Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection - email been hacked


  • This topic is locked This topic is locked
27 replies to this topic

#1 spacboy

spacboy

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 May 2012 - 04:06 PM

Thanks again for your help.

DDS log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by tomflynn at 21:16:32 on 2012-05-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.5023.3381 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{296C84CE-F519-4288-A875-4E1713230514} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{296C84CE-F519-4288-A875-4E1713230514}\458656F5C4F657E67656 : DhcpNameServer = 192.168.3.254 139.130.4.4 139.130.4.5
TCP: Interfaces\{296C84CE-F519-4288-A875-4E1713230514}\8513330343 : DhcpNameServer = 192.168.200.254 192.168.200.254
TCP: Interfaces\{B38EB3F3-065C-4B7B-B937-23AC199CBB64} : DhcpNameServer = 202.160.8.2 202.160.9.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tomflynn\AppData\Roaming\Mozilla\Firefox\Profiles\t6ik1uji.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 DVMIO;DVMIO;C:\QW.SYS\config\dvmio.sys [2009-9-26 21624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\QW.SYS\config\DVMExportService.exe [2009-6-9 323672]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-2 654408]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-20 227896]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 253088]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe [2009-7-31 83240]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-1 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-02 22:20:03 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D6AB3A4-434F-45CE-ACEF-026FD85BA0C8}\mpengine.dll
2012-05-02 22:01:20 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-05-02 20:57:30 -------- d-----w- C:\Users\tomflynn\AppData\Roaming\SUPERAntiSpyware.com
2012-05-02 20:57:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-02 20:57:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-01 22:45:42 -------- d-----w- C:\$RECYCLE.BIN
2012-05-01 22:40:16 98816 ----a-w- C:\Windows\sed.exe
2012-05-01 22:40:16 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-01 22:40:16 256000 ----a-w- C:\Windows\PEV.exe
2012-05-01 22:40:16 208896 ----a-w- C:\Windows\MBR.exe
2012-05-01 22:22:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 22:22:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-01 22:16:14 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-01 21:58:39 -------- d-----w- C:\Users\tomflynn\AppData\Roaming\AVG2012
2012-05-01 12:26:47 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-27 02:07:25 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-27 02:07:23 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 02:07:23 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 02:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-19 23:03:23 -------- d--h--w- C:\ProgramData\Common Files
2012-04-19 23:02:55 -------- d-----w- C:\ProgramData\AVG2012
2012-04-19 23:02:26 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-19 22:52:41 -------- d-----w- C:\ProgramData\MFAData
2012-04-18 12:50:45 -------- d-----r- C:\Users\tomflynn\Dropbox
2012-04-18 01:08:09 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-18 00:52:40 -------- d-----w- C:\Program Files\CCleaner
2012-04-17 21:56:27 -------- d-----w- C:\Users\tomflynn\AppData\Local\CrashRpt
2012-04-16 22:44:14 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-16 22:44:12 -------- d-----w- C:\Users\tomflynn\AppData\Local\Conduit
2012-04-12 02:00:20 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 02:00:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 02:00:19 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 02:00:19 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 02:00:19 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 02:00:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 02:00:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-09 21:45:49 -------- d-----w- C:\Windows\SysWow64\custom matrices
2012-04-09 21:45:45 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-04-06 13:56:31 -------- d-----w- C:\Users\tomflynn\AppData\Local\{D3909B87-E523-4A4E-AD0B-B3FFB2A60C1A}
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-05-01 22:16:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 19:01:27 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-01 19:01:27 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-24 02:24:54 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 05:26:10 28160 ----a-w- C:\Windows\System32\drivers\mcaudrv_x64.sys
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 21:17:09.82 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 03 May 2012 - 11:57 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

Make sure you have changed the password of the email account

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 May 2012 - 09:16 AM

Thanks for your help Gringo. Computer is running ok as far as I can tell. I still haven't logged into my email from it, as I'm still worried about infection.

Logs:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


ComboFix 12-05-06.01 - tomflynn 06/05/2012 14:54:18.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.5023.3522 [GMT 1:00]
Running from: c:\users\tomflynn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-06 13:57 . 2012-05-06 13:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-06 13:57 . 2012-05-06 13:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-06 13:57 . 2012-05-06 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 13:48 . 2012-05-06 13:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA5A9E8-8DFE-4192-B920-9DCE4177BB64}\offreg.dll
2012-05-05 21:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA5A9E8-8DFE-4192-B920-9DCE4177BB64}\mpengine.dll
2012-05-05 16:51 . 2012-05-05 16:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 16:51 . 2012-05-05 16:51 -------- d-----r- c:\program files (x86)\Skype
2012-05-04 21:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 22:48 . 2012-05-03 22:48 -------- d-----w- c:\program files (x86)\Camfrog
2012-05-03 21:01 . 2012-05-03 21:01 -------- d-----w- c:\users\tomflynn\AppData\Local\WinZip
2012-05-03 21:01 . 2012-05-03 21:01 -------- d-----w- c:\programdata\WinZip
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\users\tomflynn\AppData\Roaming\SUPERAntiSpyware.com
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-01 22:22 . 2012-05-01 22:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 22:22 . 2012-05-01 22:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 22:16 . 2012-05-01 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-01 22:16 . 2012-05-01 22:16 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-01 22:16 . 2012-05-01 22:16 -------- d-----w- c:\program files (x86)\Java
2012-05-01 21:58 . 2012-05-01 21:58 -------- d-----w- c:\users\tomflynn\AppData\Roaming\AVG2012
2012-04-18 10:28 . 2012-03-13 04:38 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-18 10:28 . 2012-03-13 04:38 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-18 10:28 . 2012-03-13 04:38 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-18 10:28 . 2012-03-13 04:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-04-18 10:28 . 2012-03-13 04:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-04-18 01:08 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-04-18 00:52 . 2012-04-18 00:52 -------- d-----w- c:\program files\CCleaner
2012-04-17 21:56 . 2012-04-17 21:56 -------- d-----w- c:\users\tomflynn\AppData\Local\CrashRpt
2012-04-16 22:44 . 2012-04-16 22:44 -------- d-----w- c:\program files (x86)\Conduit
2012-04-16 22:44 . 2012-04-18 00:46 -------- d-----w- c:\users\tomflynn\AppData\Local\Conduit
2012-04-12 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 21:45 . 2012-04-09 21:45 -------- d-----w- c:\windows\SysWow64\custom matrices
2012-04-09 21:45 . 2012-04-09 21:45 -------- d-----w- c:\windows\SysWow64\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 22:16 . 2010-12-06 04:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 14:56 . 2012-03-28 00:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 21:35 . 2012-04-01 21:35 388096 ----a-r- c:\users\tomflynn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-01 19:01 . 2012-04-01 19:01 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-01 19:01 . 2012-04-01 19:01 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 21:49 . 2012-03-27 21:49 388096 ----a-r- c:\users\Guest\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:24 . 2012-03-24 02:23 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-20 19:44 . 2010-10-24 10:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2010-03-25 13:30 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-28 05:26 . 2012-02-28 05:26 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2012-02-17 06:38 . 2012-03-14 01:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 01:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 01:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 16:22 . 2012-02-10 16:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC96B3C-AD41-4C58-9131-D77862C871E9}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 01:02 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 01:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-01_22.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 01:00 . 2012-05-03 20:57 63636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-03 20:57 64832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-06 07:38 . 2012-05-03 20:57 11776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198735896-1395531648-2674371458-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-05-06 06:22 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-03 21:01 . 2012-05-03 21:01 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}\IconCD95F6617.exe
+ 2012-05-03 20:55 . 2012-05-03 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-01 22:45 . 2012-05-01 22:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-01 22:45 . 2012-05-01 22:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-03 20:55 . 2012-05-03 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-05 20:44 717916 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-01 22:10 717916 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-05 20:44 140382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-01 22:10 140382 c:\windows\system32\perfc009.dat
- 2012-05-01 21:58 . 2012-05-01 21:58 437408 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-03 20:28 . 2012-05-03 20:28 437408 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-05-01 22:45 403608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-03 20:31 403608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-05 16:51 . 2012-05-05 16:51 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-05-03 21:01 . 2012-05-03 21:01 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}\IconCD95F66110.exe
- 2010-12-06 07:33 . 2012-05-01 22:45 5428768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-8192.dat
+ 2010-12-06 07:33 . 2012-05-03 20:31 5428768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-8192.dat
+ 2011-05-31 10:32 . 2012-05-02 22:01 3127276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-12288.dat
- 2011-05-31 10:32 . 2012-05-01 22:45 3127276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-12288.dat
+ 2012-05-05 16:51 . 2012-05-05 16:51 19230720 c:\windows\Installer\96d51bf.msi
+ 2012-04-10 15:50 . 2012-04-10 15:50 24623616 c:\windows\Installer\4cf81.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camfrog"="c:\program files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2012-01-05 52616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe" [2009-07-31 76584]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe [2009-07-31 83240]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DVMIO;c:\qw.sys\config\dvmio.sys [2009-09-26 21624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qw.sys\config\DVMExportService.exe [2009-06-09 323672]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 22:22]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleFortomflynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 365592]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\tomflynn\AppData\Roaming\Mozilla\Firefox\Profiles\t6ik1uji.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-06 15:00:09
ComboFix-quarantined-files.txt 2012-05-06 14:00
ComboFix2.txt 2012-03-31 17:41
.
Pre-Run: 37,860,220,928 bytes free
Post-Run: 37,784,694,784 bytes free
.
- - End Of File - - FCA3BAFE9CAE759E195AA48105B2639E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 06 May 2012 - 12:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 02:08 AM

Thanks Gringo. While aswMBR was scanning, microsoft security essentials found (and quarantined Exploit:Java/CVE-2012-0507.AP

Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Items:
file:C:\Users\tomflynn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e19ffa5-1f4c1b42

Get more information about this item online.


TDSKiller log:

07:50:16.0931 0172 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
07:50:17.0208 0172 ============================================================
07:50:17.0208 0172 Current date / time: 2012/05/07 07:50:17.0208
07:50:17.0208 0172 SystemInfo:
07:50:17.0208 0172
07:50:17.0208 0172 OS Version: 6.1.7601 ServicePack: 1.0
07:50:17.0208 0172 Product type: Workstation
07:50:17.0208 0172 ComputerName: TOMFLYNN-W7
07:50:17.0208 0172 UserName: tomflynn
07:50:17.0208 0172 Windows directory: C:\Windows
07:50:17.0208 0172 System windows directory: C:\Windows
07:50:17.0209 0172 Running under WOW64
07:50:17.0209 0172 Processor architecture: Intel x64
07:50:17.0209 0172 Number of processors: 2
07:50:17.0209 0172 Page size: 0x1000
07:50:17.0209 0172 Boot type: Normal boot
07:50:17.0209 0172 ============================================================
07:50:17.0476 0172 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:50:17.0559 0172 ============================================================
07:50:17.0559 0172 \Device\Harddisk0\DR0:
07:50:17.0559 0172 MBR partitions:
07:50:17.0559 0172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:50:17.0559 0172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x10CA3800
07:50:17.0559 0172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10D07800, BlocksNum 0x1CDE800
07:50:17.0559 0172 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x129E6000, BlocksNum 0x336B0
07:50:17.0559 0172 ============================================================
07:50:17.0561 0172 C: <-> \Device\Harddisk0\DR0\Partition1
07:50:17.0562 0172 D: <-> \Device\Harddisk0\DR0\Partition2
07:50:17.0562 0172 E: <-> \Device\Harddisk0\DR0\Partition3
07:50:17.0562 0172 ============================================================
07:50:17.0562 0172 Initialize success
07:50:17.0562 0172 ============================================================
07:50:19.0194 2916 ============================================================
07:50:19.0194 2916 Scan started
07:50:19.0194 2916 Mode: Manual;
07:50:19.0194 2916 ============================================================
07:50:19.0419 2916 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:50:19.0420 2916 !SASCORE - ok
07:50:19.0456 2916 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:50:19.0459 2916 1394ohci - ok
07:50:19.0464 2916 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
07:50:19.0465 2916 Accelerometer - ok
07:50:19.0476 2916 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:50:19.0480 2916 ACPI - ok
07:50:19.0484 2916 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:50:19.0485 2916 AcpiPmi - ok
07:50:19.0492 2916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:50:19.0493 2916 AdobeARMservice - ok
07:50:19.0515 2916 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:50:19.0516 2916 AdobeFlashPlayerUpdateSvc - ok
07:50:19.0530 2916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:50:19.0536 2916 adp94xx - ok
07:50:19.0546 2916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:50:19.0551 2916 adpahci - ok
07:50:19.0558 2916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:50:19.0561 2916 adpu320 - ok
07:50:19.0568 2916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:50:19.0569 2916 AeLookupSvc - ok
07:50:19.0582 2916 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
07:50:19.0631 2916 AESTFilters - ok
07:50:19.0645 2916 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:50:19.0651 2916 AFD - ok
07:50:19.0656 2916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:50:19.0658 2916 agp440 - ok
07:50:19.0663 2916 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:50:19.0665 2916 ALG - ok
07:50:19.0668 2916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:50:19.0670 2916 aliide - ok
07:50:19.0678 2916 AMD External Events Utility (e10dafa5b09cd0e92248f0ee51b3cba1) C:\Windows\system32\atiesrxx.exe
07:50:19.0681 2916 AMD External Events Utility - ok
07:50:19.0684 2916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:50:19.0686 2916 amdide - ok
07:50:19.0691 2916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:50:19.0693 2916 AmdK8 - ok
07:50:19.0833 2916 amdkmdag (4cee5cc6ab691ff1e91ad73f915702bf) C:\Windows\system32\DRIVERS\atipmdag.sys
07:50:19.0893 2916 amdkmdag - ok
07:50:19.0920 2916 amdkmdap (fe76c18bf9dfb4ad3bc3d10037ee165e) C:\Windows\system32\DRIVERS\atikmpag.sys
07:50:19.0923 2916 amdkmdap - ok
07:50:19.0927 2916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:50:19.0929 2916 AmdPPM - ok
07:50:19.0934 2916 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:50:19.0936 2916 amdsata - ok
07:50:19.0944 2916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:50:19.0947 2916 amdsbs - ok
07:50:19.0951 2916 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:50:19.0952 2916 amdxata - ok
07:50:19.0958 2916 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:50:19.0959 2916 AppID - ok
07:50:19.0963 2916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:50:19.0965 2916 AppIDSvc - ok
07:50:19.0970 2916 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:50:19.0971 2916 Appinfo - ok
07:50:19.0979 2916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:50:19.0980 2916 arc - ok
07:50:19.0986 2916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:50:19.0988 2916 arcsas - ok
07:50:19.0992 2916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:50:19.0992 2916 AsyncMac - ok
07:50:19.0997 2916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:50:19.0998 2916 atapi - ok
07:50:20.0006 2916 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
07:50:20.0008 2916 AtiHdmiService - ok
07:50:20.0136 2916 atikmdag (4cee5cc6ab691ff1e91ad73f915702bf) C:\Windows\system32\DRIVERS\atikmdag.sys
07:50:20.0195 2916 atikmdag - ok
07:50:20.0243 2916 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:50:20.0251 2916 AudioEndpointBuilder - ok
07:50:20.0258 2916 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:50:20.0262 2916 AudioSrv - ok
07:50:20.0270 2916 AX88772 (9a534980d3a06607233ccb22a88cf801) C:\Windows\system32\DRIVERS\ax88772.sys
07:50:20.0272 2916 AX88772 - ok
07:50:20.0280 2916 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:50:20.0283 2916 AxInstSV - ok
07:50:20.0300 2916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:50:20.0306 2916 b06bdrv - ok
07:50:20.0318 2916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:50:20.0322 2916 b57nd60a - ok
07:50:20.0331 2916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:50:20.0334 2916 BDESVC - ok
07:50:20.0337 2916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:50:20.0338 2916 Beep - ok
07:50:20.0365 2916 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:50:20.0373 2916 BFE - ok
07:50:20.0403 2916 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:50:20.0409 2916 BITS - ok
07:50:20.0417 2916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:50:20.0419 2916 blbdrive - ok
07:50:20.0438 2916 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:50:20.0441 2916 Bonjour Service - ok
07:50:20.0447 2916 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:50:20.0449 2916 bowser - ok
07:50:20.0453 2916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:50:20.0454 2916 BrFiltLo - ok
07:50:20.0458 2916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:50:20.0459 2916 BrFiltUp - ok
07:50:20.0465 2916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:50:20.0467 2916 BridgeMP - ok
07:50:20.0475 2916 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:50:20.0476 2916 Browser - ok
07:50:20.0486 2916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:50:20.0491 2916 Brserid - ok
07:50:20.0495 2916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:50:20.0497 2916 BrSerWdm - ok
07:50:20.0500 2916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:50:20.0501 2916 BrUsbMdm - ok
07:50:20.0505 2916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:50:20.0506 2916 BrUsbSer - ok
07:50:20.0511 2916 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
07:50:20.0512 2916 BthEnum - ok
07:50:20.0517 2916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:50:20.0519 2916 BTHMODEM - ok
07:50:20.0525 2916 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
07:50:20.0527 2916 BthPan - ok
07:50:20.0541 2916 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
07:50:20.0547 2916 BTHPORT - ok
07:50:20.0553 2916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:50:20.0555 2916 bthserv - ok
07:50:20.0560 2916 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
07:50:20.0562 2916 BTHUSB - ok
07:50:20.0567 2916 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
07:50:20.0569 2916 btwaudio - ok
07:50:20.0575 2916 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
07:50:20.0578 2916 btwavdt - ok
07:50:20.0599 2916 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:50:20.0604 2916 btwdins - ok
07:50:20.0610 2916 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
07:50:20.0611 2916 btwl2cap - ok
07:50:20.0615 2916 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
07:50:20.0616 2916 btwrchid - ok
07:50:20.0619 2916 catchme - ok
07:50:20.0626 2916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:50:20.0628 2916 cdfs - ok
07:50:20.0634 2916 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:50:20.0637 2916 cdrom - ok
07:50:20.0642 2916 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:50:20.0643 2916 CertPropSvc - ok
07:50:20.0648 2916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:50:20.0649 2916 circlass - ok
07:50:20.0660 2916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:50:20.0664 2916 CLFS - ok
07:50:20.0672 2916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:50:20.0673 2916 clr_optimization_v2.0.50727_32 - ok
07:50:20.0679 2916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:50:20.0681 2916 clr_optimization_v2.0.50727_64 - ok
07:50:20.0689 2916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:50:20.0690 2916 clr_optimization_v4.0.30319_32 - ok
07:50:20.0698 2916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:50:20.0699 2916 clr_optimization_v4.0.30319_64 - ok
07:50:20.0703 2916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:50:20.0705 2916 CmBatt - ok
07:50:20.0709 2916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:50:20.0710 2916 cmdide - ok
07:50:20.0722 2916 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:50:20.0728 2916 CNG - ok
07:50:20.0737 2916 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:50:20.0739 2916 Com4QLBEx - ok
07:50:20.0743 2916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:50:20.0745 2916 Compbatt - ok
07:50:20.0749 2916 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:50:20.0750 2916 CompositeBus - ok
07:50:20.0753 2916 COMSysApp - ok
07:50:20.0758 2916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:50:20.0760 2916 crcdisk - ok
07:50:20.0769 2916 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:50:20.0770 2916 CryptSvc - ok
07:50:20.0785 2916 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:50:20.0790 2916 DcomLaunch - ok
07:50:20.0799 2916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:50:20.0804 2916 defragsvc - ok
07:50:20.0810 2916 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:50:20.0812 2916 DfsC - ok
07:50:20.0822 2916 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:50:20.0827 2916 Dhcp - ok
07:50:20.0831 2916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:50:20.0832 2916 discache - ok
07:50:20.0837 2916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:50:20.0839 2916 Disk - ok
07:50:20.0846 2916 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:50:20.0849 2916 Dnscache - ok
07:50:20.0858 2916 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:50:20.0862 2916 dot3svc - ok
07:50:20.0869 2916 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:50:20.0872 2916 DPS - ok
07:50:20.0876 2916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:50:20.0877 2916 drmkaud - ok
07:50:20.0884 2916 DVMIO (f9f437b39cc0fcacce8ac7ce422f537f) C:\QW.SYS\config\dvmio.sys
07:50:20.0884 2916 DVMIO - ok
07:50:20.0894 2916 DvmMDES (5af1055197dffbeb17275363787d27b6) C:\QW.SYS\config\DVMExportService.exe
07:50:20.0896 2916 DvmMDES - ok
07:50:20.0919 2916 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:50:20.0929 2916 DXGKrnl - ok
07:50:20.0938 2916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:50:20.0941 2916 EapHost - ok
07:50:21.0009 2916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:50:21.0041 2916 ebdrv - ok
07:50:21.0058 2916 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:50:21.0059 2916 EFS - ok
07:50:21.0081 2916 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:50:21.0119 2916 ehRecvr - ok
07:50:21.0125 2916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:50:21.0154 2916 ehSched - ok
07:50:21.0171 2916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:50:21.0177 2916 elxstor - ok
07:50:21.0181 2916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:50:21.0182 2916 ErrDev - ok
07:50:21.0198 2916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:50:21.0201 2916 EventSystem - ok
07:50:21.0210 2916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:50:21.0213 2916 exfat - ok
07:50:21.0220 2916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:50:21.0224 2916 fastfat - ok
07:50:21.0241 2916 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:50:21.0249 2916 Fax - ok
07:50:21.0253 2916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:50:21.0255 2916 fdc - ok
07:50:21.0259 2916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:50:21.0260 2916 fdPHost - ok
07:50:21.0264 2916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:50:21.0266 2916 FDResPub - ok
07:50:21.0271 2916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:50:21.0273 2916 FileInfo - ok
07:50:21.0277 2916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:50:21.0279 2916 Filetrace - ok
07:50:21.0282 2916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:21.0284 2916 flpydisk - ok
07:50:21.0293 2916 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:50:21.0298 2916 FltMgr - ok
07:50:21.0324 2916 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:50:21.0336 2916 FontCache - ok
07:50:21.0342 2916 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:50:21.0343 2916 FontCache3.0.0.0 - ok
07:50:21.0350 2916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:50:21.0352 2916 FsDepends - ok
07:50:21.0356 2916 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:50:21.0357 2916 Fs_Rec - ok
07:50:21.0365 2916 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:50:21.0368 2916 fvevol - ok
07:50:21.0373 2916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:50:21.0374 2916 gagp30kx - ok
07:50:21.0393 2916 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:50:21.0402 2916 gpsvc - ok
07:50:21.0407 2916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:50:21.0409 2916 hcw85cir - ok
07:50:21.0419 2916 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:50:21.0424 2916 HdAudAddService - ok
07:50:21.0430 2916 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:50:21.0433 2916 HDAudBus - ok
07:50:21.0437 2916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:50:21.0438 2916 HidBatt - ok
07:50:21.0444 2916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:50:21.0446 2916 HidBth - ok
07:50:21.0452 2916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:50:21.0454 2916 HidIr - ok
07:50:21.0459 2916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:50:21.0461 2916 hidserv - ok
07:50:21.0465 2916 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:50:21.0467 2916 HidUsb - ok
07:50:21.0473 2916 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:50:21.0475 2916 hkmsvc - ok
07:50:21.0483 2916 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:50:21.0488 2916 HomeGroupListener - ok
07:50:21.0495 2916 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:50:21.0499 2916 HomeGroupProvider - ok
07:50:21.0505 2916 hpdoccardsvc (56ddd9a5bf441722e88c9f7a517be681) C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe
07:50:21.0506 2916 hpdoccardsvc - ok
07:50:21.0511 2916 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
07:50:21.0512 2916 hpdskflt - ok
07:50:21.0516 2916 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:50:21.0517 2916 HpqKbFiltr - ok
07:50:21.0537 2916 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:50:21.0542 2916 hpqwmiex - ok
07:50:21.0547 2916 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:50:21.0549 2916 HpSAMD - ok
07:50:21.0553 2916 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
07:50:21.0555 2916 hpsrv - ok
07:50:21.0573 2916 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:50:21.0581 2916 HTTP - ok
07:50:21.0585 2916 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:50:21.0585 2916 hwpolicy - ok
07:50:21.0592 2916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:50:21.0594 2916 i8042prt - ok
07:50:21.0605 2916 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
07:50:21.0608 2916 iaStor - ok
07:50:21.0621 2916 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:50:21.0626 2916 iaStorV - ok
07:50:21.0647 2916 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:50:21.0657 2916 idsvc - ok
07:50:21.0809 2916 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:50:21.0878 2916 igfx - ok
07:50:21.0903 2916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:50:21.0904 2916 iirsp - ok
07:50:21.0930 2916 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:50:21.0940 2916 IKEEXT - ok
07:50:21.0946 2916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:50:21.0948 2916 intelide - ok
07:50:22.0166 2916 intelkmd (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdpmd64.sys
07:50:22.0236 2916 intelkmd - ok
07:50:22.0264 2916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:50:22.0266 2916 intelppm - ok
07:50:22.0272 2916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:50:22.0275 2916 IPBusEnum - ok
07:50:22.0280 2916 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:22.0282 2916 IpFilterDriver - ok
07:50:22.0299 2916 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:50:22.0307 2916 iphlpsvc - ok
07:50:22.0312 2916 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:50:22.0314 2916 IPMIDRV - ok
07:50:22.0320 2916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:50:22.0323 2916 IPNAT - ok
07:50:22.0327 2916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:50:22.0328 2916 IRENUM - ok
07:50:22.0332 2916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:50:22.0333 2916 isapnp - ok
07:50:22.0344 2916 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:50:22.0348 2916 iScsiPrt - ok
07:50:22.0353 2916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:50:22.0355 2916 kbdclass - ok
07:50:22.0359 2916 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:50:22.0361 2916 kbdhid - ok
07:50:22.0365 2916 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:50:22.0366 2916 KeyIso - ok
07:50:22.0372 2916 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:50:22.0374 2916 KSecDD - ok
07:50:22.0381 2916 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:50:22.0383 2916 KSecPkg - ok
07:50:22.0388 2916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:50:22.0390 2916 ksthunk - ok
07:50:22.0400 2916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:50:22.0406 2916 KtmRm - ok
07:50:22.0417 2916 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:50:22.0422 2916 LanmanServer - ok
07:50:22.0428 2916 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:50:22.0432 2916 LanmanWorkstation - ok
07:50:22.0439 2916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:50:22.0441 2916 lltdio - ok
07:50:22.0450 2916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:50:22.0456 2916 lltdsvc - ok
07:50:22.0460 2916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:50:22.0462 2916 lmhosts - ok
07:50:22.0470 2916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:50:22.0472 2916 LSI_FC - ok
07:50:22.0478 2916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:50:22.0480 2916 LSI_SAS - ok
07:50:22.0485 2916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:50:22.0487 2916 LSI_SAS2 - ok
07:50:22.0493 2916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:50:22.0495 2916 LSI_SCSI - ok
07:50:22.0501 2916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:50:22.0504 2916 luafv - ok
07:50:22.0508 2916 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
07:50:22.0510 2916 ManyCam - ok
07:50:22.0516 2916 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:50:22.0517 2916 MBAMProtector - ok
07:50:22.0533 2916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:50:22.0537 2916 MBAMService - ok
07:50:22.0542 2916 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
07:50:22.0544 2916 mcaudrv_simple - ok
07:50:22.0549 2916 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:50:22.0552 2916 Mcx2Svc - ok
07:50:22.0556 2916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:50:22.0558 2916 megasas - ok
07:50:22.0567 2916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:50:22.0571 2916 MegaSR - ok
07:50:22.0577 2916 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:50:22.0578 2916 Microsoft Office Groove Audit Service - ok
07:50:22.0584 2916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:50:22.0585 2916 MMCSS - ok
07:50:22.0591 2916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:50:22.0592 2916 Modem - ok
07:50:22.0596 2916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:50:22.0597 2916 monitor - ok
07:50:22.0602 2916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:50:22.0603 2916 mouclass - ok
07:50:22.0608 2916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:50:22.0609 2916 mouhid - ok
07:50:22.0614 2916 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:50:22.0616 2916 mountmgr - ok
07:50:22.0622 2916 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:50:22.0623 2916 MozillaMaintenance - ok
07:50:22.0632 2916 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
07:50:22.0635 2916 MpFilter - ok
07:50:22.0642 2916 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:50:22.0645 2916 mpio - ok
07:50:22.0650 2916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:50:22.0652 2916 mpsdrv - ok
07:50:22.0673 2916 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:50:22.0683 2916 MpsSvc - ok
07:50:22.0690 2916 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:50:22.0692 2916 MRxDAV - ok
07:50:22.0699 2916 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:22.0702 2916 mrxsmb - ok
07:50:22.0712 2916 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:22.0716 2916 mrxsmb10 - ok
07:50:22.0723 2916 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:22.0725 2916 mrxsmb20 - ok
07:50:22.0729 2916 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:50:22.0731 2916 msahci - ok
07:50:22.0737 2916 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:50:22.0740 2916 msdsm - ok
07:50:22.0746 2916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:50:22.0749 2916 MSDTC - ok
07:50:22.0757 2916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:50:22.0759 2916 Msfs - ok
07:50:22.0766 2916 msftesql (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
07:50:22.0767 2916 msftesql - ok
07:50:22.0775 2916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:50:22.0776 2916 mshidkmdf - ok
07:50:22.0780 2916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:50:22.0781 2916 msisadrv - ok
07:50:22.0788 2916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:50:22.0792 2916 MSiSCSI - ok
07:50:22.0795 2916 msiserver - ok
07:50:22.0800 2916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:50:22.0801 2916 MSKSSRV - ok
07:50:22.0807 2916 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:50:22.0807 2916 MsMpSvc - ok
07:50:22.0812 2916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:22.0813 2916 MSPCLOCK - ok
07:50:22.0817 2916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:50:22.0818 2916 MSPQM - ok
07:50:22.0829 2916 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:50:22.0834 2916 MsRPC - ok
07:50:22.0841 2916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:50:22.0843 2916 mssmbios - ok
07:50:22.0845 2916 MSSQLSERVER - ok
07:50:22.0851 2916 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:50:22.0851 2916 MSSQLServerADHelper - ok
07:50:22.0856 2916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:50:22.0857 2916 MSTEE - ok
07:50:22.0861 2916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:50:22.0862 2916 MTConfig - ok
07:50:22.0867 2916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:50:22.0869 2916 Mup - ok
07:50:22.0882 2916 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:50:22.0889 2916 napagent - ok
07:50:22.0899 2916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:50:22.0904 2916 NativeWifiP - ok
07:50:22.0927 2916 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:50:22.0937 2916 NDIS - ok
07:50:22.0943 2916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:50:22.0944 2916 NdisCap - ok
07:50:22.0948 2916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:22.0950 2916 NdisTapi - ok
07:50:22.0956 2916 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:22.0958 2916 Ndisuio - ok
07:50:22.0964 2916 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:22.0967 2916 NdisWan - ok
07:50:22.0973 2916 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:50:22.0974 2916 NDProxy - ok
07:50:22.0979 2916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:50:22.0980 2916 NetBIOS - ok
07:50:22.0989 2916 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:50:22.0992 2916 NetBT - ok
07:50:22.0997 2916 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:50:22.0998 2916 Netlogon - ok
07:50:23.0009 2916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:50:23.0013 2916 Netman - ok
07:50:23.0026 2916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:50:23.0033 2916 netprofm - ok
07:50:23.0040 2916 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:50:23.0042 2916 NetTcpPortSharing - ok
07:50:23.0204 2916 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
07:50:23.0278 2916 NETw5s64 - ok
07:50:23.0476 2916 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
07:50:23.0529 2916 netw5v64 - ok
07:50:23.0827 2916 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
07:50:23.0907 2916 NETwNs64 - ok
07:50:23.0934 2916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:50:23.0936 2916 nfrd960 - ok
07:50:23.0942 2916 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:50:23.0944 2916 NisDrv - ok
07:50:23.0956 2916 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
07:50:23.0958 2916 NisSrv - ok
07:50:23.0969 2916 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:50:23.0975 2916 NlaSvc - ok
07:50:23.0979 2916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:50:23.0981 2916 Npfs - ok
07:50:23.0985 2916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:50:23.0988 2916 nsi - ok
07:50:23.0992 2916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:50:23.0993 2916 nsiproxy - ok
07:50:24.0040 2916 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:50:24.0057 2916 Ntfs - ok
07:50:24.0079 2916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:50:24.0080 2916 Null - ok
07:50:24.0088 2916 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:50:24.0090 2916 nvraid - ok
07:50:24.0097 2916 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:50:24.0100 2916 nvstor - ok
07:50:24.0106 2916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:50:24.0109 2916 nv_agp - ok
07:50:24.0125 2916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:50:24.0127 2916 odserv - ok
07:50:24.0133 2916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:50:24.0135 2916 ohci1394 - ok
07:50:24.0141 2916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:50:24.0142 2916 ose - ok
07:50:24.0156 2916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:50:24.0159 2916 p2pimsvc - ok
07:50:24.0179 2916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:50:24.0185 2916 p2psvc - ok
07:50:24.0192 2916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:50:24.0194 2916 Parport - ok
07:50:24.0200 2916 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:50:24.0202 2916 partmgr - ok
07:50:24.0212 2916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:50:24.0216 2916 PcaSvc - ok
07:50:24.0224 2916 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:50:24.0227 2916 pci - ok
07:50:24.0231 2916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:50:24.0233 2916 pciide - ok
07:50:24.0242 2916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:50:24.0245 2916 pcmcia - ok
07:50:24.0250 2916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:50:24.0252 2916 pcw - ok
07:50:24.0271 2916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:50:24.0278 2916 PEAUTH - ok
07:50:24.0301 2916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:50:24.0303 2916 PerfHost - ok
07:50:24.0347 2916 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:50:24.0359 2916 pla - ok
07:50:24.0375 2916 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:50:24.0379 2916 PlugPlay - ok
07:50:24.0384 2916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:50:24.0386 2916 PNRPAutoReg - ok
07:50:24.0398 2916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:50:24.0401 2916 PNRPsvc - ok
07:50:24.0421 2916 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:50:24.0427 2916 PolicyAgent - ok
07:50:24.0437 2916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:50:24.0440 2916 Power - ok
07:50:24.0449 2916 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:50:24.0451 2916 PptpMiniport - ok
07:50:24.0457 2916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:50:24.0458 2916 Processor - ok
07:50:24.0467 2916 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:50:24.0470 2916 ProfSvc - ok
07:50:24.0475 2916 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:50:24.0477 2916 ProtectedStorage - ok
07:50:24.0483 2916 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:50:24.0484 2916 Psched - ok
07:50:24.0519 2916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:50:24.0528 2916 ql2300 - ok
07:50:24.0549 2916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:50:24.0550 2916 ql40xx - ok
07:50:24.0561 2916 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:50:24.0563 2916 QWAVE - ok
07:50:24.0569 2916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:50:24.0570 2916 QWAVEdrv - ok
07:50:24.0574 2916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:50:24.0575 2916 RasAcd - ok
07:50:24.0580 2916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:50:24.0581 2916 RasAgileVpn - ok
07:50:24.0588 2916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:50:24.0590 2916 RasAuto - ok
07:50:24.0597 2916 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:24.0599 2916 Rasl2tp - ok
07:50:24.0610 2916 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:50:24.0613 2916 RasMan - ok
07:50:24.0619 2916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:24.0621 2916 RasPppoe - ok
07:50:24.0627 2916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:50:24.0629 2916 RasSstp - ok
07:50:24.0639 2916 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:50:24.0643 2916 rdbss - ok
07:50:24.0648 2916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:50:24.0649 2916 rdpbus - ok
07:50:24.0652 2916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:24.0653 2916 RDPCDD - ok
07:50:24.0659 2916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:50:24.0659 2916 RDPENCDD - ok
07:50:24.0666 2916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:50:24.0666 2916 RDPREFMP - ok
07:50:24.0675 2916 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:50:24.0678 2916 RDPWD - ok
07:50:24.0687 2916 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:50:24.0690 2916 rdyboost - ok
07:50:24.0696 2916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:50:24.0698 2916 RemoteAccess - ok
07:50:24.0706 2916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:50:24.0709 2916 RemoteRegistry - ok
07:50:24.0716 2916 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
07:50:24.0718 2916 RFCOMM - ok
07:50:24.0724 2916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:50:24.0726 2916 RpcEptMapper - ok
07:50:24.0730 2916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:50:24.0732 2916 RpcLocator - ok
07:50:24.0746 2916 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
07:50:24.0750 2916 RpcSs - ok
07:50:24.0756 2916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:50:24.0758 2916 rspndr - ok
07:50:24.0768 2916 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
07:50:24.0769 2916 RSUSBSTOR - ok
07:50:24.0775 2916 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:50:24.0776 2916 SamSs - ok
07:50:24.0781 2916 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:50:24.0781 2916 SASDIFSV - ok
07:50:24.0786 2916 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:50:24.0786 2916 SASKUTIL - ok
07:50:24.0793 2916 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:50:24.0794 2916 sbp2port - ok
07:50:24.0802 2916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:50:24.0805 2916 SCardSvr - ok
07:50:24.0810 2916 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:50:24.0811 2916 scfilter - ok
07:50:24.0836 2916 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:50:24.0844 2916 Schedule - ok
07:50:24.0850 2916 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:50:24.0851 2916 SCPolicySvc - ok
07:50:24.0857 2916 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
07:50:24.0860 2916 sdbus - ok
07:50:24.0867 2916 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:50:24.0870 2916 SDRSVC - ok
07:50:24.0880 2916 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
07:50:24.0882 2916 SeaPort - ok
07:50:24.0886 2916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:50:24.0887 2916 secdrv - ok
07:50:24.0892 2916 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:50:24.0894 2916 seclogon - ok
07:50:24.0900 2916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:50:24.0902 2916 SENS - ok
07:50:24.0907 2916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:50:24.0909 2916 SensrSvc - ok
07:50:24.0913 2916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:50:24.0914 2916 Serenum - ok
07:50:24.0920 2916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:50:24.0922 2916 Serial - ok
07:50:24.0926 2916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:50:24.0927 2916 sermouse - ok
07:50:24.0939 2916 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:50:24.0942 2916 SessionEnv - ok
07:50:24.0946 2916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:50:24.0947 2916 sffdisk - ok
07:50:24.0951 2916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:50:24.0952 2916 sffp_mmc - ok
07:50:24.0958 2916 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:50:24.0959 2916 sffp_sd - ok
07:50:24.0963 2916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:50:24.0964 2916 sfloppy - ok
07:50:24.0976 2916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:50:24.0979 2916 SharedAccess - ok
07:50:24.0991 2916 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:50:24.0994 2916 ShellHWDetection - ok
07:50:24.0999 2916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:50:25.0000 2916 SiSRaid2 - ok
07:50:25.0006 2916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:50:25.0007 2916 SiSRaid4 - ok
07:50:25.0015 2916 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:50:25.0016 2916 SkypeUpdate - ok
07:50:25.0022 2916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:50:25.0024 2916 Smb - ok
07:50:25.0032 2916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:50:25.0034 2916 SNMPTRAP - ok
07:50:25.0038 2916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:50:25.0039 2916 spldr - ok
07:50:25.0054 2916 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:50:25.0059 2916 Spooler - ok
07:50:25.0133 2916 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:50:25.0155 2916 sppsvc - ok
07:50:25.0176 2916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:50:25.0178 2916 sppuinotify - ok
07:50:25.0188 2916 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:50:25.0190 2916 SQLBrowser - ok
07:50:25.0201 2916 SQLSERVERAGENT (274f93238b8c3a311e6751638a38f159) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
07:50:25.0203 2916 SQLSERVERAGENT - ok
07:50:25.0212 2916 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:50:25.0213 2916 SQLWriter - ok
07:50:25.0228 2916 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:50:25.0234 2916 srv - ok
07:50:25.0247 2916 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:50:25.0252 2916 srv2 - ok
07:50:25.0263 2916 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
07:50:25.0265 2916 SrvHsfHDA - ok
07:50:25.0298 2916 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:50:25.0307 2916 SrvHsfV92 - ok
07:50:25.0339 2916 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:50:25.0344 2916 SrvHsfWinac - ok
07:50:25.0352 2916 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:50:25.0354 2916 srvnet - ok
07:50:25.0362 2916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:50:25.0365 2916 SSDPSRV - ok
07:50:25.0371 2916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:50:25.0373 2916 SstpSvc - ok
07:50:25.0390 2916 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
07:50:25.0418 2916 STacSV - ok
07:50:25.0423 2916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:50:25.0424 2916 stexstor - ok
07:50:25.0438 2916 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
07:50:25.0441 2916 STHDA - ok
07:50:25.0457 2916 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:50:25.0463 2916 stisvc - ok
07:50:25.0467 2916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:50:25.0468 2916 swenum - ok
07:50:25.0483 2916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:50:25.0487 2916 swprv - ok
07:50:25.0499 2916 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
07:50:25.0502 2916 SynTP - ok
07:50:25.0540 2916 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:50:25.0552 2916 SysMain - ok
07:50:25.0571 2916 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:50:25.0573 2916 TabletInputService - ok
07:50:25.0583 2916 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:50:25.0587 2916 TapiSrv - ok
07:50:25.0593 2916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:50:25.0596 2916 TBS - ok
07:50:25.0639 2916 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:50:25.0659 2916 Tcpip - ok
07:50:25.0730 2916 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:50:25.0741 2916 TCPIP6 - ok
07:50:25.0768 2916 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:50:25.0770 2916 tcpipreg - ok
07:50:25.0776 2916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:50:25.0777 2916 TDPIPE - ok
07:50:25.0782 2916 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:50:25.0783 2916 TDTCP - ok
07:50:25.0789 2916 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:50:25.0792 2916 tdx - ok
07:50:25.0798 2916 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:50:25.0799 2916 TermDD - ok
07:50:25.0821 2916 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:50:25.0826 2916 TermService - ok
07:50:25.0830 2916 TfFsMon - ok
07:50:25.0835 2916 TfNetMon - ok
07:50:25.0840 2916 TfSysMon - ok
07:50:25.0846 2916 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:50:25.0848 2916 Themes - ok
07:50:25.0854 2916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:50:25.0856 2916 THREADORDER - ok
07:50:25.0863 2916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:50:25.0865 2916 TrkWks - ok
07:50:25.0873 2916 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:50:25.0874 2916 TrustedInstaller - ok
07:50:25.0881 2916 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:25.0882 2916 tssecsrv - ok
07:50:25.0888 2916 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:50:25.0890 2916 TsUsbFlt - ok
07:50:25.0897 2916 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:50:25.0899 2916 tunnel - ok
07:50:25.0905 2916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:50:25.0906 2916 uagp35 - ok
07:50:25.0916 2916 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:50:25.0921 2916 udfs - ok
07:50:25.0929 2916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:50:25.0932 2916 UI0Detect - ok
07:50:25.0937 2916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:50:25.0938 2916 uliagpkx - ok
07:50:25.0943 2916 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:50:25.0945 2916 umbus - ok
07:50:25.0949 2916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:50:25.0949 2916 UmPass - ok
07:50:25.0961 2916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:50:25.0965 2916 upnphost - ok
07:50:25.0971 2916 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:50:25.0972 2916 USBAAPL64 - ok
07:50:25.0978 2916 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:50:25.0980 2916 usbaudio - ok
07:50:25.0987 2916 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:25.0989 2916 usbccgp - ok
07:50:25.0995 2916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:50:25.0996 2916 usbcir - ok
07:50:26.0001 2916 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:50:26.0003 2916 usbehci - ok
07:50:26.0013 2916 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:50:26.0018 2916 usbhub - ok
07:50:26.0023 2916 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:50:26.0024 2916 usbohci - ok
07:50:26.0029 2916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:50:26.0030 2916 usbprint - ok
07:50:26.0036 2916 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:26.0038 2916 USBSTOR - ok
07:50:26.0042 2916 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:50:26.0044 2916 usbuhci - ok
07:50:26.0051 2916 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
07:50:26.0054 2916 usbvideo - ok
07:50:26.0059 2916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:50:26.0062 2916 UxSms - ok
07:50:26.0066 2916 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:50:26.0068 2916 VaultSvc - ok
07:50:26.0073 2916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:50:26.0074 2916 vdrvroot - ok
07:50:26.0089 2916 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:50:26.0094 2916 vds - ok
07:50:26.0099 2916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:26.0100 2916 vga - ok
07:50:26.0105 2916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:50:26.0106 2916 VgaSave - ok
07:50:26.0114 2916 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:50:26.0117 2916 vhdmp - ok
07:50:26.0122 2916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:50:26.0123 2916 viaide - ok
07:50:26.0129 2916 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:50:26.0131 2916 volmgr - ok
07:50:26.0142 2916 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:50:26.0147 2916 volmgrx - ok
07:50:26.0157 2916 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:50:26.0162 2916 volsnap - ok
07:50:26.0169 2916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:50:26.0171 2916 vsmraid - ok
07:50:26.0206 2916 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:50:26.0217 2916 VSS - ok
07:50:26.0236 2916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:50:26.0237 2916 vwifibus - ok
07:50:26.0242 2916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:50:26.0244 2916 vwififlt - ok
07:50:26.0257 2916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:50:26.0261 2916 W32Time - ok
07:50:26.0268 2916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:50:26.0269 2916 WacomPen - ok
07:50:26.0275 2916 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:26.0277 2916 WANARP - ok
07:50:26.0280 2916 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:26.0281 2916 Wanarpv6 - ok
07:50:26.0310 2916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:50:26.0317 2916 WatAdminSvc - ok
07:50:26.0351 2916 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:50:26.0362 2916 wbengine - ok
07:50:26.0382 2916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:50:26.0385 2916 WbioSrvc - ok
07:50:26.0397 2916 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:50:26.0401 2916 wcncsvc - ok
07:50:26.0407 2916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:50:26.0412 2916 WcsPlugInService - ok
07:50:26.0420 2916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:50:26.0420 2916 Wd - ok
07:50:26.0425 2916 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
07:50:26.0425 2916 WDC_SAM - ok
07:50:26.0442 2916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:50:26.0451 2916 Wdf01000 - ok
07:50:26.0458 2916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:50:26.0460 2916 WdiServiceHost - ok
07:50:26.0463 2916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:50:26.0466 2916 WdiSystemHost - ok
07:50:26.0476 2916 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:50:26.0479 2916 WebClient - ok
07:50:26.0488 2916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:50:26.0491 2916 Wecsvc - ok
07:50:26.0497 2916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:50:26.0500 2916 wercplsupport - ok
07:50:26.0506 2916 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:50:26.0509 2916 WerSvc - ok
07:50:26.0515 2916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:50:26.0516 2916 WfpLwf - ok
07:50:26.0521 2916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:50:26.0522 2916 WIMMount - ok
07:50:26.0526 2916 WinDefend - ok
07:50:26.0531 2916 WinHttpAutoProxySvc - ok
07:50:26.0543 2916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:50:26.0545 2916 Winmgmt - ok
07:50:26.0589 2916 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:50:26.0602 2916 WinRM - ok
07:50:26.0627 2916 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:50:26.0628 2916 WinUsb - ok
07:50:26.0649 2916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:50:26.0656 2916 Wlansvc - ok
07:50:26.0661 2916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:50:26.0663 2916 WmiAcpi - ok
07:50:26.0674 2916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:50:26.0676 2916 wmiApSrv - ok
07:50:26.0680 2916 WMPNetworkSvc - ok
07:50:26.0686 2916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:50:26.0688 2916 WPCSvc - ok
07:50:26.0695 2916 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:50:26.0697 2916 WPDBusEnum - ok
07:50:26.0702 2916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:50:26.0704 2916 ws2ifsl - ok
07:50:26.0710 2916 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:50:26.0713 2916 wscsvc - ok
07:50:26.0718 2916 WSearch - ok
07:50:26.0770 2916 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:50:26.0786 2916 wuauserv - ok
07:50:26.0807 2916 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:50:26.0809 2916 WudfPf - ok
07:50:26.0817 2916 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:26.0820 2916 WUDFRd - ok
07:50:26.0826 2916 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:50:26.0829 2916 wudfsvc - ok
07:50:26.0838 2916 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:50:26.0841 2916 WwanSvc - ok
07:50:26.0855 2916 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
07:50:26.0857 2916 yukonw7 - ok
07:50:26.0869 2916 MBR (0x1B8) (d66a4aabd12cb57ad82b060d4bded7a3) \Device\Harddisk0\DR0
07:50:26.0873 2916 \Device\Harddisk0\DR0 - ok
07:50:26.0876 2916 Boot (0x1200) (bb1c186a41961f5379c8722d76f71f36) \Device\Harddisk0\DR0\Partition0
07:50:26.0877 2916 \Device\Harddisk0\DR0\Partition0 - ok
07:50:26.0880 2916 Boot (0x1200) (9ead5f797202012c79c97c7f43b5b705) \Device\Harddisk0\DR0\Partition1
07:50:26.0881 2916 \Device\Harddisk0\DR0\Partition1 - ok
07:50:26.0884 2916 Boot (0x1200) (6d448a06a7c2ec9fee043c169ec319ee) \Device\Harddisk0\DR0\Partition2
07:50:26.0885 2916 \Device\Harddisk0\DR0\Partition2 - ok
07:50:26.0888 2916 Boot (0x1200) (6b21c3e1484fceb55f9daa1a8d545caa) \Device\Harddisk0\DR0\Partition3
07:50:26.0888 2916 \Device\Harddisk0\DR0\Partition3 - ok
07:50:26.0889 2916 ============================================================
07:50:26.0889 2916 Scan finished
07:50:26.0889 2916 ============================================================
07:50:26.0897 0356 Detected object count: 0
07:50:26.0897 0356 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 07:52:56
-----------------------------
07:52:56.420 OS Version: Windows x64 6.1.7601 Service Pack 1
07:52:56.420 Number of processors: 2 586 0x170A
07:52:56.421 ComputerName: TOMFLYNN-W7 UserName: tomflynn
07:52:56.793 Initialize success
07:55:07.051 AVAST engine defs: 12050601
07:56:09.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:56:09.521 Disk 0 Vendor: INTEL_SS 2CV1 Size: 152627MB BusType: 3
07:56:09.524 Disk 0 MBR read successfully
07:56:09.526 Disk 0 MBR scan
07:56:09.534 Disk 0 unknown MBR code
07:56:09.537 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
07:56:09.571 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 137543 MB offset 409600
07:56:09.603 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14781 MB offset 282097664
07:56:09.636 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 312369152
07:56:09.762 Disk 0 scanning C:\Windows\system32\drivers
07:56:15.604 Service scanning
07:56:32.554 Modules scanning
07:56:32.563 Disk 0 trace - called modules:
07:56:32.895 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
07:56:32.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b74660]
07:56:32.906 3 CLASSPNP.SYS[fffff8800113d43f] -> nt!IofCallDriver -> [0xfffffa8005b73320]
07:56:32.912 5 hpdskflt.sys[fffff880023de189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bea050]
07:56:33.451 AVAST engine scan C:\Windows
07:56:35.555 AVAST engine scan C:\Windows\system32
07:59:38.207 AVAST engine scan C:\Windows\system32\drivers
07:59:53.153 AVAST engine scan C:\Users\tomflynn
08:02:28.852 AVAST engine scan C:\ProgramData
08:02:40.587 Scan finished successfully
08:04:22.633 Disk 0 MBR has been saved successfully to "C:\Users\tomflynn\Desktop\MBR.dat"
08:04:22.726 The log file has been saved successfully to "C:\Users\tomflynn\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 07 May 2012 - 08:11 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Conduit
c:\users\tomflynn\AppData\Local\Conduit

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 08:40 AM

Thanks Gringo. Computer is running ok, still not sure if it's safe to log into my email, etc though.

Combofix log:
ComboFix 12-05-06.01 - tomflynn 07/05/2012 14:29:26.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.5023.3547 [GMT 1:00]
Running from: c:\users\tomflynn\Desktop\ComboFix.exe
Command switches used :: c:\users\tomflynn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\users\tomflynn\AppData\Local\Conduit
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 13:32 . 2012-05-07 13:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-07 13:32 . 2012-05-07 13:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 13:32 . 2012-05-07 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 07:13 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3ED1582-F880-402A-8E67-018A72526F5F}\mpengine.dll
2012-05-06 21:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 16:51 . 2012-05-05 16:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 16:51 . 2012-05-05 16:51 -------- d-----r- c:\program files (x86)\Skype
2012-05-03 22:48 . 2012-05-03 22:48 -------- d-----w- c:\program files (x86)\Camfrog
2012-05-03 21:01 . 2012-05-03 21:01 -------- d-----w- c:\users\tomflynn\AppData\Local\WinZip
2012-05-03 21:01 . 2012-05-03 21:01 -------- d-----w- c:\programdata\WinZip
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\users\tomflynn\AppData\Roaming\SUPERAntiSpyware.com
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-02 20:57 . 2012-05-02 20:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-01 22:22 . 2012-05-01 22:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 22:22 . 2012-05-01 22:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 22:16 . 2012-05-01 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-01 22:16 . 2012-05-01 22:16 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-01 22:16 . 2012-05-01 22:16 -------- d-----w- c:\program files (x86)\Java
2012-05-01 21:58 . 2012-05-01 21:58 -------- d-----w- c:\users\tomflynn\AppData\Roaming\AVG2012
2012-04-18 10:28 . 2012-03-13 04:38 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-18 10:28 . 2012-03-13 04:38 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-18 10:28 . 2012-03-13 04:38 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-18 10:28 . 2012-03-13 04:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-04-18 10:28 . 2012-03-13 04:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-04-18 01:08 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-04-18 00:52 . 2012-04-18 00:52 -------- d-----w- c:\program files\CCleaner
2012-04-17 21:56 . 2012-04-17 21:56 -------- d-----w- c:\users\tomflynn\AppData\Local\CrashRpt
2012-04-12 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 21:45 . 2012-04-09 21:45 -------- d-----w- c:\windows\SysWow64\custom matrices
2012-04-09 21:45 . 2012-04-09 21:45 -------- d-----w- c:\windows\SysWow64\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 22:16 . 2010-12-06 04:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 14:56 . 2012-03-28 00:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 21:35 . 2012-04-01 21:35 388096 ----a-r- c:\users\tomflynn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-01 19:01 . 2012-04-01 19:01 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-01 19:01 . 2012-04-01 19:01 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 21:49 . 2012-03-27 21:49 388096 ----a-r- c:\users\Guest\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:24 . 2012-03-24 02:23 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-20 19:44 . 2010-10-24 10:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2010-03-25 13:30 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-28 05:26 . 2012-02-28 05:26 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2012-02-17 06:38 . 2012-03-14 01:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 01:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 01:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 16:22 . 2012-02-10 16:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DC96B3C-AD41-4C58-9131-D77862C871E9}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 01:02 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 01:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-01_22.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 01:00 . 2012-05-03 20:57 63636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-07 13:23 64880 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-06 07:38 . 2012-05-07 13:23 11808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198735896-1395531648-2674371458-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-05-06 06:22 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-03 21:01 . 2012-05-03 21:01 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}\IconCD95F6617.exe
+ 2012-05-03 20:55 . 2012-05-07 13:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-01 22:45 . 2012-05-01 22:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-01 22:45 . 2012-05-01 22:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-03 20:55 . 2012-05-07 13:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-07 13:25 717916 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-01 22:10 717916 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-07 13:25 140382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-01 22:10 140382 c:\windows\system32\perfc009.dat
- 2012-05-01 21:58 . 2012-05-01 21:58 437408 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-03 20:28 . 2012-05-03 20:28 437408 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-05-01 22:45 403608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-03 20:31 403608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-05 16:51 . 2012-05-05 16:51 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-05-03 21:01 . 2012-05-03 21:01 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}\IconCD95F66110.exe
- 2010-12-06 07:33 . 2012-05-01 22:45 5428768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-8192.dat
+ 2010-12-06 07:33 . 2012-05-03 20:31 5428768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-8192.dat
+ 2011-05-31 10:32 . 2012-05-02 22:01 3127276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-12288.dat
- 2011-05-31 10:32 . 2012-05-01 22:45 3127276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4198735896-1395531648-2674371458-1001-12288.dat
+ 2012-05-05 16:51 . 2012-05-05 16:51 19230720 c:\windows\Installer\96d51bf.msi
+ 2012-04-10 15:50 . 2012-04-10 15:50 24623616 c:\windows\Installer\4cf81.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camfrog"="c:\program files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2012-01-05 52616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe" [2009-07-31 76584]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe [2009-07-31 83240]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DVMIO;c:\qw.sys\config\dvmio.sys [2009-09-26 21624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qw.sys\config\DVMExportService.exe [2009-06-09 323672]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 22:22]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleFortomflynn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 365592]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\tomflynn\AppData\Roaming\Mozilla\Firefox\Profiles\t6ik1uji.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-07 14:35:10
ComboFix-quarantined-files.txt 2012-05-07 13:35
ComboFix2.txt 2012-05-06 14:00
ComboFix3.txt 2012-03-31 17:41
.
Pre-Run: 40,137,146,368 bytes free
Post-Run: 40,180,604,928 bytes free
.
- - End Of File - - BCBB4A6F086301397E7E19079E0173D1

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 07 May 2012 - 09:00 AM

Hello

Go ahead and log into your email and check the computer out and let me know if there is anything else that needs to be addressed

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 09:14 AM

So no sign of infection?

Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.62b
Adobe Reader X (10.1.3)
Adobe Shockwave Player
AX88772A & AX88772 Windows 7 Drivers
Camfrog Video Chat 6.2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink DVD Suite
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
ESU for Microsoft Windows 7
HiJackThis
HP Customer Experience Enhancements
HP Envy Document Card Utilities
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart Webcam
HP Quick Launch Buttons
HP QuickWeb Installer
HP Setup
HP Update
HP User Guides 0132
HP Wireless Assistant
IDT Audio
Intel Digital Logo
Java Auto Updater
Java™ 6 Update 31
Just Great Software EditPad Lite 6.6.4
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Power2Go
PX Profile Update
QLBCASL
Realtek USB 2.0 Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Windows Media Encoder 9 Series
WinRAR 4.00 (32-bit)
Yahoo! Detect

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 07 May 2012 - 09:27 AM

Hello

as far as the computer is concerned things look good




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 09:49 AM

The only problems are incoming and outgoing IP blocks from Malware Bytes. Internet feels a bit slow, but that could be my imagination or not related.

Malware Bytes log:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tomflynn :: TOMFLYNN-W7 [administrator]

Protection: Enabled

7/05/2012 3:31:14 PM
mbam-log-2012-05-07 (15-31-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222419
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:10 PM, on 7/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Documention Flash Card Detection Service (hpdoccardsvc) - Hewlett-Packard Developement Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8255 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 07 May 2012 - 12:08 PM

Greetings

The only problems are incoming and outgoing IP blocks from Malware Bytes

What program does it list




:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Camfrog] "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 06:35 PM

Thanks again Gringo. The MWB IP blocks are coming from skype and firefox. Is it normal?

Missed the ESET log the first scan I did (though nothing was found). Am Scanning with ESET again now, will post log once complete.

#14 spacboy

spacboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 May 2012 - 06:38 PM

Can't see how to access the log, so here's a screenshot. Nothing found again though..

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 PM

Posted 08 May 2012 - 09:22 AM

Hello


i want you to uninstall firefox and if asked about user data or settings remove that also


can you do the same thing for skype?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users