Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 SG1977

SG1977

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 06 June 2012 - 06:19 PM

Hi everyone
I've been having a problem which has made me tear my hair out. The problem started occuring a week or so ago, when I noticed random ads appearing in the bottom right hand corner of my screen. These would be typically for a free iPhone, lose weight etc etc. It does not appear on certain websites, e.g.bbc.co.uk.

I have also noticed that some websites redirect to findgala which Avast blocks.

I've tried running Malware Bytes, Kaspersky virus removal, Hijack this (which aborts for some reason) and none seem to work. I'm currently running Avast as well.

Anyway, here is the DDS log to get things going. Thanks in advance to whoever is able to assist.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sarb at 0:10:10 on 2012-06-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3070.1552 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Windows\SysWOW64\PNUSBCLITRAY.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\SysWOW64\PNTray.exe
C:\Windows\system32\pnusbvirtualhubwssrv.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Sarb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Install5G] D:\Install.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AppMon Utility] "C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [pnusbclitray] pnusbclitray.exe
mRun: [<NO NAME>]
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: herbertsmith.com\vrd
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://my.herbertsmith.com/InternalSite/WhlCompMgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}\245624F687 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}\35162726 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}\35B4951373234323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}\C496675626F687D273434303 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
IFEO: image file execution options - svchost.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun-x64: [Install5G] D:\Install.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [AppMon Utility] "C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [pnusbclitray] pnusbclitray.exe
mRun-x64: [(Default)]
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [GrpConv] grpconv -o
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
IFEO-X64: image file execution options - svchost.exe
Hosts: 149.5.18.173 www.google-analytics.com.
Hosts: 149.5.18.173 ad-emea.doubleclick.net.
Hosts: 149.5.18.173 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-6-3 44768]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2010-12-23 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-3 654408]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-6-21 25824]
R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?]
R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows\system32\pnusbvirtualhubwssrv.exe [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-11-1 150928]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
RUnknown 15140013;15140013; [x]
RUnknown 8890011drv;8890011drv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-3 136176]
S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-11-1 487312]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-3 136176]
S3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]
S3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-06 22:39:51 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-05 22:16:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A9FFAD6-1A6F-4FA5-894C-29D89B0777FC}\mpengine.dll
2012-06-03 16:24:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-03 16:24:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-03 15:53:01 388096 ----a-r- C:\Users\Sarb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 15:53:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-03 14:57:43 -------- d-----w- C:\ProgramData\GFI Software
2012-06-03 14:18:03 -------- d-----w- C:\Users\Sarb\AppData\Roaming\Malwarebytes
2012-06-03 14:17:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-03 13:43:18 -------- d-----w- C:\Users\Sarb\AppData\Local\adaware
2012-06-03 13:43:16 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-03 13:42:44 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-03 13:41:34 -------- d-----w- C:\Users\Sarb\AppData\Roaming\Ad-Aware Antivirus
2012-06-03 13:33:38 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-06-03 13:32:57 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-30 20:26:27 -------- d-sh--w- C:\Users\Sarb\AppData\Roaming\System Protection Tools
2012-05-30 20:26:26 -------- d-sh--w- C:\ProgramData\SPMPKXZT
2012-05-30 20:26:12 -------- d-sh--w- C:\ProgramData\f8599d
2012-05-11 09:11:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 09:11:16 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 09:11:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 09:11:04 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 09:11:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 09:11:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 09:10:27 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 09:10:08 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 09:10:01 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:10:01 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 09:10:01 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:10:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 09:10:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-04-28 21:06:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-28 21:06:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-08 13:34:51 627600 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 0:13:34.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 07 June 2012 - 01:58 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 07 June 2012 - 05:42 PM

Hi Gringo and thanks.

Here are the two logs.

Security check:
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


OTL

OTL logfile created on: 07/06/2012 23:28:08 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Sarb\Downloads\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.61% Memory free
6.00 Gb Paging File | 4.41 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 33.47 Gb Free Space | 11.23% Space Free | Partition Type: NTFS

Computer Name: SARB-PC | User Name: Sarb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sarb\Downloads\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Windows\SysWOW64\PNUSBCLITRAY.exe (Quest Software)
PRC - C:\Windows\SysWOW64\pntray.exe (Quest Software)
PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (pnusbvirtualhubwssrv) -- C:\Windows\SysNative\pnusbvirtualhubwssrv.exe (Quest Software)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (HerculesDJControlMP3) -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft Corporation)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pnpnptool) -- C:\Windows\SysNative\drivers\pnpnptool.sys (Quest Software)
DRV:64bit: - (pnusbd) -- C:\Windows\SysNative\drivers\pnusbd.sys (Quest Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV:64bit: - (HDJMidi) -- C:\Windows\SysNative\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV:64bit: - (Bulk) -- C:\Windows\SysNative\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tifm21) -- C:\Windows\SysNative\drivers\tifm21.sys (Texas Instruments)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DMICall) -- C:\Windows\SysWOW64\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A E8 B5 C8 83 65 CA 01 [binary data]
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/?&uid=8004&q={searchTerms}
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarb\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarb\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarb\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sarb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sarb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Sarb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Sarb\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Poppit = C:\Users\Sarb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/30 21:30:18 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.173 www.google-analytics.com.
O1 - Hosts: 149.5.18.173 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.173 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [AppMon Utility] C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [pnusbclitray] C:\Windows\SysWow64\PNUSBCLITRAY.exe (Quest Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\..Trusted Domains: herbertsmith.com ([vrd] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://my.herbertsmith.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F37159A4-8520-4434-A8BE-A27A793E1C18}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4e9c0c63-f8db-11df-8ea0-001a80b78594}\Shell - "" = AutoRun
O33 - MountPoints2\{4e9c0c63-f8db-11df-8ea0-001a80b78594}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 23:25:33 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sarb\Downloads\Desktop\OTL.exe
[2012/06/06 23:55:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarb\Downloads\Desktop\dds.scr
[2012/06/06 23:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/03 17:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 17:24:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/03 17:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/03 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/03 16:53:01 | 000,000,000 | ---D | C] -- C:\Users\Sarb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/03 15:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/03 15:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/03 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/06/03 15:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/03 15:18:03 | 000,000,000 | ---D | C] -- C:\Users\Sarb\AppData\Roaming\Malwarebytes
[2012/06/03 15:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 14:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/03 14:43:18 | 000,000,000 | ---D | C] -- C:\Users\Sarb\AppData\Local\adaware
[2012/06/03 14:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/03 14:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/03 14:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/03 14:41:34 | 000,000,000 | ---D | C] -- C:\Users\Sarb\AppData\Roaming\Ad-Aware Antivirus
[2012/06/03 14:33:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/03 14:32:57 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/03 14:32:57 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/05/30 21:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Sarb\AppData\Roaming\System Protection Tools
[2012/05/30 21:26:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\SPMPKXZT
[2012/05/30 21:26:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\f8599d
[2012/05/15 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sarb\Documents\Sunita
[2012/05/11 10:11:18 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 10:11:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 10:11:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 10:11:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 23:25:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sarb\Downloads\Desktop\OTL.exe
[2012/06/07 23:18:48 | 000,853,862 | ---- | M] () -- C:\Users\Sarb\Downloads\Desktop\SecurityCheck.exe
[2012/06/07 23:15:16 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-879514458-2007316059-3908774351-1000UA.job
[2012/06/07 23:15:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 23:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/07 17:16:05 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 17:16:05 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 17:08:47 | 000,052,208 | ---- | M] () -- C:\Users\Sarb\AppData\Roaming\nvModes.001
[2012/06/07 17:08:43 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/06/07 17:08:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 17:07:24 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 23:56:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarb\Downloads\Desktop\dds.scr
[2012/06/05 23:12:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-879514458-2007316059-3908774351-1000Core.job
[2012/06/03 17:24:35 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 16:53:01 | 000,002,977 | ---- | M] () -- C:\Users\Sarb\Downloads\Desktop\HiJackThis.lnk
[2012/06/03 16:30:00 | 432,014,795 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/03 15:43:01 | 000,736,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 15:43:01 | 000,635,920 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/03 15:43:01 | 000,113,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/03 15:35:08 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/03 15:35:08 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\WSCConfig.xml
[2012/06/03 14:58:04 | 000,052,208 | ---- | M] () -- C:\Users\Sarb\AppData\Roaming\nvModes.dat
[2012/06/03 14:50:10 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/03 14:34:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/31 21:12:02 | 000,002,697 | ---- | M] () -- C:\Users\Sarb\Downloads\Desktop\Google Chrome.lnk
[2012/05/30 21:30:18 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/12 23:40:01 | 000,000,244 | ---- | M] () -- C:\Users\Sarb\Documents\m
[2012/05/12 11:16:45 | 000,418,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 23:18:26 | 000,853,862 | ---- | C] () -- C:\Users\Sarb\Downloads\Desktop\SecurityCheck.exe
[2012/06/03 17:24:35 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 16:53:01 | 000,002,977 | ---- | C] () -- C:\Users\Sarb\Downloads\Desktop\HiJackThis.lnk
[2012/06/03 15:37:48 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 15:37:44 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 15:35:08 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/03 15:35:08 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\WSCConfig.xml
[2012/06/03 14:49:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/03 14:49:28 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/12 23:40:01 | 000,000,244 | ---- | C] () -- C:\Users\Sarb\Documents\m
[2011/12/11 00:54:47 | 000,188,200 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/09 01:17:20 | 000,741,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/06 18:11:04 | 000,000,581 | ---- | C] () -- C:\Users\Sarb\AppData\Local\cookies.ini
[2011/01/15 15:56:43 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2011/01/15 15:56:33 | 000,000,336 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2011/01/15 15:56:27 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2011/01/15 15:56:27 | 000,000,599 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2010/12/08 20:29:30 | 000,059,368 | ---- | C] () -- C:\Windows\SysWow64\pnlteclirc.dll
[2010/12/08 20:27:38 | 000,020,560 | ---- | C] () -- C:\Windows\SysWow64\detoured.dll

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 07 June 2012 - 09:16 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-879514458-2007316059-3908774351-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = <http://findgala.com/?&uid=8004&q={searchTerms}>
    O1 - Hosts: 149.5.18.173 www.google-analytics.com.
    O1 - Hosts: 149.5.18.173 ad-emea.doubleclick.net.
    O1 - Hosts: 149.5.18.173 www.statcounter.com.
    O1 - Hosts: 108.163.215.51 www.google-analytics.com.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 www.statcounter.com.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 June 2012 - 01:38 AM

Hi Gringo

See below.

========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-879514458-2007316059-3908774351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Unable to save new HOSTS file
149.5.18.173 ad-emea.doubleclick.net. removed from HOSTS file successfully
149.5.18.173 www.statcounter.com. removed from HOSTS file successfully
108.163.215.51 www.google-analytics.com. removed from HOSTS file successfully
108.163.215.51 ad-emea.doubleclick.net. removed from HOSTS file successfully
108.163.215.51 www.statcounter.com. removed from HOSTS file successfully
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sarb\Downloads\Desktop\cmd.bat deleted successfully.
C:\Users\Sarb\Downloads\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sarb

User: Sunita

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sarb
->Flash cache emptied: 3130295 bytes

User: Sunita

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.47.0 log created on 06082012_073749

#6 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 June 2012 - 01:45 AM

btw, things seem to look ok. When I was running the exercise above, I did get a pop up but I rebooted my computer after having completed the above and nothing has appeared yet!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 08 June 2012 - 02:17 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 June 2012 - 04:59 PM

Hi Gringo
Log below. The only thing that didn't work and required a reboot was that I wasn't able to open up explorer after the log had been produced. Everything else seems to be ok.

ComboFix 12-06-08.02 - Sarb 08/06/2012 22:22:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3070.1761 [GMT 1:00]
Running from: c:\users\Sarb\Downloads\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\f8599d
c:\programdata\f8599d\667.mof
c:\programdata\f8599d\SPT.ico
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Sarb\AppData\Roaming\Microsoft\Windows\Recent\std.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 21:33 . 2012-06-08 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 06:37 . 2012-06-08 06:37 -------- d-----w- C:\_OTL
2012-06-06 22:39 . 2012-06-06 22:39 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-03 16:24 . 2012-06-03 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 16:24 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 15:53 . 2012-06-03 15:53 388096 ----a-r- c:\users\Sarb\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 15:53 . 2012-06-03 15:53 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-03 14:57 . 2012-06-03 14:57 -------- d-----w- c:\programdata\GFI Software
2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\program files\Google
2012-06-03 14:37 . 2012-06-03 14:39 -------- d-----w- c:\program files (x86)\Google
2012-06-03 14:18 . 2012-06-03 14:18 -------- d-----w- c:\users\Sarb\AppData\Roaming\Malwarebytes
2012-06-03 14:17 . 2012-06-03 14:17 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 13:43 . 2012-06-03 13:43 -------- d-----w- c:\users\Sarb\AppData\Local\adaware
2012-06-03 13:43 . 2012-06-03 13:43 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-03 13:42 . 2012-06-03 13:42 -------- d-----w- c:\programdata\Lavasoft
2012-06-03 13:42 . 2012-06-03 14:57 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-06-03 13:41 . 2012-06-03 14:55 -------- d-----w- c:\users\Sarb\AppData\Roaming\Ad-Aware Antivirus
2012-06-03 13:33 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-03 13:32 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-03 13:32 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-30 20:26 . 2012-05-30 20:30 -------- d-sh--w- c:\users\Sarb\AppData\Roaming\System Protection Tools
2012-05-30 20:26 . 2012-05-30 20:26 -------- d-sh--w- c:\programdata\SPMPKXZT
2012-05-11 09:11 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 09:11 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 09:11 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 09:11 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 09:11 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 09:11 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 09:10 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 09:10 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 09:10 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 09:10 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:10 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 09:10 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 09:10 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:02 . 2012-06-08 20:52 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95458CD6-DEB9-4E0A-8074-13C45F89FBF7}\mpengine.dll
2012-04-28 21:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-28 21:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-08 13:34 . 2012-04-08 13:35 627600 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"AppMon Utility"="c:\program files (x86)\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-20 542560]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 639784]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"pnusbclitray"="pnusbclitray.exe" [2010-12-08 67560]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 20:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 136176]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-11-01 487312]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 136176]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-06-21 25824]
S2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys [x]
S2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-03 8704]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 14:37]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 14:37]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879514458-2007316059-3908774351-1000Core.job
- c:\users\Sarb\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 20:36]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879514458-2007316059-3908774351-1000UA.job
- c:\users\Sarb\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc64.dll" [2008-04-03 88064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 10720288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 74752]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-09 8151040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: herbertsmith.com\vrd
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Install5G - D:\Install.exe
AddRemove-3049928074.go.sky.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
.
**************************************************************************
.
Completion time: 2012-06-08 22:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 21:46
.
Pre-Run: 41,054,117,888 bytes free
Post-Run: 41,744,687,104 bytes free
.
- - End Of File - - 11737B1C5F78E9E7B4D3D7F66BBEC194

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 08 June 2012 - 09:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 09 June 2012 - 05:38 AM

Hi Gringo. Here is the TDSSkiller log. The aswMBR program crashed whilst scanning and did not produce a log. It also restarted my machine.

Should I run it again?

11:00:37.0694 3472 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:00:37.0866 3472 ============================================================
11:00:37.0866 3472 Current date / time: 2012/06/09 11:00:37.0866
11:00:37.0866 3472 SystemInfo:
11:00:37.0866 3472
11:00:37.0866 3472 OS Version: 6.1.7601 ServicePack: 1.0
11:00:37.0866 3472 Product type: Workstation
11:00:37.0866 3472 ComputerName: SARB-PC
11:00:37.0866 3472 UserName: Sarb
11:00:37.0866 3472 Windows directory: C:\Windows
11:00:37.0866 3472 System windows directory: C:\Windows
11:00:37.0866 3472 Running under WOW64
11:00:37.0866 3472 Processor architecture: Intel x64
11:00:37.0866 3472 Number of processors: 2
11:00:37.0866 3472 Page size: 0x1000
11:00:37.0866 3472 Boot type: Normal boot
11:00:37.0866 3472 ============================================================
11:00:41.0142 3472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:00:41.0142 3472 ============================================================
11:00:41.0142 3472 \Device\Harddisk0\DR0:
11:00:41.0142 3472 MBR partitions:
11:00:41.0142 3472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:00:41.0142 3472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
11:00:41.0142 3472 ============================================================
11:00:41.0220 3472 C: <-> \Device\Harddisk0\DR0\Partition1
11:00:41.0220 3472 ============================================================
11:00:41.0220 3472 Initialize success
11:00:41.0220 3472 ============================================================
11:00:49.0737 3968 ============================================================
11:00:49.0737 3968 Scan started
11:00:49.0737 3968 Mode: Manual;
11:00:49.0737 3968 ============================================================
11:00:51.0469 3968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:00:51.0469 3968 1394ohci - ok
11:00:51.0765 3968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:00:51.0781 3968 ACPI - ok
11:00:51.0859 3968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:00:51.0859 3968 AcpiPmi - ok
11:00:51.0968 3968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:00:52.0015 3968 adp94xx - ok
11:00:52.0077 3968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:00:52.0077 3968 adpahci - ok
11:00:52.0124 3968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:00:52.0140 3968 adpu320 - ok
11:00:52.0171 3968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:00:52.0186 3968 AeLookupSvc - ok
11:00:52.0327 3968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:00:52.0342 3968 AFD - ok
11:00:52.0436 3968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:00:52.0436 3968 agp440 - ok
11:00:52.0483 3968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:00:52.0483 3968 ALG - ok
11:00:52.0530 3968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:00:52.0530 3968 aliide - ok
11:00:52.0561 3968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:00:52.0561 3968 amdide - ok
11:00:52.0608 3968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:00:52.0608 3968 AmdK8 - ok
11:00:52.0623 3968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:00:52.0639 3968 AmdPPM - ok
11:00:52.0686 3968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:00:52.0732 3968 amdsata - ok
11:00:52.0764 3968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:00:52.0779 3968 amdsbs - ok
11:00:52.0795 3968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:00:52.0795 3968 amdxata - ok
11:00:52.0873 3968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:00:52.0873 3968 AppID - ok
11:00:52.0935 3968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:00:52.0935 3968 AppIDSvc - ok
11:00:52.0982 3968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:00:52.0982 3968 Appinfo - ok
11:00:53.0091 3968 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:00:53.0091 3968 Apple Mobile Device - ok
11:00:53.0169 3968 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:00:53.0232 3968 AppMgmt - ok
11:00:53.0310 3968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:00:53.0310 3968 arc - ok
11:00:53.0341 3968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:00:53.0341 3968 arcsas - ok
11:00:53.0403 3968 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
11:00:53.0403 3968 aswFsBlk - ok
11:00:53.0481 3968 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:00:53.0481 3968 aswMonFlt - ok
11:00:53.0528 3968 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
11:00:53.0544 3968 aswRdr - ok
11:00:53.0793 3968 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
11:00:53.0809 3968 aswSnx - ok
11:00:53.0934 3968 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
11:00:53.0934 3968 aswSP - ok
11:00:54.0090 3968 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
11:00:54.0090 3968 aswTdi - ok
11:00:54.0152 3968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:00:54.0168 3968 AsyncMac - ok
11:00:54.0214 3968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:00:54.0214 3968 atapi - ok
11:00:54.0495 3968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:00:54.0511 3968 AudioEndpointBuilder - ok
11:00:54.0526 3968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:00:54.0542 3968 AudioSrv - ok
11:00:54.0729 3968 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:00:54.0729 3968 avast! Antivirus - ok
11:00:54.0870 3968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:00:54.0916 3968 AxInstSV - ok
11:00:54.0994 3968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:00:55.0010 3968 b06bdrv - ok
11:00:55.0072 3968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:00:55.0119 3968 b57nd60a - ok
11:00:55.0166 3968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:00:55.0182 3968 BDESVC - ok
11:00:55.0197 3968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:00:55.0197 3968 Beep - ok
11:00:55.0416 3968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:00:55.0447 3968 BFE - ok
11:00:55.0572 3968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:00:55.0618 3968 BITS - ok
11:00:55.0743 3968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:00:55.0743 3968 blbdrive - ok
11:00:55.0930 3968 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:00:55.0946 3968 Bonjour Service - ok
11:00:56.0040 3968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:00:56.0040 3968 bowser - ok
11:00:56.0086 3968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:00:56.0086 3968 BrFiltLo - ok
11:00:56.0118 3968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:00:56.0118 3968 BrFiltUp - ok
11:00:56.0196 3968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:00:56.0211 3968 BridgeMP - ok
11:00:56.0320 3968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:00:56.0383 3968 Browser - ok
11:00:56.0445 3968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:00:56.0445 3968 Brserid - ok
11:00:56.0508 3968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:00:56.0508 3968 BrSerWdm - ok
11:00:56.0539 3968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:00:56.0539 3968 BrUsbMdm - ok
11:00:56.0570 3968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:00:56.0570 3968 BrUsbSer - ok
11:00:56.0617 3968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:00:56.0617 3968 BTHMODEM - ok
11:00:56.0679 3968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:00:56.0679 3968 bthserv - ok
11:00:56.0773 3968 Bulk (d8bd549336593ca304b3524ff2f42717) C:\Windows\system32\Drivers\HDJBulk.sys
11:00:56.0773 3968 Bulk - ok
11:00:56.0835 3968 catchme - ok
11:00:56.0882 3968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:00:56.0882 3968 cdfs - ok
11:00:56.0976 3968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:00:57.0022 3968 cdrom - ok
11:00:57.0178 3968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:00:57.0194 3968 CertPropSvc - ok
11:00:57.0272 3968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:00:57.0288 3968 circlass - ok
11:00:57.0319 3968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:00:57.0334 3968 CLFS - ok
11:00:57.0506 3968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:00:57.0506 3968 clr_optimization_v2.0.50727_32 - ok
11:00:57.0600 3968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:00:57.0662 3968 clr_optimization_v2.0.50727_64 - ok
11:00:58.0021 3968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:00:58.0036 3968 clr_optimization_v4.0.30319_32 - ok
11:00:58.0114 3968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:00:58.0130 3968 clr_optimization_v4.0.30319_64 - ok
11:00:58.0161 3968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:00:58.0161 3968 CmBatt - ok
11:00:58.0208 3968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:00:58.0208 3968 cmdide - ok
11:00:58.0411 3968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:00:58.0442 3968 CNG - ok
11:00:58.0489 3968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:00:58.0489 3968 Compbatt - ok
11:00:58.0551 3968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:00:58.0551 3968 CompositeBus - ok
11:00:58.0582 3968 COMSysApp - ok
11:00:58.0614 3968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:00:58.0614 3968 crcdisk - ok
11:00:58.0692 3968 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:00:58.0738 3968 CryptSvc - ok
11:00:58.0832 3968 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:00:58.0863 3968 CSC - ok
11:00:59.0004 3968 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:00:59.0035 3968 CscService - ok
11:00:59.0144 3968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:00:59.0160 3968 DcomLaunch - ok
11:00:59.0238 3968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:00:59.0253 3968 defragsvc - ok
11:00:59.0362 3968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:00:59.0378 3968 DfsC - ok
11:00:59.0456 3968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:00:59.0456 3968 Dhcp - ok
11:00:59.0487 3968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:00:59.0503 3968 discache - ok
11:00:59.0550 3968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:00:59.0550 3968 Disk - ok
11:00:59.0565 3968 DMICall - ok
11:00:59.0752 3968 DMService (4e82a6c63af27769d116eab576e5357e) C:\Windows\DOWNLO~1\DMService.exe
11:00:59.0784 3968 DMService - ok
11:00:59.0877 3968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:00:59.0908 3968 Dnscache - ok
11:00:59.0986 3968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:01:00.0033 3968 dot3svc - ok
11:01:00.0127 3968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:01:00.0127 3968 DPS - ok
11:01:00.0205 3968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:01:00.0205 3968 drmkaud - ok
11:01:00.0423 3968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:01:00.0439 3968 DXGKrnl - ok
11:01:00.0548 3968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:01:00.0626 3968 EapHost - ok
11:01:01.0172 3968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:01:01.0312 3968 ebdrv - ok
11:01:01.0531 3968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:01:01.0531 3968 EFS - ok
11:01:01.0890 3968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:01:01.0968 3968 ehRecvr - ok
11:01:02.0046 3968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:01:02.0092 3968 ehSched - ok
11:01:02.0233 3968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:01:02.0295 3968 elxstor - ok
11:01:02.0342 3968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:01:02.0342 3968 ErrDev - ok
11:01:02.0436 3968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:01:02.0451 3968 EventSystem - ok
11:01:02.0498 3968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:01:02.0498 3968 exfat - ok
11:01:02.0545 3968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:01:02.0560 3968 fastfat - ok
11:01:02.0748 3968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:01:02.0826 3968 Fax - ok
11:01:02.0841 3968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:01:02.0841 3968 fdc - ok
11:01:02.0888 3968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:01:02.0888 3968 fdPHost - ok
11:01:02.0904 3968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:01:02.0919 3968 FDResPub - ok
11:01:02.0950 3968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:01:02.0950 3968 FileInfo - ok
11:01:02.0982 3968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:01:02.0982 3968 Filetrace - ok
11:01:03.0013 3968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:01:03.0013 3968 flpydisk - ok
11:01:03.0091 3968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:01:03.0106 3968 FltMgr - ok
11:01:03.0200 3968 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
11:01:03.0200 3968 FlyUsb - ok
11:01:03.0387 3968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:01:03.0450 3968 FontCache - ok
11:01:03.0684 3968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:01:03.0684 3968 FontCache3.0.0.0 - ok
11:01:03.0730 3968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:01:03.0746 3968 FsDepends - ok
11:01:03.0793 3968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:01:03.0793 3968 Fs_Rec - ok
11:01:03.0871 3968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:01:03.0886 3968 fvevol - ok
11:01:03.0933 3968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:01:03.0933 3968 gagp30kx - ok
11:01:03.0996 3968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:01:03.0996 3968 GEARAspiWDM - ok
11:01:04.0136 3968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:01:04.0152 3968 gpsvc - ok
11:01:04.0464 3968 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:01:04.0479 3968 gupdate - ok
11:01:04.0510 3968 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:01:04.0510 3968 gupdatem - ok
11:01:04.0542 3968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:01:04.0588 3968 gusvc - ok
11:01:04.0666 3968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:01:04.0666 3968 hcw85cir - ok
11:01:04.0807 3968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:01:04.0854 3968 HdAudAddService - ok
11:01:04.0947 3968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:01:04.0947 3968 HDAudBus - ok
11:01:05.0025 3968 HDJMidi (f10b45171f7e8618e0868f3a0c9efe84) C:\Windows\system32\DRIVERS\HDJMidi.sys
11:01:05.0041 3968 HDJMidi - ok
11:01:05.0197 3968 HerculesDJControlMP3 (4141c2cbd8d6c9f3f4004fe842c48e79) C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
11:01:05.0197 3968 HerculesDJControlMP3 - ok
11:01:05.0306 3968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:01:05.0306 3968 HidBatt - ok
11:01:05.0384 3968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:01:05.0384 3968 HidBth - ok
11:01:05.0415 3968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:01:05.0431 3968 HidIr - ok
11:01:05.0462 3968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:01:05.0462 3968 hidserv - ok
11:01:05.0524 3968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:01:05.0540 3968 HidUsb - ok
11:01:05.0587 3968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:01:05.0587 3968 hkmsvc - ok
11:01:05.0712 3968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:01:05.0712 3968 HomeGroupListener - ok
11:01:05.0821 3968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:01:05.0836 3968 HomeGroupProvider - ok
11:01:05.0914 3968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:01:05.0930 3968 HpSAMD - ok
11:01:06.0055 3968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:01:06.0070 3968 HTTP - ok
11:01:06.0164 3968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:01:06.0164 3968 hwpolicy - ok
11:01:06.0226 3968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:01:06.0258 3968 i8042prt - ok
11:01:06.0320 3968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:01:06.0336 3968 iaStorV - ok
11:01:06.0492 3968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:01:06.0554 3968 idsvc - ok
11:01:06.0601 3968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:01:06.0601 3968 iirsp - ok
11:01:06.0741 3968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:01:06.0788 3968 IKEEXT - ok
11:01:06.0850 3968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:01:06.0850 3968 intelide - ok
11:01:06.0882 3968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:01:06.0897 3968 intelppm - ok
11:01:06.0944 3968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:01:06.0960 3968 IPBusEnum - ok
11:01:07.0038 3968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:01:07.0053 3968 IpFilterDriver - ok
11:01:07.0147 3968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:01:07.0194 3968 iphlpsvc - ok
11:01:07.0740 3968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:01:07.0755 3968 IPMIDRV - ok
11:01:07.0849 3968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:01:07.0864 3968 IPNAT - ok
11:01:09.0175 3968 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
11:01:09.0237 3968 iPod Service - ok
11:01:09.0284 3968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:01:09.0284 3968 IRENUM - ok
11:01:09.0346 3968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:01:09.0346 3968 isapnp - ok
11:01:09.0409 3968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:01:09.0456 3968 iScsiPrt - ok
11:01:09.0502 3968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:01:09.0502 3968 kbdclass - ok
11:01:09.0565 3968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:01:09.0565 3968 kbdhid - ok
11:01:09.0627 3968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:01:09.0627 3968 KeyIso - ok
11:01:10.0204 3968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:01:10.0204 3968 KSecDD - ok
11:01:10.0267 3968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:01:10.0267 3968 KSecPkg - ok
11:01:10.0314 3968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:01:10.0314 3968 ksthunk - ok
11:01:10.0376 3968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:01:10.0407 3968 KtmRm - ok
11:01:10.0485 3968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:01:10.0516 3968 LanmanServer - ok
11:01:10.0594 3968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:01:10.0610 3968 LanmanWorkstation - ok
11:01:12.0544 3968 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
11:01:12.0700 3968 LeapFrog Connect Device Service - ok
11:01:12.0950 3968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:01:12.0950 3968 lltdio - ok
11:01:13.0059 3968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:01:13.0075 3968 lltdsvc - ok
11:01:13.0090 3968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:01:13.0090 3968 lmhosts - ok
11:01:13.0153 3968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:01:13.0153 3968 LSI_FC - ok
11:01:13.0184 3968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:01:13.0200 3968 LSI_SAS - ok
11:01:13.0246 3968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:01:13.0246 3968 LSI_SAS2 - ok
11:01:13.0278 3968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:01:13.0293 3968 LSI_SCSI - ok
11:01:13.0340 3968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:01:13.0356 3968 luafv - ok
11:01:13.0496 3968 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:01:13.0496 3968 MBAMProtector - ok
11:01:13.0668 3968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:01:13.0683 3968 MBAMService - ok
11:01:13.0746 3968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:01:13.0777 3968 Mcx2Svc - ok
11:01:13.0870 3968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:01:13.0870 3968 MDM - ok
11:01:13.0902 3968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:01:13.0902 3968 megasas - ok
11:01:14.0182 3968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:01:14.0198 3968 MegaSR - ok
11:01:14.0292 3968 MemeoBackgroundService (c06d282b7769eb6c67da6a855da45f28) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
11:01:14.0292 3968 MemeoBackgroundService - ok
11:01:14.0432 3968 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:01:14.0432 3968 Microsoft Office Groove Audit Service - ok
11:01:14.0479 3968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:01:14.0494 3968 MMCSS - ok
11:01:14.0510 3968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:01:14.0510 3968 Modem - ok
11:01:14.0557 3968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:01:14.0557 3968 monitor - ok
11:01:14.0635 3968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:01:14.0635 3968 mouclass - ok
11:01:14.0682 3968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:01:14.0682 3968 mouhid - ok
11:01:14.0744 3968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:01:14.0744 3968 mountmgr - ok
11:01:14.0869 3968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:01:14.0884 3968 mpio - ok
11:01:14.0947 3968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:01:14.0962 3968 mpsdrv - ok
11:01:15.0087 3968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:01:15.0134 3968 MpsSvc - ok
11:01:15.0196 3968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:01:15.0212 3968 MRxDAV - ok
11:01:15.0274 3968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:01:15.0290 3968 mrxsmb - ok
11:01:15.0415 3968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:01:15.0477 3968 mrxsmb10 - ok
11:01:15.0508 3968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:01:15.0524 3968 mrxsmb20 - ok
11:01:15.0571 3968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:01:15.0571 3968 msahci - ok
11:01:15.0680 3968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:01:15.0742 3968 msdsm - ok
11:01:15.0789 3968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:01:15.0805 3968 MSDTC - ok
11:01:15.0852 3968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:01:15.0852 3968 Msfs - ok
11:01:15.0898 3968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:01:15.0898 3968 mshidkmdf - ok
11:01:16.0101 3968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:01:16.0101 3968 msisadrv - ok
11:01:16.0148 3968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:01:16.0257 3968 MSiSCSI - ok
11:01:16.0273 3968 msiserver - ok
11:01:16.0382 3968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:01:16.0382 3968 MSKSSRV - ok
11:01:16.0460 3968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:01:16.0460 3968 MSPCLOCK - ok
11:01:16.0507 3968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:01:16.0507 3968 MSPQM - ok
11:01:16.0585 3968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:01:16.0600 3968 MsRPC - ok
11:01:16.0663 3968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:01:16.0663 3968 mssmbios - ok
11:01:16.0694 3968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:01:16.0694 3968 MSTEE - ok
11:01:16.0725 3968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:01:16.0725 3968 MTConfig - ok
11:01:16.0756 3968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:01:16.0756 3968 Mup - ok
11:01:16.0834 3968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:01:16.0850 3968 napagent - ok
11:01:16.0912 3968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:01:16.0912 3968 NativeWifiP - ok
11:01:17.0037 3968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:01:17.0084 3968 NDIS - ok
11:01:17.0115 3968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:01:17.0115 3968 NdisCap - ok
11:01:17.0162 3968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:01:17.0162 3968 NdisTapi - ok
11:01:17.0224 3968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:01:17.0240 3968 Ndisuio - ok
11:01:17.0302 3968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:01:17.0334 3968 NdisWan - ok
11:01:17.0380 3968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:01:17.0396 3968 NDProxy - ok
11:01:17.0412 3968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:01:17.0412 3968 NetBIOS - ok
11:01:17.0490 3968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:01:17.0505 3968 NetBT - ok
11:01:17.0568 3968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:01:17.0568 3968 Netlogon - ok
11:01:17.0646 3968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:01:17.0677 3968 Netman - ok
11:01:17.0770 3968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:01:17.0786 3968 netprofm - ok
11:01:18.0316 3968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:01:18.0332 3968 NetTcpPortSharing - ok
11:01:19.0206 3968 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:01:19.0362 3968 netw5v64 - ok
11:01:19.0549 3968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:01:19.0549 3968 nfrd960 - ok
11:01:19.0627 3968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:01:19.0642 3968 NlaSvc - ok
11:01:19.0674 3968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:01:19.0674 3968 Npfs - ok
11:01:19.0705 3968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:01:19.0720 3968 nsi - ok
11:01:19.0736 3968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:01:19.0736 3968 nsiproxy - ok
11:01:19.0923 3968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:01:19.0970 3968 Ntfs - ok
11:01:20.0126 3968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:01:20.0126 3968 Null - ok
11:01:23.0028 3968 nvlddmkm (048a0e9f98ab21fe50f967fb66787ba6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:01:23.0152 3968 nvlddmkm - ok
11:01:23.0636 3968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:01:23.0683 3968 nvraid - ok
11:01:23.0761 3968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:01:23.0792 3968 nvstor - ok
11:01:23.0839 3968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:01:23.0839 3968 nv_agp - ok
11:01:24.0026 3968 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:01:24.0135 3968 odserv - ok
11:01:24.0198 3968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:01:24.0213 3968 ohci1394 - ok
11:01:24.0260 3968 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:01:24.0276 3968 ose - ok
11:01:24.0338 3968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:01:24.0400 3968 p2pimsvc - ok
11:01:24.0478 3968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:01:24.0510 3968 p2psvc - ok
11:01:24.0681 3968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:01:24.0681 3968 Parport - ok
11:01:24.0744 3968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:01:24.0744 3968 partmgr - ok
11:01:24.0822 3968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:01:24.0868 3968 PcaSvc - ok
11:01:24.0946 3968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:01:24.0946 3968 pci - ok
11:01:24.0993 3968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:01:24.0993 3968 pciide - ok
11:01:25.0040 3968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:01:25.0056 3968 pcmcia - ok
11:01:25.0071 3968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:01:25.0071 3968 pcw - ok
11:01:25.0165 3968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:01:25.0180 3968 PEAUTH - ok
11:01:25.0570 3968 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:01:25.0633 3968 PeerDistSvc - ok
11:01:25.0758 3968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:01:25.0773 3968 PerfHost - ok
11:01:26.0428 3968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:01:26.0491 3968 pla - ok
11:01:26.0584 3968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:01:26.0616 3968 PlugPlay - ok
11:01:26.0709 3968 pnpnptool (8f1c23fef6667f123586f1f022fc2059) C:\Windows\system32\Drivers\pnpnptool.sys
11:01:26.0709 3968 pnpnptool - ok
11:01:26.0772 3968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:01:26.0803 3968 PNRPAutoReg - ok
11:01:26.0850 3968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:01:26.0850 3968 PNRPsvc - ok
11:01:26.0912 3968 pnusbd (970528b300192f608bfc4f9ac3c18601) C:\Windows\system32\Drivers\pnusbd.sys
11:01:26.0928 3968 pnusbd - ok
11:01:27.0115 3968 pnusbvirtualhubwssrv (0317bb3ea6590d48695acd45181d5da0) C:\Windows\system32\pnusbvirtualhubwssrv.exe
11:01:27.0130 3968 pnusbvirtualhubwssrv - ok
11:01:27.0224 3968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:01:27.0255 3968 PolicyAgent - ok
11:01:27.0458 3968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:01:27.0505 3968 Power - ok
11:01:27.0583 3968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:01:27.0598 3968 PptpMiniport - ok
11:01:27.0630 3968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:01:27.0630 3968 Processor - ok
11:01:27.0708 3968 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:01:27.0754 3968 ProfSvc - ok
11:01:27.0817 3968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:01:27.0817 3968 ProtectedStorage - ok
11:01:27.0895 3968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:01:27.0926 3968 Psched - ok
11:01:28.0144 3968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:01:28.0176 3968 ql2300 - ok
11:01:28.0441 3968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:01:28.0456 3968 ql40xx - ok
11:01:28.0519 3968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:01:28.0534 3968 QWAVE - ok
11:01:28.0550 3968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:01:28.0566 3968 QWAVEdrv - ok
11:01:28.0581 3968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:01:28.0581 3968 RasAcd - ok
11:01:28.0612 3968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:01:28.0612 3968 RasAgileVpn - ok
11:01:28.0628 3968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:01:28.0628 3968 RasAuto - ok
11:01:28.0690 3968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:01:28.0690 3968 Rasl2tp - ok
11:01:28.0784 3968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:01:28.0800 3968 RasMan - ok
11:01:28.0831 3968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:01:28.0831 3968 RasPppoe - ok
11:01:28.0862 3968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:01:28.0862 3968 RasSstp - ok
11:01:28.0940 3968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:01:28.0956 3968 rdbss - ok
11:01:28.0971 3968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:01:28.0971 3968 rdpbus - ok
11:01:28.0987 3968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:01:28.0987 3968 RDPCDD - ok
11:01:29.0049 3968 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:01:29.0049 3968 RDPDR - ok
11:01:29.0096 3968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:01:29.0096 3968 RDPENCDD - ok
11:01:29.0112 3968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:01:29.0112 3968 RDPREFMP - ok
11:01:29.0174 3968 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:01:29.0174 3968 RdpVideoMiniport - ok
11:01:29.0252 3968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:01:29.0283 3968 RDPWD - ok
11:01:29.0346 3968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:01:29.0361 3968 rdyboost - ok
11:01:29.0392 3968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:01:29.0408 3968 RemoteAccess - ok
11:01:29.0580 3968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:01:29.0611 3968 RemoteRegistry - ok
11:01:29.0673 3968 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:01:29.0673 3968 RimUsb - ok
11:01:29.0689 3968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:01:29.0704 3968 RpcEptMapper - ok
11:01:29.0767 3968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:01:29.0798 3968 RpcLocator - ok
11:01:29.0954 3968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
11:01:29.0970 3968 RpcSs - ok
11:01:30.0172 3968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:01:30.0172 3968 rspndr - ok
11:01:30.0282 3968 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:01:30.0282 3968 s3cap - ok
11:01:30.0344 3968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:01:30.0344 3968 SamSs - ok
11:01:30.0422 3968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:01:30.0469 3968 sbp2port - ok
11:01:30.0484 3968 SBRE - ok
11:01:30.0547 3968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:01:30.0578 3968 SCardSvr - ok
11:01:30.0625 3968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:01:30.0640 3968 scfilter - ok
11:01:30.0828 3968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:01:30.0890 3968 Schedule - ok
11:01:31.0030 3968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:01:31.0046 3968 SCPolicySvc - ok
11:01:31.0140 3968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:01:31.0186 3968 SDRSVC - ok
11:01:31.0467 3968 SeagateDashboardService (a1a26e8ec51e199d873d85f3e2b6fc65) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
11:01:31.0467 3968 SeagateDashboardService - ok
11:01:31.0576 3968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:01:31.0779 3968 secdrv - ok
11:01:31.0842 3968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:01:31.0857 3968 seclogon - ok
11:01:32.0107 3968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:01:32.0122 3968 SENS - ok
11:01:32.0138 3968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:01:32.0200 3968 SensrSvc - ok
11:01:32.0232 3968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:01:32.0232 3968 Serenum - ok
11:01:32.0263 3968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:01:32.0278 3968 Serial - ok
11:01:32.0403 3968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:01:32.0403 3968 sermouse - ok
11:01:32.0481 3968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:01:32.0544 3968 SessionEnv - ok
11:01:32.0606 3968 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:01:32.0622 3968 SFEP - ok
11:01:32.0668 3968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:01:32.0668 3968 sffdisk - ok
11:01:32.0700 3968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:01:32.0700 3968 sffp_mmc - ok
11:01:32.0746 3968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:01:32.0746 3968 sffp_sd - ok
11:01:32.0793 3968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:01:32.0793 3968 sfloppy - ok
11:01:32.0887 3968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:01:32.0934 3968 SharedAccess - ok
11:01:33.0043 3968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:01:33.0058 3968 ShellHWDetection - ok
11:01:33.0090 3968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:01:33.0090 3968 SiSRaid2 - ok
11:01:33.0183 3968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:01:33.0183 3968 SiSRaid4 - ok
11:01:33.0246 3968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:01:33.0261 3968 Smb - ok
11:01:33.0339 3968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:01:33.0355 3968 SNMPTRAP - ok
11:01:33.0402 3968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:01:33.0402 3968 spldr - ok
11:01:33.0573 3968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:01:33.0604 3968 Spooler - ok
11:01:34.0041 3968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:01:34.0104 3968 sppsvc - ok
11:01:34.0416 3968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:01:34.0462 3968 sppuinotify - ok
11:01:34.0572 3968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:01:34.0665 3968 srv - ok
11:01:34.0743 3968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:01:34.0759 3968 srv2 - ok
11:01:34.0899 3968 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:01:34.0915 3968 SrvHsfHDA - ok
11:01:35.0102 3968 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:01:35.0164 3968 SrvHsfV92 - ok
11:01:35.0570 3968 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:01:35.0617 3968 SrvHsfWinac - ok
11:01:35.0695 3968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:01:35.0757 3968 srvnet - ok
11:01:35.0804 3968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:01:35.0835 3968 SSDPSRV - ok
11:01:36.0022 3968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:01:36.0085 3968 SstpSvc - ok
11:01:36.0210 3968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:01:36.0225 3968 stexstor - ok
11:01:36.0350 3968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:01:36.0366 3968 stisvc - ok
11:01:36.0584 3968 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:01:36.0584 3968 storflt - ok
11:01:36.0615 3968 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:01:36.0615 3968 storvsc - ok
11:01:36.0724 3968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:01:36.0740 3968 swenum - ok
11:01:36.0943 3968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:01:36.0990 3968 swprv - ok
11:01:37.0021 3968 Synth3dVsc - ok
11:01:37.0317 3968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:01:37.0380 3968 SysMain - ok
11:01:37.0738 3968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:01:37.0754 3968 TabletInputService - ok
11:01:37.0848 3968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:01:37.0879 3968 TapiSrv - ok
11:01:37.0926 3968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:01:37.0941 3968 TBS - ok
11:01:38.0316 3968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:01:38.0378 3968 Tcpip - ok
11:01:38.0830 3968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:01:38.0862 3968 TCPIP6 - ok
11:01:39.0314 3968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:01:39.0314 3968 tcpipreg - ok
11:01:39.0376 3968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:01:39.0376 3968 TDPIPE - ok
11:01:39.0439 3968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:01:39.0439 3968 TDTCP - ok
11:01:39.0517 3968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:01:39.0532 3968 tdx - ok
11:01:39.0610 3968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:01:39.0610 3968 TermDD - ok
11:01:39.0766 3968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:01:39.0829 3968 TermService - ok
11:01:39.0876 3968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:01:39.0876 3968 Themes - ok
11:01:39.0922 3968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:01:39.0938 3968 THREADORDER - ok
11:01:40.0125 3968 tifm21 (30c94d6cde4acb9aa24a8223efa6b3b5) C:\Windows\system32\drivers\tifm21.sys
11:01:40.0156 3968 tifm21 - ok
11:01:40.0359 3968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:01:40.0390 3968 TrkWks - ok
11:01:40.0515 3968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:01:40.0515 3968 TrustedInstaller - ok
11:01:40.0765 3968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:01:40.0765 3968 tssecsrv - ok
11:01:40.0890 3968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:01:40.0905 3968 TsUsbFlt - ok
11:01:40.0905 3968 tsusbhub - ok
11:01:41.0139 3968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:01:41.0139 3968 tunnel - ok
11:01:41.0217 3968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:01:41.0217 3968 uagp35 - ok
11:01:41.0451 3968 uagqecsvc (e212cd75c7558450c0890710f892084c) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
11:01:41.0451 3968 uagqecsvc - ok
11:01:41.0498 3968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:01:41.0607 3968 udfs - ok
11:01:41.0670 3968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:01:41.0716 3968 UI0Detect - ok
11:01:41.0826 3968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:01:41.0826 3968 uliagpkx - ok
11:01:41.0935 3968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:01:41.0935 3968 umbus - ok
11:01:42.0013 3968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:01:42.0013 3968 UmPass - ok
11:01:42.0184 3968 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:01:42.0231 3968 UmRdpService - ok
11:01:42.0543 3968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:01:42.0559 3968 upnphost - ok
11:01:42.0606 3968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:01:42.0621 3968 USBAAPL64 - ok
11:01:42.0699 3968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:01:42.0715 3968 usbccgp - ok
11:01:42.0746 3968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:01:42.0762 3968 usbcir - ok
11:01:42.0824 3968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:01:42.0824 3968 usbehci - ok
11:01:42.0918 3968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:01:43.0058 3968 usbhub - ok
11:01:43.0308 3968 USBMULCD (957ec5620fb055e9df2250d6fa4188e1) C:\Windows\system32\drivers\CM10664.sys
11:01:43.0354 3968 USBMULCD - ok
11:01:43.0791 3968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:01:43.0807 3968 usbohci - ok
11:01:43.0885 3968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:01:43.0885 3968 usbprint - ok
11:01:43.0932 3968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:01:43.0947 3968 USBSTOR - ok
11:01:43.0994 3968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:01:44.0010 3968 usbuhci - ok
11:01:44.0072 3968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:01:44.0072 3968 UxSms - ok
11:01:44.0665 3968 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
11:01:44.0680 3968 VAIO Event Service - ok
11:01:44.0758 3968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:01:44.0758 3968 VaultSvc - ok
11:01:44.0836 3968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:01:44.0836 3968 vdrvroot - ok
11:01:45.0024 3968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:01:45.0133 3968 vds - ok
11:01:45.0242 3968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:01:45.0242 3968 vga - ok
11:01:45.0336 3968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:01:45.0336 3968 VgaSave - ok
11:01:45.0382 3968 VGPU - ok
11:01:45.0460 3968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:01:45.0476 3968 vhdmp - ok
11:01:45.0523 3968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:01:45.0538 3968 viaide - ok
11:01:45.0585 3968 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:01:45.0585 3968 vmbus - ok
11:01:45.0632 3968 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:01:45.0632 3968 VMBusHID - ok
11:01:46.0178 3968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:01:46.0178 3968 volmgr - ok
11:01:46.0334 3968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:01:46.0350 3968 volmgrx - ok
11:01:46.0443 3968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:01:46.0459 3968 volsnap - ok
11:01:46.0537 3968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:01:46.0568 3968 vsmraid - ok
11:01:47.0067 3968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:01:47.0176 3968 VSS - ok
11:01:47.0988 3968 VUAgent (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
11:01:48.0003 3968 VUAgent - ok
11:01:48.0222 3968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:01:48.0237 3968 vwifibus - ok
11:01:48.0378 3968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:01:48.0409 3968 W32Time - ok
11:01:48.0471 3968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:01:48.0471 3968 WacomPen - ok
11:01:48.0674 3968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:01:48.0674 3968 WANARP - ok
11:01:48.0705 3968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:01:48.0705 3968 Wanarpv6 - ok
11:01:49.0189 3968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:01:49.0267 3968 WatAdminSvc - ok
11:01:49.0657 3968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:01:49.0704 3968 wbengine - ok
11:01:50.0109 3968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:01:50.0140 3968 WbioSrvc - ok
11:01:50.0218 3968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:01:50.0234 3968 wcncsvc - ok
11:01:50.0265 3968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:01:50.0281 3968 WcsPlugInService - ok
11:01:50.0343 3968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:01:50.0359 3968 Wd - ok
11:01:50.0452 3968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:01:50.0468 3968 Wdf01000 - ok
11:01:50.0530 3968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:01:50.0562 3968 WdiServiceHost - ok
11:01:50.0562 3968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:01:50.0577 3968 WdiSystemHost - ok
11:01:50.0671 3968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:01:50.0686 3968 WebClient - ok
11:01:50.0749 3968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:01:50.0780 3968 Wecsvc - ok
11:01:50.0842 3968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:01:50.0858 3968 wercplsupport - ok
11:01:50.0967 3968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:01:50.0983 3968 WerSvc - ok
11:01:51.0108 3968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:01:51.0108 3968 WfpLwf - ok
11:01:51.0139 3968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:01:51.0139 3968 WIMMount - ok
11:01:51.0217 3968 WinDefend - ok
11:01:51.0232 3968 WinHttpAutoProxySvc - ok
11:01:51.0513 3968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:01:51.0544 3968 Winmgmt - ok
11:01:52.0012 3968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:01:52.0153 3968 WinRM - ok
11:01:52.0839 3968 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:01:52.0855 3968 WinUsb - ok
11:01:53.0011 3968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:01:53.0058 3968 Wlansvc - ok
11:01:53.0120 3968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:01:53.0120 3968 WmiAcpi - ok
11:01:53.0323 3968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:01:53.0401 3968 wmiApSrv - ok
11:01:53.0510 3968 WMPNetworkSvc - ok
11:01:53.0557 3968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:01:53.0635 3968 WPCSvc - ok
11:01:53.0713 3968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:01:53.0744 3968 WPDBusEnum - ok
11:01:53.0853 3968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:01:53.0853 3968 ws2ifsl - ok
11:01:53.0916 3968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:01:53.0947 3968 wscsvc - ok
11:01:53.0947 3968 WSearch - ok
11:01:58.0018 3968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:01:58.0096 3968 wuauserv - ok
11:01:58.0533 3968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:01:58.0564 3968 WudfPf - ok
11:01:58.0658 3968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:01:58.0674 3968 WUDFRd - ok
11:01:58.0752 3968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:01:58.0767 3968 wudfsvc - ok
11:01:58.0814 3968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:01:58.0892 3968 WwanSvc - ok
11:01:59.0017 3968 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:01:59.0032 3968 yukonw7 - ok
11:01:59.0095 3968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:01:59.0438 3968 \Device\Harddisk0\DR0 - ok
11:01:59.0454 3968 Boot (0x1200) (1008e4b351f0a603fe2964502d81909a) \Device\Harddisk0\DR0\Partition0
11:01:59.0454 3968 \Device\Harddisk0\DR0\Partition0 - ok
11:01:59.0547 3968 Boot (0x1200) (b587c6af2a94fd1eaf2fd3422a469ee5) \Device\Harddisk0\DR0\Partition1
11:01:59.0547 3968 \Device\Harddisk0\DR0\Partition1 - ok
11:01:59.0547 3968 ============================================================
11:01:59.0547 3968 Scan finished
11:01:59.0547 3968 ============================================================
11:01:59.0578 0360 Detected object count: 0
11:01:59.0578 0360 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 09 June 2012 - 01:40 PM

Greetings


I would like to see the aswMBR report when it is complete


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 09 June 2012 - 03:51 PM

Hi Gringo
I can't seem to run aswMBR. It freezes when running a scan on googleupdate.exe

#13 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 09 June 2012 - 04:48 PM

Hi Gringo, I ran it again and it seems to have completed successfully.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 21:43:40
-----------------------------
21:43:40.279 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:40.279 Number of processors: 2 586 0x1706
21:43:40.294 ComputerName: SARB-PC UserName: Sarb
21:43:42.603 Initialize success
21:43:46.565 AVAST engine defs: 12060901
21:43:59.420 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:43:59.420 Disk 0 Vendor: WDC_WD3200BEVT-00ZCT0 11.01A11 Size: 305245MB BusType: 11
21:43:59.451 Disk 0 MBR read successfully
21:43:59.451 Disk 0 MBR scan
21:43:59.451 Disk 0 Windows 7 default MBR code
21:43:59.482 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:43:59.498 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
21:43:59.529 Disk 0 scanning C:\Windows\system32\drivers
21:44:10.901 Service scanning
21:44:33.802 Modules scanning
21:44:33.818 Disk 0 trace - called modules:
21:44:33.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:44:33.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800340b530]
21:44:33.896 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8003298680]
21:44:34.988 AVAST engine scan C:\Windows
21:44:38.311 AVAST engine scan C:\Windows\system32
21:47:49.774 AVAST engine scan C:\Windows\system32\drivers
21:48:04.578 AVAST engine scan C:\Users\Sarb
22:38:49.140 AVAST engine scan C:\ProgramData
22:46:16.385 Scan finished successfully
22:47:05.047 Disk 0 MBR has been saved successfully to "C:\Users\Sarb\Downloads\Desktop\MBR.dat"
22:47:05.062 The log file has been saved successfully to "C:\Users\Sarb\Downloads\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 09 June 2012 - 06:09 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 SG1977

SG1977
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 09 June 2012 - 07:08 PM

Here you go Gringo. No problems so far.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarb :: SARB-PC [administrator]

Protection: Enabled

10/06/2012 00:58:48
mbam-log-2012-06-10 (00-58-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223292
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:07:45, on 10/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Windows\SysWOW64\PNUSBCLITRAY.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PNTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files (x86)\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [pnusbclitray] pnusbclitray.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG client components) - https://my.herbertsmith.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quest USB Hub Client Service (pnusbvirtualhubwssrv) - Unknown owner - C:\Windows\system32\pnusbvirtualhubwssrv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10088 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users