make sure nothing is left in the background and to check that everything is up to date so we have a little more left to do

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lopezprojects

lopezprojects
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 03 May 2012 - 05:19 PM

Hi,

Here's the ComboFix report - nor problems running it and no reboot.

ComboFix 12-05-03.02 - Louise 03/05/2012 22:45:05.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1713 [GMT 1:00]
Running from: c:\users\Louise\Desktop\Download-to-Desktop\ComboFix.exe
Command switches used :: c:\users\Louise\Desktop\Virus Project\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 21:52 . 2012-05-03 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 20:59 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7AB7E73-0E05-4827-B695-89B97EE0FD23}\mpengine.dll
2012-04-30 18:21 . 2012-04-30 18:56 -------- d-----w- c:\windows\system32\DBBK
2012-04-30 00:49 . 2012-04-30 00:49 691 ----a-w- c:\users\Louise\AppData\Roaming\GetValue.vbs
2012-04-30 00:49 . 2012-04-30 00:49 35 ----a-w- c:\users\Louise\AppData\Roaming\SetValue.bat
2012-04-30 00:12 . 2012-04-30 00:12 -------- d-----w- C:\Autoruns
2012-04-29 07:36 . 2012-04-29 07:36 -------- d-----w- c:\program files\CCleaner
2012-04-25 23:13 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\users\Louise\AppData\Roaming\Malwarebytes
2012-04-25 06:03 . 2012-04-25 06:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 23:27 . 2012-04-24 23:27 -------- d-----w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com
2012-04-24 23:26 . 2012-04-24 23:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-16 18:49 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 18:49 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 18:49 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 18:49 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 16:11 . 2012-03-29 19:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 16:11 . 2011-05-19 20:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 22:52 . 2010-11-21 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-10-09 21:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44 . 2012-03-16 17:38 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-16 17:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-16 17:38 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-16 17:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-16 17:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-16 17:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-16 17:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-16 17:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-26 21:19 . 2011-04-26 21:20 80873256 ----a-w- c:\program files\iTunesSetup.exe
2012-03-17 18:02 . 2011-08-18 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Dmailer_Backup_Manager.exe"="c:\users\Louise\AppData\Roaming\Dmailer\Dmailer_Backup_Manager.exe" [2011-08-13 28911208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 169496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-16 1254912]
Dropbox.lnk - c:\users\Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
palmOne Registration.lnk - c:\palm\register.exe [2005-6-21 2355200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
HotSync Manager.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-17 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-17 33320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 126216]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 144136]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 112904]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:11]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 16:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\hs5lej2a.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2284)
c:\users\Louise\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-05-03 22:53:23
ComboFix-quarantined-files.txt 2012-05-03 21:53
ComboFix2.txt 2012-05-02 21:22
ComboFix3.txt 2012-05-02 00:09
.
Pre-Run: 30,712,647,680 bytes free
Post-Run: 30,658,744,320 bytes free
.
- - End Of File - - E269408AEF49750970BF1CD305E8DBB4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users