Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a 80000000.@ Virus known as: Rootkit.ZeroAccess, Trojan.Sirefef


  • This topic is locked This topic is locked
21 replies to this topic

#1 cwallace83

cwallace83

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 06 June 2012 - 10:41 AM

I was directed to this forum to get assistance with my issue. I have a 80000000.@ Virus known as: Rootkit.ZeroAccess, Trojan.Sirefef. After running all of this stuff below I still get warning of infection. HELP! =)

Symantec and Malwarebytes have all come back clean. I've run the TDS Killer, that came back clean. I've run the SUPERantispyware, that came back clean.

these are the results from the GMER I ran:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 16:51:21
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dae5104a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dae5104a (not active ControlSet)

---- EOF - GMER 1.0.15 ----



These are the results from the DDS Tool I ran:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by cwallace at 8:31:14 on 2012-06-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5686 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Users\cwallace\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
\\.\globalroot\systemroot\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}\U
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uWindow Title = Windows Internet Explorer provided by MCR
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
uRun: [Google Update] "C:\Users\cwallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
StartupFolder: C:\Users\cwallace\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\cwallace\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: amexnetwork.com\offers
Trusted Zone: apple.com\developer
Trusted Zone: mcri.com
Trusted Zone: snapfish.com\www5
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.4.10 192.168.3.12
TCP: Interfaces\{23BB6B8D-B68A-4E1A-8FD8-315ABB275562} : DhcpNameServer = 192.168.4.10 192.168.3.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 accoca;ActivClient Middleware Service;C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe [2007-5-15 182576]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-12 89600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-12 1997416]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-7-12 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-8-23 2477304]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2656280]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-4 136176]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-4 136176]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-05 23:56:16 -------- d-----r- C:\Users\cwallace\Dropbox
2012-06-05 23:54:49 -------- d-----w- C:\Users\cwallace\AppData\Roaming\Dropbox
2012-06-05 22:41:44 -------- d-----w- C:\Users\cwallace\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:41:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-05 22:41:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-05 16:18:13 -------- d-----w- C:\Users\cwallace\AppData\Local\NPE
2012-06-05 16:18:13 -------- d-----w- C:\ProgramData\Norton
2012-06-04 21:51:08 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-04 21:50:51 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-04 19:30:19 -------- d-----w- C:\639e0fd89b1387d89f6b73d7
2012-06-04 19:18:18 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18:18 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-04 19:18:18 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-04 19:18:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-04 19:17:50 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-04 16:45:53 -------- d-sh--w- C:\Windows\System32\%APPDATA%
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2007-03-29 19:41:28 992176 ----a-w- C:\Program Files (x86)\Common Files\agent.exe
.
============= FINISH: 8:31:54.75 ===============

BC AdBot (Login to Remove)

 


#2 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 06 June 2012 - 12:19 PM

I just ran ComboFix here is the log: Note*** after i ran it, it rebooted my computer, and created a log (below). however, i then went to use the internet and found out that every application said that the 'registry had been tag for deletion" and didnt work. so i manually restarted and everything seems to work. I don't know if it cured my virus yet.

ComboFix 12-06-06.02 - cwallace 06/06/2012 9:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5947 [GMT -7:00]
Running from: c:\users\cwallace\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVOLM3WY\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Templates\ScorecardTemplate-Matrix.htm
c:\users\Administrator\Desktop\Setup.exe
c:\users\cwallace\AppData\Local\{872f14e1-fb83-a546-3aee-59cced5657e0}
c:\users\cwallace\AppData\Local\{872f14e1-fb83-a546-3aee-59cced5657e0}\@
c:\users\cwallace\AppData\Local\{872f14e1-fb83-a546-3aee-59cced5657e0}\n
c:\users\dkelly\AppData\Local\assembly\tmp
c:\users\dkelly\Documents\~WRL1365.tmp
c:\users\dkelly\g2mdlhlpx.exe
c:\windows\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}
c:\windows\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}\@
c:\windows\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}\n
c:\windows\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}\U\00000001.@
c:\windows\Installer\{872f14e1-fb83-a546-3aee-59cced5657e0}\U\800000cb.@
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 16:53 . 2012-06-06 16:53 -------- d-----w- c:\users\vietnguyen\AppData\Local\temp
2012-06-06 16:53 . 2012-06-06 16:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-06 16:53 . 2012-06-06 16:53 -------- d-----w- c:\users\MCRUser\AppData\Local\temp
2012-06-06 16:53 . 2012-06-06 16:53 -------- d-----w- c:\users\dkelly\AppData\Local\temp
2012-06-06 15:43 . 2012-06-06 15:59 -------- d-----w- c:\users\cwallace\AppData\Roaming\ScanSpyware
2012-06-05 23:56 . 2012-06-06 16:02 -------- d-----r- c:\users\cwallace\Dropbox
2012-06-05 23:54 . 2012-06-06 16:02 -------- d-----w- c:\users\cwallace\AppData\Roaming\Dropbox
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\users\cwallace\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 16:18 . 2012-06-05 16:33 -------- d-----w- c:\users\cwallace\AppData\Local\NPE
2012-06-05 16:18 . 2012-06-05 16:18 -------- d-----w- c:\programdata\Norton
2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\program files (x86)\Oracle
2012-06-04 21:50 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-04 19:30 . 2012-06-04 19:32 -------- d-----w- C:\639e0fd89b1387d89f6b73d7
2012-06-04 19:18 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-04 19:18 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-04 19:18 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-04 19:17 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-04 16:45 . 2012-06-04 16:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2012-02-23 16:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-03-29 19:41 . 2007-03-29 19:41 992176 ----a-w- c:\program files (x86)\Common Files\agent.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-24 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"accrdsub"="c:\program files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-16 293168]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\users\cwallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\cwallace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files (x86)\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\cwallace\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 accoca;ActivClient Middleware Service;c:\program files (x86)\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 20:33]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 20:33]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600Core.job
- c:\users\cwallace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 20:38]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600UA.job
- c:\users\cwallace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418328]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"combofix"="c:\combofix\CF19441.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: amexnetwork.com\offers
Trusted Zone: apple.com\developer
Trusted Zone: mcri.com
Trusted Zone: snapfish.com\www5
TCP: DhcpNameServer = 192.168.4.10 192.168.3.12
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-06 09:59:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-06 16:59
.
Pre-Run: 231,763,374,080 bytes free
Post-Run: 231,194,845,184 bytes free
.
- - End Of File - - 4343041A6260AAD4A78AAF432BAEE9E2

#3 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 06 June 2012 - 01:00 PM

Yup, I'm still infected. Is there anyone reading this post that can help me get rid of the 80000000.@ Virus known as: Rootkit.ZeroAccess, Trojan.Sirefef ????

Edited by cwallace83, 06 June 2012 - 01:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 07 June 2012 - 02:28 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 10 June 2012 - 12:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 June 2012 - 09:19 AM

yes i still need help -- none of those those things worked for me

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 11 June 2012 - 09:42 AM

Greetings

I don't understand - it should have made a report and I need that report to help you



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 June 2012 - 10:38 AM

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by SYSTEM at 11-06-2012 08:31:20
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-03-30] (Intel Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [1934608 2010-12-23] (Intel® Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2010-08-23] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [293168 2007-05-15] (ActivIdentity)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKU\dkelly\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\cwallace\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 accoca; "C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe" [182576 2007-05-15] (ActivIdentity)
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-23] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-23] (Symantec Corporation)
2 Credential Vault Host Control Service; "C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe" [1035680 2010-10-28] (Broadcom Corporation)
2 Credential Vault Host Storage; "C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe" [36768 2010-10-28] (Broadcom Corporation)
2 dcpsysmgrsvc; "C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe" [517488 2011-01-20] (Dell Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-03-20] (Symantec Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [2117120 2010-11-03] (Wave Systems Corp.)
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3197256 2010-08-23] (Symantec Corporation)
4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [411976 2010-08-23] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2477304 2010-08-23] (Symantec Corporation)
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1629696 2010-07-13] ()
2 TdmService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe" [3427696 2011-03-04] (Wave Systems Corp.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-01-17] (Intel Corporation)
2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

========================== Drivers (Whitelisted) =============

3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [38440 2010-08-24] (Broadcom Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-30] (Symantec Corporation)
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120610.017\ENG64.SYS [120440 2012-05-15] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120610.017\EX64.SYS [2068600 2012-05-15] (Symantec Corporation)
3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7x64.sys [72808 2011-01-03] (O2Micro )
3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7x64.sys [74984 2011-01-03] (O2Micro )
3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7x64.sys [83560 2011-03-23] (O2Micro )
0 PBADRV; C:\Windows\System32\Drivers\PBADRV.sys [32240 2008-06-04] (Dell Inc)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2010-08-23] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2010-08-23] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-08-23] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-12-14] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz134; \??\C:\Users\cwallace\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 06:53 - 2012-06-11 06:53 - 01401619 ____A C:\Users\cwallace\Downloads\FRST64.exe
2012-06-11 06:21 - 2012-06-11 08:31 - 00000000 ____D C:\FRST
2012-06-07 07:31 - 2012-06-07 07:31 - 00223982 ____A C:\Users\cwallace\Desktop\CLIN2126_Feb12.wsa
2012-06-06 09:00 - 2012-06-06 09:00 - 00023887 ____A C:\Users\cwallace\Desktop\ComboFix Log.txt
2012-06-06 08:59 - 2012-06-06 08:59 - 00023887 ____A C:\ComboFix.txt
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-06-06 08:46 - 2012-06-06 08:58 - 00000000 ____D C:\Windows\ERDNT
2012-06-06 08:46 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-06 08:46 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-06 08:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-06 08:46 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-06 08:46 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-06 08:46 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-06 08:46 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-06 08:46 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-06 08:44 - 2012-06-06 08:59 - 00000000 ____D C:\Qoobox
2012-06-06 08:19 - 2012-06-06 08:19 - 00000286 ____A C:\Windows\reimage.ini
2012-06-06 07:43 - 2012-06-06 07:59 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\ScanSpyware
2012-06-06 07:32 - 2012-06-06 07:32 - 00022731 ____A C:\Users\cwallace\Desktop\DDS.txt
2012-06-05 15:56 - 2012-06-11 07:12 - 00000000 ___RD C:\Users\cwallace\Dropbox
2012-06-05 15:56 - 2012-06-05 15:56 - 00001006 ____A C:\Users\cwallace\Desktop\Dropbox.lnk
2012-06-05 15:54 - 2012-06-11 07:12 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\Dropbox
2012-06-05 14:41 - 2012-06-05 14:41 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-05 14:19 - 2012-06-05 15:02 - 00277070 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_15.19.00_log.txt
2012-06-05 11:27 - 2012-06-05 14:41 - 00000896 ____A C:\Windows\ntbtlog.txt
2012-06-05 08:18 - 2012-06-05 08:33 - 00000000 ____D C:\Users\cwallace\AppData\Local\NPE
2012-06-05 08:18 - 2012-06-05 08:18 - 00000000 ____D C:\Users\All Users\Norton
2012-06-04 13:51 - 2012-06-04 13:51 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-04 13:50 - 2012-04-04 17:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-04 13:50 - 2012-04-04 17:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-04 11:30 - 2012-06-04 11:32 - 00000000 ____D C:\639e0fd89b1387d89f6b73d7
2012-06-04 11:17 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-04 08:45 - 2012-06-04 08:45 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-29 06:13 - 2012-05-29 06:13 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\Mozilla
2012-05-21 12:12 - 2012-05-21 12:16 - 00021790 ____A C:\Users\cwallace\Desktop\Casey Wallace_Wellness Benefit 2012_additional information.pdf
2012-05-18 08:11 - 2012-05-18 08:11 - 00054257 ____A C:\Users\cwallace\Desktop\Casey Wallace_Wellness Benefit 2012.pdf
2012-05-16 09:41 - 2012-05-30 09:33 - 00000000 ____D C:\Users\cwallace\Desktop\wInsight Backups
2012-05-15 07:48 - 2012-06-05 15:57 - 00000000 ____D C:\Users\cwallace\Desktop\Personal
2012-05-15 07:47 - 2012-05-15 07:48 - 00000000 ____D C:\Users\cwallace\Desktop\A004 Technical Report CDRLs
2012-05-15 07:46 - 2012-05-17 08:56 - 00000000 ____D C:\Users\cwallace\Desktop\EVM Analysis
2012-05-15 07:29 - 2012-05-29 13:49 - 00000000 ____D C:\Users\cwallace\Desktop\DCARC Data

============ 3 Months Modified Files and Folders =============

2012-06-11 08:31 - 2012-06-11 06:21 - 00000000 ____D C:\FRST
2012-06-11 07:17 - 2011-08-05 08:28 - 00000208 ____A C:\Windows\System32\config\netlogon.ftl
2012-06-11 07:17 - 2011-07-12 07:43 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-11 07:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 07:16 - 2009-07-13 20:51 - 00077552 ____A C:\Windows\setupact.log
2012-06-11 07:14 - 2012-01-04 12:33 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 07:13 - 2012-01-19 09:57 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600UA.job
2012-06-11 07:12 - 2012-06-05 15:56 - 00000000 ___RD C:\Users\cwallace\Dropbox
2012-06-11 07:12 - 2012-06-05 15:54 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\Dropbox
2012-06-11 06:57 - 2011-07-12 05:54 - 01481706 ____A C:\Windows\WindowsUpdate.log
2012-06-11 06:57 - 2009-07-13 21:13 - 00772542 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 06:55 - 2012-01-04 12:33 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 06:53 - 2012-06-11 06:53 - 01401619 ____A C:\Users\cwallace\Downloads\FRST64.exe
2012-06-11 06:08 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 06:08 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 08:13 - 2012-01-19 09:57 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600Core.job
2012-06-07 07:31 - 2012-06-07 07:31 - 00223982 ____A C:\Users\cwallace\Desktop\CLIN2126_Feb12.wsa
2012-06-06 09:00 - 2012-06-06 09:00 - 00023887 ____A C:\Users\cwallace\Desktop\ComboFix Log.txt
2012-06-06 08:59 - 2012-06-06 08:59 - 00023887 ____A C:\ComboFix.txt
2012-06-06 08:59 - 2012-06-06 08:44 - 00000000 ____D C:\Qoobox
2012-06-06 08:59 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-06 08:58 - 2012-06-06 08:46 - 00000000 ____D C:\Windows\ERDNT
2012-06-06 08:55 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-06 08:55 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-06 08:54 - 2010-11-20 19:47 - 00072238 ____A C:\Windows\PFRO.log
2012-06-06 08:54 - 2009-07-13 18:34 - 69206016 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-06 08:54 - 2009-07-13 18:34 - 15728640 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-06 08:54 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-06 08:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-06 08:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-06-06 08:53 - 2012-06-06 08:53 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-06-06 08:53 - 2011-08-05 11:06 - 00000000 ____D C:\users\dkelly
2012-06-06 08:44 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 08:21 - 2011-12-16 10:55 - 00000000 ____D C:\Users\cwallace\AppData\LocalLow
2012-06-06 08:19 - 2012-06-06 08:19 - 00000286 ____A C:\Windows\reimage.ini
2012-06-06 07:59 - 2012-06-06 07:43 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\ScanSpyware
2012-06-06 07:32 - 2012-06-06 07:32 - 00022731 ____A C:\Users\cwallace\Desktop\DDS.txt
2012-06-05 15:57 - 2012-05-15 07:48 - 00000000 ____D C:\Users\cwallace\Desktop\Personal
2012-06-05 15:56 - 2012-06-05 15:56 - 00001006 ____A C:\Users\cwallace\Desktop\Dropbox.lnk
2012-06-05 15:56 - 2011-12-16 10:55 - 00000000 ____D C:\users\cwallace
2012-06-05 15:02 - 2012-06-05 14:19 - 00277070 ____A C:\TDSSKiller.2.7.38.0_05.06.2012_15.19.00_log.txt
2012-06-05 14:41 - 2012-06-05 14:41 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-05 14:41 - 2012-06-05 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-05 14:41 - 2012-06-05 11:27 - 00000896 ____A C:\Windows\ntbtlog.txt
2012-06-05 08:33 - 2012-06-05 08:18 - 00000000 ____D C:\Users\cwallace\AppData\Local\NPE
2012-06-05 08:18 - 2012-06-05 08:18 - 00000000 ____D C:\Users\All Users\Norton
2012-06-04 13:51 - 2012-06-04 13:51 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-04 13:50 - 2011-12-14 13:47 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-04 13:50 - 2011-12-14 13:47 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-04 13:50 - 2011-07-12 05:52 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-04 11:56 - 2011-08-05 07:08 - 00000000 ____D C:\Windows\pss
2012-06-04 11:33 - 2011-07-12 06:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-04 11:32 - 2012-06-04 11:30 - 00000000 ____D C:\639e0fd89b1387d89f6b73d7
2012-06-04 11:29 - 2011-08-05 06:16 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-04 11:29 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-04 10:39 - 2011-12-14 14:25 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-04 10:39 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2012-06-04 09:16 - 2012-03-23 13:22 - 00000000 ____D C:\Users\cwallace\Documents\My Kindle Content
2012-06-04 09:16 - 2012-02-23 08:34 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-04 09:16 - 2012-02-23 08:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-04 08:45 - 2012-06-04 08:45 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-01 12:55 - 2011-08-05 11:11 - 00043182 _RASH C:\Users\All Users\ntuser.pol
2012-05-31 09:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-05-30 10:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-30 09:33 - 2012-05-16 09:41 - 00000000 ____D C:\Users\cwallace\Desktop\wInsight Backups
2012-05-29 13:49 - 2012-05-15 07:29 - 00000000 ____D C:\Users\cwallace\Desktop\DCARC Data
2012-05-29 06:13 - 2012-05-29 06:13 - 00000000 ____D C:\Users\cwallace\AppData\Roaming\Mozilla
2012-05-29 06:13 - 2012-01-04 12:33 - 00000000 ____D C:\Users\cwallace\AppData\Local\Google
2012-05-24 14:05 - 2011-12-16 11:07 - 00000000 ____D C:\Users\cwallace\Desktop\LENS
2012-05-24 08:29 - 2011-07-12 05:58 - 00000000 ___HD C:\Windows\System32\WLANProfiles
2012-05-21 12:16 - 2012-05-21 12:12 - 00021790 ____A C:\Users\cwallace\Desktop\Casey Wallace_Wellness Benefit 2012_additional information.pdf
2012-05-18 08:11 - 2012-05-18 08:11 - 00054257 ____A C:\Users\cwallace\Desktop\Casey Wallace_Wellness Benefit 2012.pdf
2012-05-18 07:23 - 2012-01-31 09:18 - 00000000 ____D C:\Users\cwallace\Desktop\Proposal Work 2012
2012-05-17 08:56 - 2012-05-15 07:46 - 00000000 ____D C:\Users\cwallace\Desktop\EVM Analysis
2012-05-15 07:48 - 2012-05-15 07:47 - 00000000 ____D C:\Users\cwallace\Desktop\A004 Technical Report CDRLs
2012-04-04 17:47 - 2012-06-04 13:50 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 17:47 - 2012-06-04 13:50 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 14:56 - 2012-02-23 08:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 03:35 - 2012-06-04 11:17 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 14:29 - 2012-03-05 09:53 - 00000000 ____D C:\EOrganizer
2012-03-23 13:22 - 2012-03-23 13:21 - 00000000 ____D C:\Users\cwallace\AppData\Local\Amazon
2012-03-23 13:21 - 2012-03-23 13:21 - 00002210 ____A C:\Users\cwallace\Desktop\Kindle.lnk
2012-03-20 13:07 - 2012-03-20 13:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-20 13:07 - 2012-03-20 13:07 - 00000000 ____D C:\Program Files\Bonjour
2012-03-20 13:07 - 2012-03-20 13:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-03-20 13:07 - 2012-01-04 12:56 - 00000000 ____D C:\Users\All Users\Apple
2012-03-16 13:52 - 2012-03-16 13:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-14 14:29 - 2012-03-14 14:29 - 00117586 ____A C:\Users\cwallace\Documents\Casey Wallace_Beneficiary Designation Form_March 2012.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8072.9 MB
Available physical RAM: 7251.51 MB
Total Pagefile: 8071.1 MB
Available Pagefile: 7240.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:286.8 GB) (Free:212.09 GB) NTFS
3 Drive f: () (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.25 GB) (Free:4.44 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 123 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 286 GB 11 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 286 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 123 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 123 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 12:50

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 11 June 2012 - 10:44 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 June 2012 - 11:24 AM

I just ran ComboFix here is the log: Note*** after i ran it, it rebooted my computer, and created a log (below). however, i then went to use the internet and found out that every application said that the 'registry had been tag for deletion" and didnt work. so i manually restarted and everything seems to work. I don't know if it cured my virus yet.


ComboFix 12-06-10.01 - cwallace 06/11/2012 8:53.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6205 [GMT -7:00]
Running from: c:\users\cwallace\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQATHKGB\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\vietnguyen\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\MCRUser\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\dkelly\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\cseemann\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-11 15:57 . 2012-06-11 15:57 -------- d-----w- c:\users\adam\AppData\Local\temp
2012-06-06 15:43 . 2012-06-06 15:59 -------- d-----w- c:\users\cwallace\AppData\Roaming\ScanSpyware
2012-06-05 23:56 . 2012-06-11 15:36 -------- d-----r- c:\users\cwallace\Dropbox
2012-06-05 23:54 . 2012-06-11 15:36 -------- d-----w- c:\users\cwallace\AppData\Roaming\Dropbox
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\users\cwallace\AppData\Roaming\SUPERAntiSpyware.com
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-05 22:41 . 2012-06-05 22:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-05 16:18 . 2012-06-05 16:33 -------- d-----w- c:\users\cwallace\AppData\Local\NPE
2012-06-05 16:18 . 2012-06-05 16:18 -------- d-----w- c:\programdata\Norton
2012-06-04 21:51 . 2012-06-04 21:51 -------- d-----w- c:\program files (x86)\Oracle
2012-06-04 21:50 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-04 19:30 . 2012-06-04 19:32 -------- d-----w- C:\639e0fd89b1387d89f6b73d7
2012-06-04 19:18 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-04 19:18 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-04 19:18 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-04 19:18 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-04 19:17 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-04 16:45 . 2012-06-04 16:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2012-02-23 16:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-03-29 19:41 . 2007-03-29 19:41 992176 ----a-w- c:\program files (x86)\Common Files\agent.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-06_16.55.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-06 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-11 14:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-06 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-11 14:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-11 14:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-06 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-11 16:02 56218 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-11 16:02 43684 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-16 18:56 . 2012-06-11 16:02 11520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1614895754-1085031214-1801674531-9600_UserData.bin
+ 2012-06-11 16:00 . 2012-06-11 16:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-06 16:55 . 2012-06-06 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-11 16:00 . 2012-06-11 16:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-06 16:55 . 2012-06-06 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-11 15:37 656334 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-05 16:25 656334 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-11 15:37 119428 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 16:25 119428 c:\windows\system32\perfc009.dat
- 2011-08-05 13:12 . 2012-06-06 16:55 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-05 13:12 . 2012-06-11 16:00 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-11 15:58 385536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-06 16:53 385536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-05 13:12 . 2012-06-06 16:55 2785280 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-05 13:12 . 2012-06-11 16:00 2785280 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-06 16:48 4014080 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-11 16:00 4014080 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-12 14:16 . 2012-06-04 19:54 5237976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2190021117-1767296668-3169280336-500-12288.dat
+ 2011-07-12 14:16 . 2012-06-06 18:18 5237976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2190021117-1767296668-3169280336-500-12288.dat
+ 2011-12-17 00:11 . 2012-06-11 15:58 8774928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1614895754-1085031214-1801674531-9600-8192.dat
- 2011-12-17 00:11 . 2012-06-06 16:53 27695446 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1614895754-1085031214-1801674531-9600-4096.dat
+ 2011-12-17 00:11 . 2012-06-11 14:57 27695446 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1614895754-1085031214-1801674531-9600-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-24 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"accrdsub"="c:\program files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-16 293168]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\users\cwallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\cwallace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files (x86)\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\cwallace\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 accoca;ActivClient Middleware Service;c:\program files (x86)\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 20:33]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 20:33]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600Core.job
- c:\users\cwallace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 20:38]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1085031214-1801674531-9600UA.job
- c:\users\cwallace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-19 20:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\cwallace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418328]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: amexnetwork.com\offers
Trusted Zone: apple.com\developer
Trusted Zone: mcri.com
Trusted Zone: snapfish.com\www5
TCP: DhcpNameServer = 192.168.4.10 192.168.3.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-11 09:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 16:04
ComboFix2.txt 2012-06-06 16:59
.
Pre-Run: 231,443,341,312 bytes free
Post-Run: 231,220,285,440 bytes free
.
- - End Of File - - E1ADB7D20172BA0F583BD36995BA6FD5

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 11 June 2012 - 11:46 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 11 June 2012 - 01:43 PM

09:49:05.0409 2192 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:49:07.0094 2192 ============================================================
09:49:07.0094 2192 Current date / time: 2012/06/11 09:49:07.0094
09:49:07.0094 2192 SystemInfo:
09:49:07.0094 2192
09:49:07.0094 2192 OS Version: 6.1.7601 ServicePack: 1.0
09:49:07.0094 2192 Product type: Workstation
09:49:07.0094 2192 ComputerName: ELS-CSWALLACE
09:49:07.0094 2192 UserName: cwallace
09:49:07.0094 2192 Windows directory: C:\Windows
09:49:07.0094 2192 System windows directory: C:\Windows
09:49:07.0094 2192 Running under WOW64
09:49:07.0094 2192 Processor architecture: Intel x64
09:49:07.0094 2192 Number of processors: 4
09:49:07.0094 2192 Page size: 0x1000
09:49:07.0094 2192 Boot type: Normal boot
09:49:07.0094 2192 ============================================================
09:49:07.0656 2192 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:49:07.0656 2192 Drive \Device\Harddisk1\DR1 - Size: 0x7B80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:49:07.0656 2192 ============================================================
09:49:07.0656 2192 \Device\Harddisk0\DR0:
09:49:07.0656 2192 MBR partitions:
09:49:07.0656 2192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1680000
09:49:07.0656 2192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1694000, BlocksNum 0x23D9A000
09:49:07.0656 2192 \Device\Harddisk1\DR1:
09:49:07.0656 2192 MBR partitions:
09:49:07.0656 2192 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DBE0
09:49:07.0656 2192 ============================================================
09:49:07.0687 2192 C: <-> \Device\Harddisk0\DR0\Partition1
09:49:07.0687 2192 ============================================================
09:49:07.0687 2192 Initialize success
09:49:07.0687 2192 ============================================================
09:49:17.0437 4204 ============================================================
09:49:17.0437 4204 Scan started
09:49:17.0437 4204 Mode: Manual;
09:49:17.0437 4204 ============================================================
09:49:18.0420 4204 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:49:18.0420 4204 !SASCORE - ok
09:49:18.0591 4204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:49:18.0607 4204 1394ohci - ok
09:49:18.0638 4204 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
09:49:18.0638 4204 Acceler - ok
09:49:18.0732 4204 accoca (ec4a5d4e36a8e49261cd823450e0ba51) C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
09:49:18.0732 4204 accoca - ok
09:49:18.0778 4204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:49:18.0794 4204 ACPI - ok
09:49:18.0810 4204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:49:18.0810 4204 AcpiPmi - ok
09:49:18.0856 4204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:49:18.0888 4204 adp94xx - ok
09:49:18.0919 4204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:49:18.0950 4204 adpahci - ok
09:49:18.0966 4204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:49:18.0981 4204 adpu320 - ok
09:49:19.0012 4204 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:49:19.0012 4204 AeLookupSvc - ok
09:49:19.0090 4204 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
09:49:19.0090 4204 AESTFilters - ok
09:49:19.0153 4204 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:49:19.0184 4204 AFD - ok
09:49:19.0200 4204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:49:19.0200 4204 agp440 - ok
09:49:19.0231 4204 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:49:19.0231 4204 ALG - ok
09:49:19.0246 4204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:49:19.0246 4204 aliide - ok
09:49:19.0262 4204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:49:19.0262 4204 amdide - ok
09:49:19.0278 4204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:49:19.0278 4204 AmdK8 - ok
09:49:19.0293 4204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:49:19.0293 4204 AmdPPM - ok
09:49:19.0324 4204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:49:19.0324 4204 amdsata - ok
09:49:19.0356 4204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:49:19.0371 4204 amdsbs - ok
09:49:19.0387 4204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:49:19.0387 4204 amdxata - ok
09:49:19.0449 4204 ApfiltrService (e4f6a272a696b6442e5c84ec470e3676) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:49:19.0449 4204 ApfiltrService - ok
09:49:19.0496 4204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:49:19.0512 4204 AppID - ok
09:49:19.0543 4204 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:49:19.0543 4204 AppIDSvc - ok
09:49:19.0558 4204 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:49:19.0558 4204 Appinfo - ok
09:49:19.0683 4204 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:49:19.0683 4204 Apple Mobile Device - ok
09:49:19.0746 4204 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:49:19.0761 4204 AppMgmt - ok
09:49:19.0777 4204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:49:19.0777 4204 arc - ok
09:49:19.0808 4204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:49:19.0824 4204 arcsas - ok
09:49:19.0917 4204 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:49:19.0917 4204 aspnet_state - ok
09:49:19.0948 4204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:49:19.0948 4204 AsyncMac - ok
09:49:19.0980 4204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:49:19.0995 4204 atapi - ok
09:49:20.0058 4204 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:49:20.0104 4204 AudioEndpointBuilder - ok
09:49:20.0120 4204 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:49:20.0136 4204 AudioSrv - ok
09:49:20.0182 4204 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:49:20.0182 4204 AxInstSV - ok
09:49:20.0260 4204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:49:20.0276 4204 b06bdrv - ok
09:49:20.0307 4204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:49:20.0323 4204 b57nd60a - ok
09:49:20.0370 4204 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:49:20.0370 4204 BDESVC - ok
09:49:20.0385 4204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:49:20.0401 4204 Beep - ok
09:49:20.0463 4204 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:49:20.0494 4204 BFE - ok
09:49:20.0557 4204 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:49:20.0572 4204 BITS - ok
09:49:20.0619 4204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:49:20.0619 4204 blbdrive - ok
09:49:20.0728 4204 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:49:20.0744 4204 Bonjour Service - ok
09:49:20.0791 4204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:49:20.0791 4204 bowser - ok
09:49:20.0806 4204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:49:20.0806 4204 BrFiltLo - ok
09:49:20.0822 4204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:49:20.0822 4204 BrFiltUp - ok
09:49:20.0853 4204 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:49:20.0869 4204 BridgeMP - ok
09:49:20.0916 4204 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:49:20.0916 4204 Browser - ok
09:49:20.0947 4204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:49:20.0962 4204 Brserid - ok
09:49:20.0978 4204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:49:20.0978 4204 BrSerWdm - ok
09:49:20.0994 4204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:49:20.0994 4204 BrUsbMdm - ok
09:49:20.0994 4204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:49:20.0994 4204 BrUsbSer - ok
09:49:21.0025 4204 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:49:21.0025 4204 BthEnum - ok
09:49:21.0040 4204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:49:21.0056 4204 BTHMODEM - ok
09:49:21.0087 4204 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:49:21.0087 4204 BthPan - ok
09:49:21.0134 4204 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:49:21.0165 4204 BTHPORT - ok
09:49:21.0212 4204 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:49:21.0228 4204 bthserv - ok
09:49:21.0243 4204 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:49:21.0243 4204 BTHUSB - ok
09:49:21.0306 4204 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
09:49:21.0337 4204 BTWAMPFL - ok
09:49:21.0368 4204 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
09:49:21.0384 4204 btwaudio - ok
09:49:21.0399 4204 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
09:49:21.0415 4204 btwavdt - ok
09:49:21.0508 4204 btwdins (cc9dae7759ac2c0d19111c0d38ddd232) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:49:21.0555 4204 btwdins - ok
09:49:21.0571 4204 btwl2cap (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:49:21.0571 4204 btwl2cap - ok
09:49:21.0586 4204 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
09:49:21.0586 4204 btwrchid - ok
09:49:21.0602 4204 catchme - ok
09:49:21.0696 4204 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:49:21.0696 4204 ccEvtMgr - ok
09:49:21.0696 4204 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:49:21.0711 4204 ccSetMgr - ok
09:49:21.0758 4204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:49:21.0758 4204 cdfs - ok
09:49:21.0805 4204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:49:21.0820 4204 cdrom - ok
09:49:21.0852 4204 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:49:21.0867 4204 CertPropSvc - ok
09:49:21.0883 4204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:49:21.0883 4204 circlass - ok
09:49:21.0914 4204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:49:21.0930 4204 CLFS - ok
09:49:22.0008 4204 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:49:22.0008 4204 clr_optimization_v2.0.50727_32 - ok
09:49:22.0039 4204 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:49:22.0039 4204 clr_optimization_v2.0.50727_64 - ok
09:49:22.0117 4204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:49:22.0117 4204 clr_optimization_v4.0.30319_32 - ok
09:49:22.0148 4204 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:49:22.0148 4204 clr_optimization_v4.0.30319_64 - ok
09:49:22.0195 4204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:49:22.0195 4204 CmBatt - ok
09:49:22.0195 4204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:49:22.0195 4204 cmdide - ok
09:49:22.0257 4204 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:49:22.0288 4204 CNG - ok
09:49:22.0320 4204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:49:22.0320 4204 Compbatt - ok
09:49:22.0351 4204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:49:22.0351 4204 CompositeBus - ok
09:49:22.0351 4204 COMSysApp - ok
09:49:22.0460 4204 cpuz134 - ok
09:49:22.0476 4204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:49:22.0491 4204 crcdisk - ok
09:49:22.0600 4204 Credential Vault Host Control Service (6e163faaf624a03a88dfd92e607de6e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
09:49:22.0647 4204 Credential Vault Host Control Service - ok
09:49:22.0663 4204 Credential Vault Host Storage (8884b4d345ddb029f43ad2e7add54a30) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
09:49:22.0663 4204 Credential Vault Host Storage - ok
09:49:22.0710 4204 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:49:22.0710 4204 CryptSvc - ok
09:49:22.0756 4204 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:49:22.0788 4204 CSC - ok
09:49:22.0834 4204 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:49:22.0866 4204 CscService - ok
09:49:22.0912 4204 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:49:22.0928 4204 CtClsFlt - ok
09:49:22.0959 4204 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
09:49:22.0959 4204 cvusbdrv - ok
09:49:23.0022 4204 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:49:23.0022 4204 DcomLaunch - ok
09:49:23.0131 4204 dcpsysmgrsvc (3562c84415080b8b0c4d695a43372e3e) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
09:49:23.0162 4204 dcpsysmgrsvc - ok
09:49:23.0193 4204 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:49:23.0209 4204 defragsvc - ok
09:49:23.0271 4204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:49:23.0271 4204 DfsC - ok
09:49:23.0302 4204 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:49:23.0334 4204 Dhcp - ok
09:49:23.0349 4204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:49:23.0349 4204 discache - ok
09:49:23.0396 4204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:49:23.0396 4204 Disk - ok
09:49:23.0443 4204 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
09:49:23.0443 4204 dmvsc - ok
09:49:23.0474 4204 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:49:23.0474 4204 Dnscache - ok
09:49:23.0505 4204 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:49:23.0521 4204 dot3svc - ok
09:49:23.0536 4204 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:49:23.0552 4204 DPS - ok
09:49:23.0583 4204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:49:23.0583 4204 drmkaud - ok
09:49:23.0661 4204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:49:23.0677 4204 DXGKrnl - ok
09:49:23.0739 4204 e1cexpress (5db7ceb8fb44abf01614e33bad2056e0) C:\Windows\system32\DRIVERS\e1c62x64.sys
09:49:23.0739 4204 e1cexpress - ok
09:49:23.0786 4204 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:49:23.0802 4204 EapHost - ok
09:49:23.0973 4204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:49:24.0067 4204 ebdrv - ok
09:49:24.0160 4204 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:49:24.0176 4204 eeCtrl - ok
09:49:24.0270 4204 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:49:24.0285 4204 EFS - ok
09:49:24.0363 4204 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:49:24.0410 4204 ehRecvr - ok
09:49:24.0441 4204 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:49:24.0457 4204 ehSched - ok
09:49:24.0535 4204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:49:24.0566 4204 elxstor - ok
09:49:24.0675 4204 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:49:24.0675 4204 EraserUtilRebootDrv - ok
09:49:24.0753 4204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:49:24.0753 4204 ErrDev - ok
09:49:24.0831 4204 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:49:24.0831 4204 EventSystem - ok
09:49:25.0003 4204 EvtEng (5c08b9a2baaec1f33c2d50fd166deebb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:49:25.0050 4204 EvtEng - ok
09:49:25.0206 4204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:49:25.0221 4204 exfat - ok
09:49:25.0252 4204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:49:25.0268 4204 fastfat - ok
09:49:25.0330 4204 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:49:25.0377 4204 Fax - ok
09:49:25.0408 4204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:49:25.0408 4204 fdc - ok
09:49:25.0440 4204 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:49:25.0440 4204 fdPHost - ok
09:49:25.0471 4204 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:49:25.0471 4204 FDResPub - ok
09:49:25.0486 4204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:49:25.0502 4204 FileInfo - ok
09:49:25.0502 4204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:49:25.0502 4204 Filetrace - ok
09:49:25.0502 4204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:49:25.0502 4204 flpydisk - ok
09:49:25.0533 4204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:49:25.0533 4204 FltMgr - ok
09:49:25.0627 4204 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:49:25.0674 4204 FontCache - ok
09:49:25.0752 4204 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:49:25.0752 4204 FontCache3.0.0.0 - ok
09:49:25.0798 4204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:49:25.0798 4204 FsDepends - ok
09:49:25.0830 4204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:49:25.0830 4204 Fs_Rec - ok
09:49:25.0861 4204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:49:25.0876 4204 fvevol - ok
09:49:25.0908 4204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:49:25.0923 4204 gagp30kx - ok
09:49:25.0986 4204 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:49:26.0032 4204 gpsvc - ok
09:49:26.0142 4204 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:49:26.0142 4204 gupdate - ok
09:49:26.0157 4204 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:49:26.0157 4204 gupdatem - ok
09:49:26.0220 4204 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:49:26.0235 4204 gusvc - ok
09:49:26.0251 4204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:49:26.0251 4204 hcw85cir - ok
09:49:26.0282 4204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:49:26.0282 4204 HDAudBus - ok
09:49:26.0298 4204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:49:26.0298 4204 HidBatt - ok
09:49:26.0329 4204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:49:26.0329 4204 HidBth - ok
09:49:26.0360 4204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:49:26.0360 4204 HidIr - ok
09:49:26.0391 4204 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:49:26.0391 4204 hidserv - ok
09:49:26.0422 4204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:49:26.0422 4204 HidUsb - ok
09:49:26.0438 4204 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:49:26.0438 4204 hkmsvc - ok
09:49:26.0485 4204 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:49:26.0500 4204 HomeGroupListener - ok
09:49:26.0532 4204 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:49:26.0532 4204 HomeGroupProvider - ok
09:49:26.0563 4204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:49:26.0563 4204 HpSAMD - ok
09:49:26.0625 4204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:49:26.0672 4204 HTTP - ok
09:49:26.0688 4204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:49:26.0688 4204 hwpolicy - ok
09:49:26.0734 4204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:49:26.0734 4204 i8042prt - ok
09:49:26.0781 4204 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
09:49:26.0781 4204 iaStor - ok
09:49:26.0844 4204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:49:26.0859 4204 iaStorV - ok
09:49:26.0968 4204 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:49:27.0031 4204 idsvc - ok
09:49:27.0546 4204 igfx (20d7fbbbbfc60f2799a42d36ad6f633e) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:49:27.0795 4204 igfx - ok
09:49:27.0936 4204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:49:27.0936 4204 iirsp - ok
09:49:28.0014 4204 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:49:28.0060 4204 IKEEXT - ok
09:49:28.0092 4204 Intel® PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
09:49:28.0092 4204 Intel® PROSet Monitoring Service - ok
09:49:28.0107 4204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:49:28.0123 4204 intelide - ok
09:49:28.0154 4204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:49:28.0154 4204 intelppm - ok
09:49:28.0185 4204 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:49:28.0201 4204 IPBusEnum - ok
09:49:28.0216 4204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:49:28.0232 4204 IpFilterDriver - ok
09:49:28.0294 4204 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:49:28.0341 4204 iphlpsvc - ok
09:49:28.0357 4204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:49:28.0357 4204 IPMIDRV - ok
09:49:28.0372 4204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:49:28.0372 4204 IPNAT - ok
09:49:28.0404 4204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:49:28.0404 4204 IRENUM - ok
09:49:28.0419 4204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:49:28.0419 4204 isapnp - ok
09:49:28.0450 4204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:49:28.0466 4204 iScsiPrt - ok
09:49:28.0544 4204 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:49:28.0560 4204 jhi_service - ok
09:49:28.0575 4204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:49:28.0575 4204 kbdclass - ok
09:49:28.0591 4204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:49:28.0591 4204 kbdhid - ok
09:49:28.0638 4204 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:49:28.0638 4204 KeyIso - ok
09:49:28.0669 4204 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:49:28.0669 4204 KSecDD - ok
09:49:28.0716 4204 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:49:28.0731 4204 KSecPkg - ok
09:49:28.0731 4204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:49:28.0731 4204 ksthunk - ok
09:49:28.0778 4204 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:49:28.0809 4204 KtmRm - ok
09:49:28.0856 4204 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:49:28.0872 4204 LanmanServer - ok
09:49:28.0918 4204 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:49:28.0934 4204 LanmanWorkstation - ok
09:49:29.0184 4204 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:49:29.0184 4204 LiveUpdate - ok
09:49:29.0324 4204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:49:29.0324 4204 lltdio - ok
09:49:29.0386 4204 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:49:29.0402 4204 lltdsvc - ok
09:49:29.0418 4204 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:49:29.0418 4204 lmhosts - ok
09:49:29.0511 4204 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:49:29.0511 4204 LMS - ok
09:49:29.0558 4204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:49:29.0574 4204 LSI_FC - ok
09:49:29.0589 4204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:49:29.0589 4204 LSI_SAS - ok
09:49:29.0605 4204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:49:29.0605 4204 LSI_SAS2 - ok
09:49:29.0636 4204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:49:29.0636 4204 LSI_SCSI - ok
09:49:29.0652 4204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:49:29.0652 4204 luafv - ok
09:49:29.0683 4204 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:49:29.0683 4204 Mcx2Svc - ok
09:49:29.0714 4204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:49:29.0714 4204 megasas - ok
09:49:29.0730 4204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:49:29.0745 4204 MegaSR - ok
09:49:29.0792 4204 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:49:29.0792 4204 MEIx64 - ok
09:49:29.0808 4204 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:49:29.0823 4204 MMCSS - ok
09:49:29.0839 4204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:49:29.0839 4204 Modem - ok
09:49:29.0870 4204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:49:29.0870 4204 monitor - ok
09:49:29.0886 4204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:49:29.0886 4204 mouclass - ok
09:49:29.0917 4204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:49:29.0917 4204 mouhid - ok
09:49:29.0948 4204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:49:29.0948 4204 mountmgr - ok
09:49:29.0964 4204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:49:29.0979 4204 mpio - ok
09:49:29.0995 4204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:49:29.0995 4204 mpsdrv - ok
09:49:30.0057 4204 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:49:30.0104 4204 MpsSvc - ok
09:49:30.0135 4204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:49:30.0151 4204 MRxDAV - ok
09:49:30.0182 4204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:49:30.0182 4204 mrxsmb - ok
09:49:30.0213 4204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:49:30.0229 4204 mrxsmb10 - ok
09:49:30.0260 4204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:49:30.0276 4204 mrxsmb20 - ok
09:49:30.0307 4204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:49:30.0307 4204 msahci - ok
09:49:30.0322 4204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:49:30.0338 4204 msdsm - ok
09:49:30.0369 4204 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:49:30.0385 4204 MSDTC - ok
09:49:30.0400 4204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:49:30.0400 4204 Msfs - ok
09:49:30.0416 4204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:49:30.0416 4204 mshidkmdf - ok
09:49:30.0432 4204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:49:30.0432 4204 msisadrv - ok
09:49:30.0463 4204 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:49:30.0463 4204 MSiSCSI - ok
09:49:30.0463 4204 msiserver - ok
09:49:30.0494 4204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:49:30.0494 4204 MSKSSRV - ok
09:49:30.0525 4204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:49:30.0525 4204 MSPCLOCK - ok
09:49:30.0525 4204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:49:30.0525 4204 MSPQM - ok
09:49:30.0556 4204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:49:30.0572 4204 MsRPC - ok
09:49:30.0603 4204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:49:30.0603 4204 mssmbios - ok
09:49:30.0619 4204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:49:30.0619 4204 MSTEE - ok
09:49:30.0634 4204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:49:30.0634 4204 MTConfig - ok
09:49:30.0650 4204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:49:30.0650 4204 Mup - ok
09:49:30.0681 4204 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:49:30.0712 4204 napagent - ok
09:49:30.0775 4204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:49:30.0790 4204 NativeWifiP - ok
09:49:30.0915 4204 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120610.017\ENG64.SYS
09:49:30.0915 4204 NAVENG - ok
09:49:31.0040 4204 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120610.017\EX64.SYS
09:49:31.0056 4204 NAVEX15 - ok
09:49:31.0227 4204 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
09:49:31.0274 4204 NDIS - ok
09:49:31.0305 4204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:49:31.0305 4204 NdisCap - ok
09:49:31.0336 4204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:49:31.0336 4204 NdisTapi - ok
09:49:31.0352 4204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:49:31.0352 4204 Ndisuio - ok
09:49:31.0383 4204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:49:31.0399 4204 NdisWan - ok
09:49:31.0414 4204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:49:31.0414 4204 NDProxy - ok
09:49:31.0477 4204 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
09:49:31.0477 4204 Net Driver HPZ12 - ok
09:49:31.0492 4204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:49:31.0492 4204 NetBIOS - ok
09:49:31.0524 4204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:49:31.0539 4204 NetBT - ok
09:49:31.0586 4204 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:49:31.0586 4204 Netlogon - ok
09:49:31.0633 4204 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:49:31.0633 4204 Netman - ok
09:49:31.0711 4204 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:49:31.0726 4204 NetMsmqActivator - ok
09:49:31.0742 4204 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:49:31.0742 4204 NetPipeActivator - ok
09:49:31.0836 4204 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:49:31.0851 4204 netprofm - ok
09:49:31.0882 4204 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:49:31.0882 4204 NetTcpActivator - ok
09:49:31.0898 4204 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:49:31.0898 4204 NetTcpPortSharing - ok
09:49:31.0976 4204 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
09:49:31.0992 4204 netvsc - ok
09:49:32.0382 4204 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
09:49:32.0569 4204 NETwNs64 - ok
09:49:32.0694 4204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:49:32.0694 4204 nfrd960 - ok
09:49:32.0740 4204 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:49:32.0756 4204 NlaSvc - ok
09:49:32.0772 4204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:49:32.0787 4204 Npfs - ok
09:49:32.0787 4204 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:49:32.0787 4204 nsi - ok
09:49:32.0803 4204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:49:32.0803 4204 nsiproxy - ok
09:49:32.0912 4204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:49:32.0974 4204 Ntfs - ok
09:49:33.0084 4204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:49:33.0084 4204 Null - ok
09:49:33.0130 4204 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
09:49:33.0146 4204 NVHDA - ok
09:49:33.0723 4204 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:49:33.0770 4204 nvlddmkm - ok
09:49:33.0848 4204 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys
09:49:33.0848 4204 nvpciflt - ok
09:49:33.0910 4204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:49:33.0910 4204 nvraid - ok
09:49:33.0942 4204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:49:33.0957 4204 nvstor - ok
09:49:34.0020 4204 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe
09:49:34.0066 4204 NVSvc - ok
09:49:34.0207 4204 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:49:34.0207 4204 nvUpdatusService - ok
09:49:34.0332 4204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:49:34.0347 4204 nv_agp - ok
09:49:34.0378 4204 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
09:49:34.0378 4204 O2FLASH - ok
09:49:34.0410 4204 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
09:49:34.0410 4204 O2MDFRDR - ok
09:49:34.0425 4204 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\drivers\O2MDRw7x64.sys
09:49:34.0425 4204 O2MDRRDR - ok
09:49:34.0488 4204 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe
09:49:34.0488 4204 O2SDIOAssist - ok
09:49:34.0519 4204 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
09:49:34.0519 4204 O2SDJRDR - ok
09:49:34.0628 4204 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:49:34.0644 4204 odserv - ok
09:49:34.0675 4204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:49:34.0675 4204 ohci1394 - ok
09:49:34.0737 4204 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:34.0753 4204 ose - ok
09:49:35.0034 4204 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:49:35.0127 4204 osppsvc - ok
09:49:35.0252 4204 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:49:35.0283 4204 p2pimsvc - ok
09:49:35.0314 4204 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:49:35.0346 4204 p2psvc - ok
09:49:35.0392 4204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:49:35.0392 4204 Parport - ok
09:49:35.0408 4204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:49:35.0408 4204 partmgr - ok
09:49:35.0439 4204 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
09:49:35.0439 4204 PBADRV - ok
09:49:35.0470 4204 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:49:35.0470 4204 PcaSvc - ok
09:49:35.0502 4204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:49:35.0517 4204 pci - ok
09:49:35.0533 4204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:49:35.0533 4204 pciide - ok
09:49:35.0564 4204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:49:35.0580 4204 pcmcia - ok
09:49:35.0595 4204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:49:35.0595 4204 pcw - ok
09:49:35.0642 4204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:49:35.0673 4204 PEAUTH - ok
09:49:35.0767 4204 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:49:35.0798 4204 PeerDistSvc - ok
09:49:35.0860 4204 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:49:35.0860 4204 PerfHost - ok
09:49:36.0032 4204 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:49:36.0094 4204 pla - ok
09:49:36.0141 4204 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:49:36.0157 4204 PlugPlay - ok
09:49:36.0219 4204 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
09:49:36.0219 4204 Pml Driver HPZ12 - ok
09:49:36.0235 4204 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:49:36.0235 4204 PNRPAutoReg - ok
09:49:36.0282 4204 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:49:36.0282 4204 PNRPsvc - ok
09:49:36.0328 4204 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:49:36.0360 4204 PolicyAgent - ok
09:49:36.0391 4204 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:49:36.0391 4204 Power - ok
09:49:36.0453 4204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:49:36.0453 4204 PptpMiniport - ok
09:49:36.0484 4204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:49:36.0484 4204 Processor - ok
09:49:36.0531 4204 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:49:36.0547 4204 ProfSvc - ok
09:49:36.0578 4204 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:49:36.0578 4204 ProtectedStorage - ok
09:49:36.0625 4204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:49:36.0625 4204 Psched - ok
09:49:36.0703 4204 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:49:36.0703 4204 PxHlpa64 - ok
09:49:36.0812 4204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:49:36.0843 4204 ql2300 - ok
09:49:36.0968 4204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:49:36.0968 4204 ql40xx - ok
09:49:37.0015 4204 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:49:37.0030 4204 QWAVE - ok
09:49:37.0046 4204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:49:37.0046 4204 QWAVEdrv - ok
09:49:37.0062 4204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:49:37.0062 4204 RasAcd - ok
09:49:37.0077 4204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:49:37.0077 4204 RasAgileVpn - ok
09:49:37.0108 4204 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:49:37.0124 4204 RasAuto - ok
09:49:37.0140 4204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:49:37.0140 4204 Rasl2tp - ok
09:49:37.0186 4204 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:49:37.0186 4204 RasMan - ok
09:49:37.0218 4204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:49:37.0218 4204 RasPppoe - ok
09:49:37.0233 4204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:49:37.0249 4204 RasSstp - ok
09:49:37.0264 4204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:49:37.0280 4204 rdbss - ok
09:49:37.0296 4204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:49:37.0296 4204 rdpbus - ok
09:49:37.0327 4204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:49:37.0327 4204 RDPCDD - ok
09:49:37.0358 4204 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:49:37.0358 4204 RDPDR - ok
09:49:37.0374 4204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:49:37.0374 4204 RDPENCDD - ok
09:49:37.0389 4204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:49:37.0405 4204 RDPREFMP - ok
09:49:37.0420 4204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:49:37.0420 4204 RDPWD - ok
09:49:37.0452 4204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:49:37.0452 4204 rdyboost - ok
09:49:37.0576 4204 RegSrvc (f90cc59135f2945a6ebb1670a7bbd8b3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:49:37.0592 4204 RegSrvc - ok
09:49:37.0639 4204 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:49:37.0639 4204 RemoteAccess - ok
09:49:37.0670 4204 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:49:37.0701 4204 RemoteRegistry - ok
09:49:37.0764 4204 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:49:37.0779 4204 RFCOMM - ok
09:49:37.0795 4204 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:49:37.0795 4204 RpcEptMapper - ok
09:49:37.0826 4204 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:49:37.0826 4204 RpcLocator - ok
09:49:37.0873 4204 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:49:37.0873 4204 RpcSs - ok
09:49:37.0904 4204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:49:37.0904 4204 rspndr - ok
09:49:37.0920 4204 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:49:37.0920 4204 s3cap - ok
09:49:37.0966 4204 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:49:37.0966 4204 SamSs - ok
09:49:38.0029 4204 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:49:38.0044 4204 SASDIFSV - ok
09:49:38.0044 4204 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:49:38.0044 4204 SASKUTIL - ok
09:49:38.0076 4204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:49:38.0076 4204 sbp2port - ok
09:49:38.0091 4204 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:49:38.0107 4204 SCardSvr - ok
09:49:38.0122 4204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:49:38.0122 4204 scfilter - ok
09:49:38.0200 4204 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:49:38.0247 4204 Schedule - ok
09:49:38.0294 4204 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:49:38.0294 4204 SCPolicySvc - ok
09:49:38.0325 4204 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:49:38.0341 4204 SDRSVC - ok
09:49:38.0388 4204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:49:38.0388 4204 secdrv - ok
09:49:38.0403 4204 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:49:38.0403 4204 seclogon - ok
09:49:38.0606 4204 SecureStorageService (f3d951071c624137430fe65a67541ef9) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
09:49:38.0668 4204 SecureStorageService - ok
09:49:38.0746 4204 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:49:38.0762 4204 SENS - ok
09:49:38.0778 4204 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:49:38.0778 4204 SensrSvc - ok
09:49:38.0824 4204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
09:49:38.0840 4204 Serenum - ok
09:49:38.0856 4204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
09:49:38.0856 4204 Serial - ok
09:49:38.0902 4204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:49:38.0902 4204 sermouse - ok
09:49:38.0934 4204 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:49:38.0934 4204 SessionEnv - ok
09:49:38.0949 4204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:49:38.0949 4204 sffdisk - ok
09:49:38.0949 4204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:49:38.0949 4204 sffp_mmc - ok
09:49:38.0965 4204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:49:38.0965 4204 sffp_sd - ok
09:49:38.0965 4204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:49:38.0965 4204 sfloppy - ok
09:49:39.0027 4204 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:49:39.0058 4204 SharedAccess - ok
09:49:39.0090 4204 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:49:39.0105 4204 ShellHWDetection - ok
09:49:39.0121 4204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:49:39.0121 4204 SiSRaid2 - ok
09:49:39.0136 4204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:49:39.0136 4204 SiSRaid4 - ok
09:49:39.0168 4204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:49:39.0168 4204 Smb - ok
09:49:39.0386 4204 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
09:49:39.0480 4204 SmcService - ok
09:49:39.0526 4204 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
09:49:39.0542 4204 SNAC - ok
09:49:39.0667 4204 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:49:39.0667 4204 SNMPTRAP - ok
09:49:39.0682 4204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:49:39.0682 4204 spldr - ok
09:49:39.0729 4204 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:49:39.0729 4204 Spooler - ok
09:49:39.0932 4204 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:49:39.0932 4204 sppsvc - ok
09:49:39.0994 4204 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:49:39.0994 4204 sppuinotify - ok
09:49:40.0041 4204 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
09:49:40.0041 4204 SRTSP - ok
09:49:40.0072 4204 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
09:49:40.0104 4204 SRTSPL - ok
09:49:40.0119 4204 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
09:49:40.0119 4204 SRTSPX - ok
09:49:40.0150 4204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:49:40.0182 4204 srv - ok
09:49:40.0228 4204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:49:40.0244 4204 srv2 - ok
09:49:40.0291 4204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:49:40.0306 4204 srvnet - ok
09:49:40.0338 4204 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:49:40.0353 4204 SSDPSRV - ok
09:49:40.0369 4204 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:49:40.0369 4204 SstpSvc - ok
09:49:40.0462 4204 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
09:49:40.0462 4204 STacSV - ok
09:49:40.0494 4204 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
09:49:40.0509 4204 stdcfltn - ok
09:49:40.0587 4204 Stereo Service (479321c119b54d7f13a91e16cf7c2e9a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:49:40.0587 4204 Stereo Service - ok
09:49:40.0618 4204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:49:40.0618 4204 stexstor - ok
09:49:40.0665 4204 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
09:49:40.0681 4204 STHDA - ok
09:49:40.0728 4204 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:49:40.0759 4204 stisvc - ok
09:49:40.0774 4204 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:49:40.0790 4204 StorSvc - ok
09:49:40.0821 4204 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:49:40.0821 4204 storvsc - ok
09:49:40.0837 4204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:49:40.0837 4204 swenum - ok
09:49:40.0884 4204 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:49:40.0915 4204 swprv - ok
09:49:41.0102 4204 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:49:41.0102 4204 Symantec AntiVirus - ok
09:49:41.0242 4204 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:49:41.0258 4204 SymEvent - ok
09:49:41.0274 4204 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
09:49:41.0274 4204 SynthVid - ok
09:49:41.0383 4204 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:49:41.0414 4204 SysMain - ok
09:49:41.0476 4204 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:49:41.0492 4204 TabletInputService - ok
09:49:41.0523 4204 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:49:41.0539 4204 TapiSrv - ok
09:49:41.0554 4204 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:49:41.0554 4204 TBS - ok
09:49:41.0695 4204 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:49:41.0742 4204 Tcpip - ok
09:49:41.0866 4204 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:49:41.0882 4204 TCPIP6 - ok
09:49:41.0960 4204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:49:41.0960 4204 tcpipreg - ok
09:49:42.0100 4204 tcsd_win32.exe (e42d560e2163480e7b586b14abeb3386) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:49:42.0132 4204 tcsd_win32.exe - ok
09:49:42.0381 4204 TdmService (e76a51f32fa99be0de3b8071c9c82e8c) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
09:49:42.0475 4204 TdmService - ok
09:49:42.0568 4204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:49:42.0568 4204 TDPIPE - ok
09:49:42.0584 4204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:49:42.0584 4204 TDTCP - ok
09:49:42.0600 4204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:49:42.0600 4204 tdx - ok
09:49:42.0631 4204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
09:49:42.0631 4204 TermDD - ok
09:49:42.0693 4204 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:49:42.0709 4204 TermService - ok
09:49:42.0724 4204 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:49:42.0724 4204 Themes - ok
09:49:42.0740 4204 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:49:42.0756 4204 THREADORDER - ok
09:49:42.0771 4204 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:49:42.0787 4204 TrkWks - ok
09:49:42.0834 4204 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:49:42.0849 4204 TrustedInstaller - ok
09:49:42.0865 4204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:49:42.0865 4204 tssecsrv - ok
09:49:42.0896 4204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:49:42.0896 4204 TsUsbFlt - ok
09:49:42.0912 4204 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:49:42.0912 4204 TsUsbGD - ok
09:49:42.0927 4204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:49:42.0943 4204 tunnel - ok
09:49:42.0958 4204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:49:42.0958 4204 uagp35 - ok
09:49:42.0990 4204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:49:43.0005 4204 udfs - ok
09:49:43.0036 4204 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:49:43.0036 4204 UI0Detect - ok
09:49:43.0052 4204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:49:43.0052 4204 uliagpkx - ok
09:49:43.0068 4204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:49:43.0068 4204 umbus - ok
09:49:43.0083 4204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:49:43.0099 4204 UmPass - ok
09:49:43.0146 4204 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:49:43.0161 4204 UmRdpService - ok
09:49:43.0364 4204 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:49:43.0395 4204 UNS - ok
09:49:43.0520 4204 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:49:43.0536 4204 upnphost - ok
09:49:43.0614 4204 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:49:43.0629 4204 USBAAPL64 - ok
09:49:43.0645 4204 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
09:49:43.0645 4204 usbccgp - ok
09:49:43.0676 4204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:49:43.0692 4204 usbcir - ok
09:49:43.0707 4204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:49:43.0707 4204 usbehci - ok
09:49:43.0738 4204 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
09:49:43.0754 4204 usbhub - ok
09:49:43.0785 4204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:49:43.0785 4204 usbohci - ok
09:49:43.0801 4204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
09:49:43.0801 4204 usbprint - ok
09:49:43.0832 4204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:49:43.0832 4204 USBSTOR - ok
09:49:43.0847 4204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:49:43.0847 4204 usbuhci - ok
09:49:43.0894 4204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:49:43.0910 4204 usbvideo - ok
09:49:43.0925 4204 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:49:43.0941 4204 UxSms - ok
09:49:43.0972 4204 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:49:43.0972 4204 VaultSvc - ok
09:49:43.0988 4204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:49:44.0003 4204 vdrvroot - ok
09:49:44.0035 4204 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:49:44.0097 4204 vds - ok
09:49:44.0113 4204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:49:44.0113 4204 vga - ok
09:49:44.0128 4204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:49:44.0128 4204 VgaSave - ok
09:49:44.0144 4204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:49:44.0159 4204 vhdmp - ok
09:49:44.0191 4204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:49:44.0191 4204 viaide - ok
09:49:44.0206 4204 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:49:44.0206 4204 VMBusHID - ok
09:49:44.0222 4204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:49:44.0222 4204 volmgr - ok
09:49:44.0269 4204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:49:44.0284 4204 volmgrx - ok
09:49:44.0331 4204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:49:44.0331 4204 volsnap - ok
09:49:44.0362 4204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:49:44.0378 4204 vsmraid - ok
09:49:44.0471 4204 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:49:44.0534 4204 VSS - ok
09:49:44.0643 4204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:49:44.0643 4204 vwifibus - ok
09:49:44.0674 4204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:49:44.0674 4204 vwififlt - ok
09:49:44.0705 4204 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:49:44.0721 4204 vwifimp - ok
09:49:44.0752 4204 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:49:44.0768 4204 W32Time - ok
09:49:44.0799 4204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:49:44.0799 4204 WacomPen - ok
09:49:44.0830 4204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:49:44.0830 4204 WANARP - ok
09:49:44.0830 4204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:49:44.0830 4204 Wanarpv6 - ok
09:49:44.0939 4204 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:49:44.0986 4204 WatAdminSvc - ok
09:49:45.0064 4204 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:49:45.0095 4204 wbengine - ok
09:49:45.0189 4204 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:49:45.0205 4204 WbioSrvc - ok
09:49:45.0267 4204 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:49:45.0267 4204 wcncsvc - ok
09:49:45.0298 4204 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:49:45.0314 4204 WcsPlugInService - ok
09:49:45.0345 4204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:49:45.0345 4204 Wd - ok
09:49:45.0392 4204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:49:45.0423 4204 Wdf01000 - ok
09:49:45.0423 4204 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:49:45.0439 4204 WdiServiceHost - ok
09:49:45.0439 4204 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:49:45.0439 4204 WdiSystemHost - ok
09:49:45.0470 4204 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:49:45.0470 4204 WebClient - ok
09:49:45.0501 4204 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:49:45.0517 4204 Wecsvc - ok
09:49:45.0532 4204 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:49:45.0532 4204 wercplsupport - ok
09:49:45.0548 4204 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:49:45.0563 4204 WerSvc - ok
09:49:45.0563 4204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:49:45.0563 4204 WfpLwf - ok
09:49:45.0595 4204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:49:45.0595 4204 WIMMount - ok
09:49:45.0641 4204 WinDefend - ok
09:49:45.0657 4204 WinHttpAutoProxySvc - ok
09:49:45.0719 4204 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:49:45.0735 4204 Winmgmt - ok
09:49:45.0860 4204 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:49:45.0922 4204 WinRM - ok
09:49:46.0047 4204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
09:49:46.0047 4204 WinUsb - ok
09:49:46.0094 4204 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:49:46.0125 4204 Wlansvc - ok
09:49:46.0156 4204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:49:46.0156 4204 WmiAcpi - ok
09:49:46.0219 4204 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:49:46.0234 4204 wmiApSrv - ok
09:49:46.0250 4204 WMPNetworkSvc - ok
09:49:46.0297 4204 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:49:46.0297 4204 WPCSvc - ok
09:49:46.0312 4204 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:49:46.0328 4204 WPDBusEnum - ok
09:49:46.0343 4204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:49:46.0343 4204 ws2ifsl - ok
09:49:46.0375 4204 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:49:46.0375 4204 wscsvc - ok
09:49:46.0390 4204 WSearch - ok
09:49:46.0515 4204 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:49:46.0577 4204 wuauserv - ok
09:49:46.0687 4204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:49:46.0702 4204 WudfPf - ok
09:49:46.0718 4204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:49:46.0733 4204 WUDFRd - ok
09:49:46.0749 4204 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:49:46.0765 4204 wudfsvc - ok
09:49:46.0796 4204 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:49:46.0811 4204 WwanSvc - ok
09:49:46.0936 4204 ZcfgSvc7 (b87e12317928739e22d2e3acc7ccac80) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
09:49:46.0967 4204 ZcfgSvc7 - ok
09:49:46.0983 4204 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:49:47.0186 4204 \Device\Harddisk0\DR0 - ok
09:49:47.0233 4204 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
09:49:48.0543 4204 \Device\Harddisk1\DR1 - ok
09:49:48.0543 4204 Boot (0x1200) (8b59e0e91eb907df9328b3c83c05f21d) \Device\Harddisk0\DR0\Partition0
09:49:48.0543 4204 \Device\Harddisk0\DR0\Partition0 - ok
09:49:48.0574 4204 Boot (0x1200) (39fbb78b705a6e394014b2347a4d6873) \Device\Harddisk0\DR0\Partition1
09:49:48.0574 4204 \Device\Harddisk0\DR0\Partition1 - ok
09:49:48.0590 4204 Boot (0x1200) (cba5f08037fc9af63195d163732cc6a0) \Device\Harddisk1\DR1\Partition0
09:49:48.0590 4204 \Device\Harddisk1\DR1\Partition0 - ok
09:49:48.0590 4204 ============================================================
09:49:48.0590 4204 Scan finished
09:49:48.0590 4204 ============================================================
09:49:48.0605 5696 Detected object count: 0
09:49:48.0605 5696 Actual detected object count: 0







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 09:57:59
-----------------------------
09:57:59.394 OS Version: Windows x64 6.1.7601 Service Pack 1
09:57:59.394 Number of processors: 4 586 0x2A07
09:57:59.394 ComputerName: ELS-CSWALLACE UserName: cwallace
09:58:01.266 Initialize success
10:30:43.109 AVAST engine defs: 12061100
11:43:11.244 The log file has been saved successfully to "C:\Users\cwallace\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 11 June 2012 - 01:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cwallace83

cwallace83
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 12 June 2012 - 10:36 AM

How do i run CFScript?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:16 PM

Posted 12 June 2012 - 10:47 AM

greetings


start at this line - Open Notepad and copy/paste the text in the box into the window:

and follow step by step
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users