Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/BlacoleRef.W


  • This topic is locked This topic is locked
14 replies to this topic

#1 Peter424

Peter424

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 08 June 2012 - 12:23 AM

Hi,
Thanks for looking at this. I apologize because I hastily ran combofix before doing the other things before I checked the procedure. I have included that report too. This seems to have infected other pc's on my network as well.
Thank you again for checking this out.
Peter

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 08 June 2012 - 02:55 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 10 June 2012 - 01:40 PM

Hi Gringo,
Thanks for helping with this!
Here's the scan you requested.
Peter

Scan result of Farbar Recovery Scan Tool Version: 10-06-2012
Ran by SYSTEM at 10-06-2012 14:32:17
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

3 EgisTec Ticket Service; "C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe" [172912 2010-09-27] (Egis Technology Inc. )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)

========================== Drivers (Whitelisted) =============

3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] (Realtek Semiconductor Corp.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 14:31 - 2012-06-10 14:32 - 00000000 ____D C:\FRST
2012-06-09 14:21 - 2012-06-09 14:22 - 00009728 __ASH C:\Users\Susan\Documents\Thumbs.db
2012-06-08 03:47 - 2012-06-10 05:51 - 00000168 ____A C:\Windows\setupact.log
2012-06-08 03:47 - 2012-06-08 03:47 - 00000000 ____A C:\Windows\setuperr.log
2012-06-07 21:05 - 2012-06-07 21:05 - 00000000 ____A C:\Users\Susan\defogger_reenable
2012-06-07 20:58 - 2012-06-07 21:16 - 00000000 ____D C:\Users\Susan\Documents\combofix
2012-06-07 19:37 - 2012-06-07 19:37 - 00018004 ____A C:\ComboFix.txt
2012-06-07 19:21 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-07 19:21 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-07 19:21 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-07 19:21 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-07 19:21 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-07 19:21 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-07 19:21 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-07 19:21 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-07 19:20 - 2012-06-07 19:37 - 00000000 ____D C:\Qoobox
2012-06-07 19:20 - 2012-06-07 19:34 - 00000000 ____D C:\Windows\ERDNT
2012-06-06 18:30 - 2012-06-07 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:30 - 2012-06-06 18:30 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Malwarebytes
2012-06-06 18:30 - 2012-06-06 18:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:30 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-06 18:28 - 2012-06-06 18:28 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-19 05:30 - 2012-05-19 05:30 - 00015473 ____A C:\Users\Susan\Documents\AutoInsuranceIdCards.pdf
2012-05-16 10:44 - 2012-05-16 10:44 - 00011009 ____A C:\Users\Susan\Desktop\English 3 Recommended Junior Into Thin Air any edition Krakauer.docx

============ 3 Months Modified Files and Folders =============

2012-06-10 14:32 - 2012-06-10 14:31 - 00000000 ____D C:\FRST
2012-06-10 10:23 - 2010-12-27 05:16 - 01693221 ____A C:\Windows\WindowsUpdate.log
2012-06-10 10:08 - 2012-04-29 05:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 10:03 - 2012-04-29 10:02 - 00000000 ____D C:\Users\Susan\Documents\Fax
2012-06-10 09:43 - 2009-07-13 21:13 - 00729816 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-10 05:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 05:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 05:51 - 2012-06-08 03:47 - 00000168 ____A C:\Windows\setupact.log
2012-06-10 05:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 14:22 - 2012-06-09 14:21 - 00009728 __ASH C:\Users\Susan\Documents\Thumbs.db
2012-06-09 14:19 - 2012-04-29 10:02 - 00000000 ___RD C:\Users\Susan\Documents\Scanned Documents
2012-06-08 03:47 - 2012-06-08 03:47 - 00000000 ____A C:\Windows\setuperr.log
2012-06-07 21:16 - 2012-06-07 20:58 - 00000000 ____D C:\Users\Susan\Documents\combofix
2012-06-07 21:05 - 2012-06-07 21:05 - 00000000 ____A C:\Users\Susan\defogger_reenable
2012-06-07 21:05 - 2012-04-29 07:02 - 00000000 ____D C:\users\Susan
2012-06-07 20:04 - 2012-06-06 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 19:37 - 2012-06-07 19:37 - 00018004 ____A C:\ComboFix.txt
2012-06-07 19:37 - 2012-06-07 19:20 - 00000000 ____D C:\Qoobox
2012-06-07 19:37 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-07 19:34 - 2012-06-07 19:20 - 00000000 ____D C:\Windows\ERDNT
2012-06-07 19:32 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-07 19:32 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-07 19:20 - 2012-04-29 10:43 - 04539477 ____R (Swearware) C:\Users\Susan\Downloads\ComboFix.exe
2012-06-06 18:30 - 2012-06-06 18:30 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Malwarebytes
2012-06-06 18:30 - 2012-06-06 18:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:28 - 2012-06-06 18:28 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-05 22:49 - 2011-08-17 06:52 - 00000000 ____D C:\Program Files\CCleaner
2012-06-05 22:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-06-02 21:00 - 2012-04-29 08:43 - 00000000 ____D C:\Users\Susan\AppData\Local\ElevatedDiagnostics
2012-05-25 13:03 - 2012-04-29 10:02 - 00000000 ____D C:\Users\Susan\Documents\Info
2012-05-19 05:30 - 2012-05-19 05:30 - 00015473 ____A C:\Users\Susan\Documents\AutoInsuranceIdCards.pdf
2012-05-16 10:44 - 2012-05-16 10:44 - 00011009 ____A C:\Users\Susan\Desktop\English 3 Recommended Junior Into Thin Air any edition Krakauer.docx
2012-05-10 22:19 - 2012-05-10 22:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-10 22:19 - 2012-05-10 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 22:15 - 2012-04-29 05:23 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-10 22:15 - 2012-04-29 05:23 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-10 22:13 - 2009-07-13 20:45 - 00428544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 22:05 - 2011-08-17 07:46 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 22:05 - 2011-08-17 05:52 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 21:59 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-04-30 21:25 - 2012-04-30 21:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-29 13:36 - 2012-04-29 13:25 - 00172963 ____A C:\Windows\hpoins46.dat
2012-04-29 13:36 - 2012-04-29 13:25 - 00000358 ____A C:\Users\All Users\hpzinstall.log
2012-04-29 13:27 - 2012-04-29 13:27 - 00000000 ____D C:\Program Files (x86)\HP
2012-04-29 13:25 - 2012-04-29 13:25 - 00000000 ____D C:\Users\All Users\HP
2012-04-29 13:24 - 2012-04-29 13:23 - 60341952 ____A C:\Users\Susan\Downloads\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe
2012-04-29 11:09 - 2012-04-29 11:09 - 00002693 ____A C:\Users\Susan\Desktop\Microsoft Office Word 2007.lnk
2012-04-29 11:08 - 2012-04-29 10:50 - 00002223 ____A C:\Users\Susan\Desktop\Pictures on PeterPC.lnk
2012-04-29 11:08 - 2012-04-29 07:03 - 00111640 ____A C:\Users\Susan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-29 11:04 - 2012-04-29 11:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-04-29 11:04 - 2012-04-29 11:04 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-04-29 11:03 - 2012-04-29 11:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-04-29 10:04 - 2012-04-29 10:07 - 00007680 ____A C:\Users\Susan\Documents\bookmark.htm
2012-04-29 10:03 - 2012-04-29 10:02 - 00000000 ____D C:\Users\Susan\Documents\Timecard
2012-04-29 10:03 - 2012-04-29 10:02 - 00000000 ____D C:\Users\Susan\Documents\Grant Homework
2012-04-29 09:53 - 2012-04-29 08:36 - 00000000 ____D C:\Users\Susan\Documents\grant
2012-04-29 09:52 - 2012-04-29 09:51 - 00000077 ____A C:\Users\Susan\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-04-29 09:52 - 2012-04-29 09:51 - 00000077 ____A C:\Users\Susan\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-29 09:51 - 2012-04-29 09:51 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Research In Motion
2012-04-29 09:51 - 2012-04-29 09:51 - 00000000 ____D C:\Users\Susan\AppData\Local\Research In Motion
2012-04-29 09:49 - 2012-04-29 09:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-04-29 09:48 - 2012-04-29 09:48 - 00002194 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-04-29 09:48 - 2012-04-29 09:48 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-04-29 09:48 - 2012-04-29 09:48 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2012-04-29 09:48 - 2012-04-29 08:51 - 00002021 ____A C:\Users\Susan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-29 09:26 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-04-29 09:25 - 2012-04-29 09:25 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-29 08:59 - 2012-04-29 08:59 - 00001372 ____A C:\Users\Susan\Desktop\Internet Explorer (64-bit).lnk
2012-04-29 08:56 - 2012-04-29 07:02 - 00000000 ____D C:\Users\Susan\AppData\LocalLow
2012-04-29 08:54 - 2012-04-29 08:52 - 00000000 ____D C:\Users\Susan\AppData\Local\Adobe
2012-04-29 08:52 - 2012-04-29 08:43 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Adobe
2012-04-29 08:50 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-04-29 08:36 - 2011-08-17 04:39 - 00000000 ____D C:\users\grant
2012-04-29 07:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-04-29 07:03 - 2012-04-29 07:03 - 00000000 ____D C:\Users\Susan\AppData\Roaming\ATI
2012-04-29 07:03 - 2012-04-29 07:03 - 00000000 ____D C:\Users\Susan\AppData\Roaming\Apple Computer
2012-04-29 07:03 - 2012-04-29 07:03 - 00000000 ____D C:\Users\Susan\AppData\Local\EgisTec IPS
2012-04-29 07:03 - 2012-04-29 07:03 - 00000000 ____D C:\Users\Susan\AppData\Local\ATI
2012-04-29 07:02 - 2012-04-29 07:02 - 00000020 ___SH C:\Users\Susan\ntuser.ini
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\Templates
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\Start Menu
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\PrintHood
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\NetHood
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\My Documents
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\Documents\My Videos
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\Documents\My Pictures
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\Documents\My Music
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\AppData\Local\Temporary Internet Files
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 __SHD C:\Users\Susan\AppData\Local\History
2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 ____D C:\Users\Susan\AppData\Local\VirtualStore
2012-04-29 06:44 - 2012-04-29 05:48 - 00000000 ____D C:\AMD
2012-04-29 06:35 - 2011-08-18 18:57 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-29 06:35 - 2011-08-18 18:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-04-29 06:34 - 2012-04-29 06:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-29 06:34 - 2011-08-18 18:57 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-29 05:56 - 2012-04-29 05:56 - 00000000 ____D C:\Users\All Users\ATI
2012-04-29 05:55 - 2012-04-29 05:55 - 00000000 ____D C:\Program Files\ATI Technologies
2012-04-29 05:55 - 2012-04-29 05:55 - 00000000 ____D C:\Program Files\AMD
2012-04-29 05:55 - 2012-04-29 05:55 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-04-29 05:55 - 2012-04-29 05:55 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-04-29 05:55 - 2012-04-29 05:55 - 00000000 ____D C:\Program Files (x86)\AMD
2012-04-29 05:55 - 2010-12-27 05:27 - 00000000 ____D C:\Users\All Users\AMD
2012-04-29 05:39 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-29 05:30 - 2011-08-18 19:59 - 00000000 ____D C:\Program Files (x86)\Steam
2012-04-29 05:30 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2012-04-29 05:20 - 2010-12-02 07:17 - 00000000 ____D C:\Program Files\Acer
2012-04-29 05:20 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-04-29 05:18 - 2010-12-27 05:53 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-04-29 05:11 - 2010-12-02 07:16 - 00000000 ____D C:\Program Files (x86)\Acer
2012-04-29 05:10 - 2010-12-27 05:50 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2012-04-29 05:02 - 2010-12-02 07:01 - 00000000 ____D C:\Users\All Users\WildTangent
2012-04-29 05:02 - 2010-12-02 07:01 - 00000000 ____D C:\Program Files (x86)\Acer Games
2012-04-29 04:50 - 2010-12-02 06:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-23 18:47 - 2012-04-29 10:07 - 00041864 ____A C:\Users\Susan\Documents\38.docx
2012-04-17 17:58 - 2012-04-29 10:50 - 00001210 ____A C:\Users\Susan\Desktop\Windows Fax and Scan.lnk
2012-04-07 13:41 - 2012-04-29 10:43 - 06284664 ____A (Microsoft Corporation) C:\Users\Susan\Downloads\Silverlight.exe
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:34 - 2012-04-05 18:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 18:34 - 2012-04-05 18:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 18:34 - 2012-04-05 18:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 18:33 - 2012-04-05 18:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 18:32 - 2012-04-05 18:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 18:32 - 2012-04-05 18:32 - 00054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-05 18:32 - 2012-04-05 18:32 - 00050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2012-04-05 18:21 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2010-12-02 23:30 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2010-12-02 23:30 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2010-12-02 23:30 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-04-05 17:22 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2011-10-25 17:21 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2010-12-02 23:30 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 11:56 - 2012-06-06 18:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 08:36 - 2012-04-29 10:07 - 00011965 ____A C:\Users\Susan\Documents\Examination Schedule.docx
2012-03-30 22:05 - 2012-05-09 03:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 03:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 03:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 03:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 03:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 16:44 - 2011-04-27 11:25 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 16:44 - 2011-04-18 09:18 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-16 23:58 - 2012-05-09 03:07 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3818.9 MB
Available physical RAM: 3130.74 MB
Total Pagefile: 3817.05 MB
Available Pagefile: 3118.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (SGL) (Fixed) (Total:282.99 GB) (Free:223.77 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:2.04 GB) NTFS
4 Drive g: (JBLUSB) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 488 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 282 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SGL NTFS Partition 282 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G JBLUSB FAT32 Removable 488 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 04:13

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 10 June 2012 - 02:00 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 10 June 2012 - 03:20 PM

Hi again Gringo,
Here are the logs you requested:
Thanks

16:10:12.0846 4740 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:10:13.0174 4740 ============================================================
16:10:13.0174 4740 Current date / time: 2012/06/10 16:10:13.0174
16:10:13.0174 4740 SystemInfo:
16:10:13.0174 4740
16:10:13.0174 4740 OS Version: 6.1.7601 ServicePack: 1.0
16:10:13.0174 4740 Product type: Workstation
16:10:13.0174 4740 ComputerName: SGL
16:10:13.0174 4740 UserName: Susan
16:10:13.0174 4740 Windows directory: C:\Windows
16:10:13.0174 4740 System windows directory: C:\Windows
16:10:13.0174 4740 Running under WOW64
16:10:13.0174 4740 Processor architecture: Intel x64
16:10:13.0174 4740 Number of processors: 2
16:10:13.0174 4740 Page size: 0x1000
16:10:13.0174 4740 Boot type: Normal boot
16:10:13.0174 4740 ============================================================
16:10:14.0406 4740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:14.0422 4740 Drive \Device\Harddisk1\DR1 - Size: 0x1E8BE000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:14.0438 4740 ============================================================
16:10:14.0438 4740 \Device\Harddisk0\DR0:
16:10:14.0438 4740 MBR partitions:
16:10:14.0438 4740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
16:10:14.0438 4740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
16:10:14.0438 4740 \Device\Harddisk1\DR1:
16:10:14.0438 4740 MBR partitions:
16:10:14.0438 4740 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xF45B1
16:10:14.0438 4740 ============================================================
16:10:14.0484 4740 C: <-> \Device\Harddisk0\DR0\Partition1
16:10:14.0484 4740 ============================================================
16:10:14.0484 4740 Initialize success
16:10:14.0484 4740 ============================================================
16:10:56.0729 4964 ============================================================
16:10:56.0729 4964 Scan started
16:10:56.0729 4964 Mode: Manual;
16:10:56.0729 4964 ============================================================
16:10:57.0665 4964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:10:57.0665 4964 1394ohci - ok
16:10:57.0712 4964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:10:57.0712 4964 ACPI - ok
16:10:57.0743 4964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:10:57.0743 4964 AcpiPmi - ok
16:10:57.0868 4964 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:57.0884 4964 AdobeFlashPlayerUpdateSvc - ok
16:10:57.0962 4964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:10:57.0962 4964 adp94xx - ok
16:10:58.0024 4964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:10:58.0024 4964 adpahci - ok
16:10:58.0055 4964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:10:58.0055 4964 adpu320 - ok
16:10:58.0087 4964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:10:58.0087 4964 AeLookupSvc - ok
16:10:58.0165 4964 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:10:58.0165 4964 AFD - ok
16:10:58.0196 4964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:10:58.0211 4964 agp440 - ok
16:10:58.0243 4964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:10:58.0258 4964 ALG - ok
16:10:58.0274 4964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:10:58.0289 4964 aliide - ok
16:10:58.0321 4964 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:10:58.0336 4964 AMD External Events Utility - ok
16:10:58.0367 4964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:10:58.0367 4964 amdide - ok
16:10:58.0414 4964 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:10:58.0414 4964 amdiox64 - ok
16:10:58.0445 4964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:10:58.0445 4964 AmdK8 - ok
16:10:59.0054 4964 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:59.0319 4964 amdkmdag - ok
16:10:59.0475 4964 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:59.0475 4964 amdkmdap - ok
16:10:59.0522 4964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:10:59.0522 4964 AmdPPM - ok
16:10:59.0553 4964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:10:59.0569 4964 amdsata - ok
16:10:59.0584 4964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:10:59.0600 4964 amdsbs - ok
16:10:59.0615 4964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:10:59.0615 4964 amdxata - ok
16:10:59.0678 4964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:10:59.0678 4964 AppID - ok
16:10:59.0693 4964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:10:59.0693 4964 AppIDSvc - ok
16:10:59.0740 4964 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:10:59.0740 4964 Appinfo - ok
16:10:59.0834 4964 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:59.0849 4964 Apple Mobile Device - ok
16:10:59.0896 4964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:10:59.0896 4964 arc - ok
16:10:59.0912 4964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:10:59.0912 4964 arcsas - ok
16:10:59.0943 4964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:59.0943 4964 AsyncMac - ok
16:10:59.0974 4964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:10:59.0974 4964 atapi - ok
16:11:00.0146 4964 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
16:11:00.0177 4964 athr - ok
16:11:00.0317 4964 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
16:11:00.0317 4964 AtiHDAudioService - ok
16:11:00.0411 4964 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:11:00.0427 4964 AudioEndpointBuilder - ok
16:11:00.0442 4964 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:11:00.0442 4964 AudioSrv - ok
16:11:00.0489 4964 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:11:00.0489 4964 AxInstSV - ok
16:11:00.0551 4964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:11:00.0567 4964 b06bdrv - ok
16:11:00.0614 4964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:11:00.0629 4964 b57nd60a - ok
16:11:00.0676 4964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:11:00.0676 4964 BDESVC - ok
16:11:00.0707 4964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:11:00.0707 4964 Beep - ok
16:11:00.0785 4964 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:11:00.0801 4964 BFE - ok
16:11:00.0863 4964 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:11:00.0879 4964 BITS - ok
16:11:00.0957 4964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:11:00.0957 4964 blbdrive - ok
16:11:01.0066 4964 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:11:01.0066 4964 Bonjour Service - ok
16:11:01.0129 4964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:11:01.0129 4964 bowser - ok
16:11:01.0160 4964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:11:01.0175 4964 BrFiltLo - ok
16:11:01.0175 4964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:11:01.0191 4964 BrFiltUp - ok
16:11:01.0222 4964 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:11:01.0222 4964 BridgeMP - ok
16:11:01.0253 4964 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:11:01.0253 4964 Browser - ok
16:11:01.0300 4964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:11:01.0316 4964 Brserid - ok
16:11:01.0347 4964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:11:01.0347 4964 BrSerWdm - ok
16:11:01.0363 4964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:11:01.0363 4964 BrUsbMdm - ok
16:11:01.0378 4964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:11:01.0378 4964 BrUsbSer - ok
16:11:01.0409 4964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:11:01.0409 4964 BTHMODEM - ok
16:11:01.0441 4964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:11:01.0441 4964 bthserv - ok
16:11:01.0472 4964 catchme - ok
16:11:01.0519 4964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:11:01.0519 4964 cdfs - ok
16:11:01.0565 4964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:11:01.0565 4964 cdrom - ok
16:11:01.0612 4964 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:11:01.0612 4964 CertPropSvc - ok
16:11:01.0628 4964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:11:01.0628 4964 circlass - ok
16:11:01.0675 4964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:11:01.0675 4964 CLFS - ok
16:11:01.0753 4964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:01.0753 4964 clr_optimization_v2.0.50727_32 - ok
16:11:01.0815 4964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:11:01.0815 4964 clr_optimization_v2.0.50727_64 - ok
16:11:01.0893 4964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:01.0893 4964 clr_optimization_v4.0.30319_32 - ok
16:11:01.0924 4964 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:11:01.0924 4964 clr_optimization_v4.0.30319_64 - ok
16:11:01.0971 4964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:11:01.0971 4964 CmBatt - ok
16:11:02.0002 4964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:11:02.0002 4964 cmdide - ok
16:11:02.0049 4964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:11:02.0065 4964 CNG - ok
16:11:02.0189 4964 CnxtHdAudService (78ac76700d37a98b5badb19d57301bd6) C:\Windows\system32\drivers\CHDRT64.sys
16:11:02.0205 4964 CnxtHdAudService - ok
16:11:02.0330 4964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:11:02.0330 4964 Compbatt - ok
16:11:02.0361 4964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:11:02.0361 4964 CompositeBus - ok
16:11:02.0377 4964 COMSysApp - ok
16:11:02.0408 4964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:11:02.0408 4964 crcdisk - ok
16:11:02.0439 4964 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:11:02.0455 4964 CryptSvc - ok
16:11:02.0486 4964 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
16:11:02.0501 4964 dc3d - ok
16:11:02.0548 4964 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:11:02.0564 4964 DcomLaunch - ok
16:11:02.0626 4964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:11:02.0626 4964 defragsvc - ok
16:11:02.0673 4964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:11:02.0673 4964 DfsC - ok
16:11:02.0735 4964 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:11:02.0735 4964 Dhcp - ok
16:11:02.0767 4964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:11:02.0767 4964 discache - ok
16:11:02.0813 4964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:11:02.0829 4964 Disk - ok
16:11:02.0860 4964 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:11:02.0860 4964 Dnscache - ok
16:11:02.0907 4964 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:11:02.0907 4964 dot3svc - ok
16:11:02.0938 4964 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:11:02.0938 4964 DPS - ok
16:11:02.0985 4964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:11:02.0985 4964 drmkaud - ok
16:11:03.0047 4964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:11:03.0063 4964 DXGKrnl - ok
16:11:03.0094 4964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:11:03.0094 4964 EapHost - ok
16:11:03.0297 4964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:11:03.0344 4964 ebdrv - ok
16:11:03.0453 4964 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:11:03.0453 4964 EFS - ok
16:11:03.0547 4964 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:11:03.0547 4964 EgisTec Ticket Service - ok
16:11:03.0656 4964 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:11:03.0671 4964 ehRecvr - ok
16:11:03.0703 4964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:11:03.0703 4964 ehSched - ok
16:11:03.0796 4964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:11:03.0812 4964 elxstor - ok
16:11:03.0843 4964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:11:03.0843 4964 ErrDev - ok
16:11:03.0921 4964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:11:03.0921 4964 EventSystem - ok
16:11:03.0952 4964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:11:03.0952 4964 exfat - ok
16:11:03.0999 4964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:11:03.0999 4964 fastfat - ok
16:11:04.0093 4964 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:11:04.0108 4964 Fax - ok
16:11:04.0124 4964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:11:04.0139 4964 fdc - ok
16:11:04.0155 4964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:11:04.0155 4964 fdPHost - ok
16:11:04.0155 4964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:11:04.0171 4964 FDResPub - ok
16:11:04.0171 4964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:11:04.0186 4964 FileInfo - ok
16:11:04.0202 4964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:11:04.0202 4964 Filetrace - ok
16:11:04.0311 4964 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:11:04.0327 4964 FLEXnet Licensing Service - ok
16:11:04.0358 4964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:11:04.0358 4964 flpydisk - ok
16:11:04.0405 4964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:11:04.0405 4964 FltMgr - ok
16:11:04.0498 4964 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:11:04.0514 4964 FontCache - ok
16:11:04.0607 4964 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:11:04.0607 4964 FontCache3.0.0.0 - ok
16:11:04.0670 4964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:11:04.0670 4964 FsDepends - ok
16:11:04.0685 4964 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:11:04.0701 4964 Fs_Rec - ok
16:11:04.0748 4964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:11:04.0748 4964 fvevol - ok
16:11:04.0779 4964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:11:04.0795 4964 gagp30kx - ok
16:11:04.0857 4964 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:11:04.0873 4964 gpsvc - ok
16:11:04.0904 4964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:11:04.0919 4964 hcw85cir - ok
16:11:04.0951 4964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:11:04.0966 4964 HdAudAddService - ok
16:11:04.0997 4964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:11:04.0997 4964 HDAudBus - ok
16:11:05.0029 4964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:11:05.0029 4964 HidBatt - ok
16:11:05.0044 4964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:11:05.0044 4964 HidBth - ok
16:11:05.0075 4964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:11:05.0075 4964 HidIr - ok
16:11:05.0107 4964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:11:05.0107 4964 hidserv - ok
16:11:05.0138 4964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:11:05.0153 4964 HidUsb - ok
16:11:05.0169 4964 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:11:05.0185 4964 hkmsvc - ok
16:11:05.0216 4964 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:11:05.0216 4964 HomeGroupListener - ok
16:11:05.0247 4964 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:11:05.0247 4964 HomeGroupProvider - ok
16:11:05.0278 4964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:11:05.0278 4964 HpSAMD - ok
16:11:05.0419 4964 HPSLPSVC (5ecec779312ad35b1b19951a4b53fac1) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:11:05.0434 4964 HPSLPSVC - ok
16:11:05.0497 4964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:11:05.0512 4964 HTTP - ok
16:11:05.0543 4964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:11:05.0543 4964 hwpolicy - ok
16:11:05.0590 4964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:11:05.0590 4964 i8042prt - ok
16:11:05.0653 4964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:11:05.0653 4964 iaStorV - ok
16:11:05.0824 4964 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:11:05.0840 4964 idsvc - ok
16:11:05.0887 4964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:11:05.0887 4964 iirsp - ok
16:11:05.0965 4964 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:11:05.0980 4964 IKEEXT - ok
16:11:06.0027 4964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:11:06.0027 4964 intelide - ok
16:11:06.0058 4964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:11:06.0074 4964 intelppm - ok
16:11:06.0105 4964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:11:06.0105 4964 IPBusEnum - ok
16:11:06.0152 4964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:11:06.0152 4964 IpFilterDriver - ok
16:11:06.0199 4964 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:11:06.0214 4964 iphlpsvc - ok
16:11:06.0245 4964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:11:06.0245 4964 IPMIDRV - ok
16:11:06.0308 4964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:11:06.0308 4964 IPNAT - ok
16:11:06.0339 4964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:11:06.0339 4964 IRENUM - ok
16:11:06.0355 4964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:11:06.0355 4964 isapnp - ok
16:11:06.0401 4964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:11:06.0401 4964 iScsiPrt - ok
16:11:06.0433 4964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:11:06.0433 4964 kbdclass - ok
16:11:06.0464 4964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:11:06.0464 4964 kbdhid - ok
16:11:06.0479 4964 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:06.0495 4964 KeyIso - ok
16:11:06.0511 4964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:11:06.0511 4964 KSecDD - ok
16:11:06.0542 4964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:11:06.0542 4964 KSecPkg - ok
16:11:06.0573 4964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:11:06.0573 4964 ksthunk - ok
16:11:06.0620 4964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:11:06.0635 4964 KtmRm - ok
16:11:06.0682 4964 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:11:06.0682 4964 L1C - ok
16:11:06.0729 4964 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:11:06.0745 4964 LanmanServer - ok
16:11:06.0776 4964 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:11:06.0791 4964 LanmanWorkstation - ok
16:11:06.0838 4964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:11:06.0838 4964 lltdio - ok
16:11:06.0885 4964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:11:06.0901 4964 lltdsvc - ok
16:11:06.0916 4964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:11:06.0916 4964 lmhosts - ok
16:11:06.0963 4964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:11:06.0979 4964 LSI_FC - ok
16:11:06.0979 4964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:11:06.0994 4964 LSI_SAS - ok
16:11:07.0010 4964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:11:07.0010 4964 LSI_SAS2 - ok
16:11:07.0025 4964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:11:07.0025 4964 LSI_SCSI - ok
16:11:07.0057 4964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:11:07.0057 4964 luafv - ok
16:11:07.0088 4964 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:11:07.0088 4964 Mcx2Svc - ok
16:11:07.0103 4964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:11:07.0103 4964 megasas - ok
16:11:07.0135 4964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:11:07.0135 4964 MegaSR - ok
16:11:07.0166 4964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:11:07.0166 4964 MMCSS - ok
16:11:07.0181 4964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:11:07.0181 4964 Modem - ok
16:11:07.0228 4964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:11:07.0228 4964 monitor - ok
16:11:07.0259 4964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:11:07.0275 4964 mouclass - ok
16:11:07.0306 4964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:11:07.0306 4964 mouhid - ok
16:11:07.0337 4964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:11:07.0337 4964 mountmgr - ok
16:11:07.0400 4964 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:11:07.0400 4964 MpFilter - ok
16:11:07.0431 4964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:11:07.0431 4964 mpio - ok
16:11:07.0478 4964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:11:07.0478 4964 mpsdrv - ok
16:11:07.0556 4964 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:11:07.0571 4964 MpsSvc - ok
16:11:07.0618 4964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:11:07.0618 4964 MRxDAV - ok
16:11:07.0649 4964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:07.0649 4964 mrxsmb - ok
16:11:07.0681 4964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:07.0681 4964 mrxsmb10 - ok
16:11:07.0712 4964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:07.0712 4964 mrxsmb20 - ok
16:11:07.0743 4964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:11:07.0743 4964 msahci - ok
16:11:07.0774 4964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:11:07.0790 4964 msdsm - ok
16:11:07.0821 4964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:11:07.0821 4964 MSDTC - ok
16:11:07.0868 4964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:11:07.0868 4964 Msfs - ok
16:11:07.0899 4964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:11:07.0899 4964 mshidkmdf - ok
16:11:07.0915 4964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:11:07.0915 4964 msisadrv - ok
16:11:07.0977 4964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:11:07.0977 4964 MSiSCSI - ok
16:11:07.0993 4964 msiserver - ok
16:11:08.0039 4964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:11:08.0039 4964 MSKSSRV - ok
16:11:08.0134 4964 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:11:08.0134 4964 MsMpSvc - ok
16:11:08.0150 4964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:08.0165 4964 MSPCLOCK - ok
16:11:08.0196 4964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:11:08.0196 4964 MSPQM - ok
16:11:08.0243 4964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:11:08.0259 4964 MsRPC - ok
16:11:08.0290 4964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:11:08.0306 4964 mssmbios - ok
16:11:08.0321 4964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:11:08.0337 4964 MSTEE - ok
16:11:08.0352 4964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:11:08.0352 4964 MTConfig - ok
16:11:08.0368 4964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:11:08.0384 4964 Mup - ok
16:11:08.0399 4964 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:11:08.0415 4964 mwlPSDFilter - ok
16:11:08.0415 4964 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:11:08.0415 4964 mwlPSDNServ - ok
16:11:08.0430 4964 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:11:08.0430 4964 mwlPSDVDisk - ok
16:11:08.0493 4964 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:11:08.0508 4964 napagent - ok
16:11:08.0571 4964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:11:08.0571 4964 NativeWifiP - ok
16:11:08.0680 4964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:11:08.0696 4964 NDIS - ok
16:11:08.0727 4964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:11:08.0727 4964 NdisCap - ok
16:11:08.0758 4964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:08.0758 4964 NdisTapi - ok
16:11:08.0805 4964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:08.0820 4964 Ndisuio - ok
16:11:08.0852 4964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:08.0852 4964 NdisWan - ok
16:11:08.0883 4964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:11:08.0883 4964 NDProxy - ok
16:11:08.0930 4964 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
16:11:08.0930 4964 Net Driver HPZ12 - ok
16:11:08.0976 4964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:11:08.0976 4964 NetBIOS - ok
16:11:09.0023 4964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:11:09.0023 4964 NetBT - ok
16:11:09.0054 4964 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:09.0054 4964 Netlogon - ok
16:11:09.0117 4964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:11:09.0117 4964 Netman - ok
16:11:09.0164 4964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:11:09.0179 4964 netprofm - ok
16:11:09.0257 4964 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:09.0257 4964 NetTcpPortSharing - ok
16:11:09.0320 4964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:11:09.0320 4964 nfrd960 - ok
16:11:09.0382 4964 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:11:09.0382 4964 NisDrv - ok
16:11:09.0460 4964 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:11:09.0476 4964 NisSrv - ok
16:11:09.0522 4964 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:11:09.0538 4964 NlaSvc - ok
16:11:09.0554 4964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:11:09.0554 4964 Npfs - ok
16:11:09.0569 4964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:11:09.0585 4964 nsi - ok
16:11:09.0600 4964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:11:09.0616 4964 nsiproxy - ok
16:11:09.0741 4964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:11:09.0772 4964 Ntfs - ok
16:11:09.0850 4964 NTI IScheduleSvc (8f59a2506af43f96f5397b3c79938ae9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
16:11:09.0866 4964 NTI IScheduleSvc - ok
16:11:10.0006 4964 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
16:11:10.0006 4964 NTIDrvr - ok
16:11:10.0022 4964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:11:10.0022 4964 Null - ok
16:11:10.0068 4964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:11:10.0068 4964 nvraid - ok
16:11:10.0084 4964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:11:10.0100 4964 nvstor - ok
16:11:10.0131 4964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:11:10.0131 4964 nv_agp - ok
16:11:10.0256 4964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:11:10.0256 4964 odserv - ok
16:11:10.0287 4964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:11:10.0287 4964 ohci1394 - ok
16:11:10.0349 4964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:10.0349 4964 ose - ok
16:11:10.0396 4964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:11:10.0396 4964 p2pimsvc - ok
16:11:10.0443 4964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:11:10.0458 4964 p2psvc - ok
16:11:10.0490 4964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:11:10.0490 4964 Parport - ok
16:11:10.0536 4964 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:11:10.0536 4964 partmgr - ok
16:11:10.0552 4964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:11:10.0552 4964 PcaSvc - ok
16:11:10.0599 4964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:11:10.0599 4964 pci - ok
16:11:10.0614 4964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:11:10.0614 4964 pciide - ok
16:11:10.0630 4964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:11:10.0646 4964 pcmcia - ok
16:11:10.0661 4964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:11:10.0661 4964 pcw - ok
16:11:10.0708 4964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:11:10.0724 4964 PEAUTH - ok
16:11:10.0802 4964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:11:10.0802 4964 PerfHost - ok
16:11:10.0926 4964 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:11:10.0958 4964 pla - ok
16:11:11.0020 4964 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:11:11.0020 4964 PlugPlay - ok
16:11:11.0051 4964 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
16:11:11.0067 4964 Pml Driver HPZ12 - ok
16:11:11.0098 4964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:11:11.0098 4964 PNRPAutoReg - ok
16:11:11.0129 4964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:11:11.0129 4964 PNRPsvc - ok
16:11:11.0207 4964 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:11:11.0207 4964 Point64 - ok
16:11:11.0270 4964 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:11:11.0270 4964 PolicyAgent - ok
16:11:11.0316 4964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:11:11.0316 4964 Power - ok
16:11:11.0363 4964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:11:11.0363 4964 PptpMiniport - ok
16:11:11.0394 4964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:11:11.0394 4964 Processor - ok
16:11:11.0441 4964 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:11:11.0441 4964 ProfSvc - ok
16:11:11.0472 4964 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:11.0472 4964 ProtectedStorage - ok
16:11:11.0519 4964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:11:11.0519 4964 Psched - ok
16:11:11.0628 4964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:11:11.0644 4964 ql2300 - ok
16:11:11.0784 4964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:11:11.0784 4964 ql40xx - ok
16:11:11.0847 4964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:11:11.0862 4964 QWAVE - ok
16:11:11.0894 4964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:11:11.0894 4964 QWAVEdrv - ok
16:11:11.0909 4964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:11:11.0909 4964 RasAcd - ok
16:11:11.0956 4964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:11.0956 4964 RasAgileVpn - ok
16:11:11.0972 4964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:11:11.0972 4964 RasAuto - ok
16:11:12.0003 4964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:12.0018 4964 Rasl2tp - ok
16:11:12.0050 4964 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:11:12.0065 4964 RasMan - ok
16:11:12.0081 4964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:12.0081 4964 RasPppoe - ok
16:11:12.0112 4964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:11:12.0112 4964 RasSstp - ok
16:11:12.0159 4964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:11:12.0159 4964 rdbss - ok
16:11:12.0190 4964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:12.0190 4964 rdpbus - ok
16:11:12.0206 4964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:12.0206 4964 RDPCDD - ok
16:11:12.0237 4964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:11:12.0252 4964 RDPENCDD - ok
16:11:12.0268 4964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:11:12.0268 4964 RDPREFMP - ok
16:11:12.0299 4964 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:11:12.0299 4964 RDPWD - ok
16:11:12.0346 4964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:11:12.0346 4964 rdyboost - ok
16:11:12.0393 4964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:11:12.0393 4964 RemoteAccess - ok
16:11:12.0440 4964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:11:12.0440 4964 RemoteRegistry - ok
16:11:12.0471 4964 RimUsb - ok
16:11:12.0533 4964 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:11:12.0533 4964 RimVSerPort - ok
16:11:12.0564 4964 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:11:12.0580 4964 ROOTMODEM - ok
16:11:12.0611 4964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:11:12.0611 4964 RpcEptMapper - ok
16:11:12.0642 4964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:11:12.0642 4964 RpcLocator - ok
16:11:12.0705 4964 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:11:12.0705 4964 RpcSs - ok
16:11:12.0752 4964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:11:12.0752 4964 rspndr - ok
16:11:12.0830 4964 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
16:11:12.0830 4964 RSUSBSTOR - ok
16:11:12.0861 4964 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:12.0861 4964 SamSs - ok
16:11:12.0908 4964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:11:12.0908 4964 sbp2port - ok
16:11:12.0954 4964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:11:12.0954 4964 SCardSvr - ok
16:11:12.0986 4964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:11:12.0986 4964 scfilter - ok
16:11:13.0079 4964 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:11:13.0095 4964 Schedule - ok
16:11:13.0126 4964 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:11:13.0126 4964 SCPolicySvc - ok
16:11:13.0157 4964 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:11:13.0157 4964 SDRSVC - ok
16:11:13.0220 4964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:11:13.0220 4964 secdrv - ok
16:11:13.0251 4964 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:11:13.0251 4964 seclogon - ok
16:11:13.0298 4964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:11:13.0298 4964 SENS - ok
16:11:13.0313 4964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:11:13.0313 4964 SensrSvc - ok
16:11:13.0344 4964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:11:13.0344 4964 Serenum - ok
16:11:13.0360 4964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:11:13.0360 4964 Serial - ok
16:11:13.0391 4964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:11:13.0391 4964 sermouse - ok
16:11:13.0454 4964 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:11:13.0454 4964 SessionEnv - ok
16:11:13.0485 4964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:11:13.0485 4964 sffdisk - ok
16:11:13.0500 4964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:11:13.0500 4964 sffp_mmc - ok
16:11:13.0500 4964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:11:13.0516 4964 sffp_sd - ok
16:11:13.0547 4964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:11:13.0547 4964 sfloppy - ok
16:11:13.0594 4964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:11:13.0610 4964 SharedAccess - ok
16:11:13.0656 4964 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:11:13.0672 4964 ShellHWDetection - ok
16:11:13.0688 4964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:11:13.0688 4964 SiSRaid2 - ok
16:11:13.0719 4964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:11:13.0719 4964 SiSRaid4 - ok
16:11:13.0750 4964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:11:13.0750 4964 Smb - ok
16:11:13.0797 4964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:11:13.0797 4964 SNMPTRAP - ok
16:11:13.0844 4964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:11:13.0844 4964 spldr - ok
16:11:13.0922 4964 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:11:13.0922 4964 Spooler - ok
16:11:14.0171 4964 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:11:14.0234 4964 sppsvc - ok
16:11:14.0358 4964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:11:14.0374 4964 sppuinotify - ok
16:11:14.0421 4964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:11:14.0436 4964 srv - ok
16:11:14.0499 4964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:11:14.0499 4964 srv2 - ok
16:11:14.0530 4964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:11:14.0530 4964 srvnet - ok
16:11:14.0592 4964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:11:14.0592 4964 SSDPSRV - ok
16:11:14.0624 4964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:11:14.0624 4964 SstpSvc - ok
16:11:14.0670 4964 Steam Client Service - ok
16:11:14.0702 4964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:11:14.0702 4964 stexstor - ok
16:11:14.0748 4964 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:11:14.0748 4964 StillCam - ok
16:11:14.0811 4964 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:11:14.0811 4964 stisvc - ok
16:11:14.0842 4964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:11:14.0842 4964 swenum - ok
16:11:14.0904 4964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:11:14.0920 4964 swprv - ok
16:11:15.0029 4964 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
16:11:15.0045 4964 SynTP - ok
16:11:15.0232 4964 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:11:15.0263 4964 SysMain - ok
16:11:15.0388 4964 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:11:15.0388 4964 TabletInputService - ok
16:11:15.0435 4964 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:11:15.0435 4964 TapiSrv - ok
16:11:15.0482 4964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:11:15.0482 4964 TBS - ok
16:11:15.0622 4964 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:11:15.0653 4964 Tcpip - ok
16:11:15.0887 4964 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:11:15.0903 4964 TCPIP6 - ok
16:11:16.0028 4964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:11:16.0028 4964 tcpipreg - ok
16:11:16.0074 4964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:11:16.0074 4964 TDPIPE - ok
16:11:16.0106 4964 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:11:16.0106 4964 TDTCP - ok
16:11:16.0137 4964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:11:16.0137 4964 tdx - ok
16:11:16.0168 4964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:11:16.0168 4964 TermDD - ok
16:11:16.0230 4964 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:11:16.0246 4964 TermService - ok
16:11:16.0262 4964 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:11:16.0277 4964 Themes - ok
16:11:16.0308 4964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:11:16.0308 4964 THREADORDER - ok
16:11:16.0324 4964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:11:16.0324 4964 TrkWks - ok
16:11:16.0386 4964 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:11:16.0386 4964 TrustedInstaller - ok
16:11:16.0433 4964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:16.0433 4964 tssecsrv - ok
16:11:16.0480 4964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:11:16.0496 4964 TsUsbFlt - ok
16:11:16.0542 4964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:11:16.0558 4964 tunnel - ok
16:11:16.0589 4964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:11:16.0589 4964 uagp35 - ok
16:11:16.0605 4964 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
16:11:16.0605 4964 UBHelper - ok
16:11:16.0652 4964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:11:16.0667 4964 udfs - ok
16:11:16.0714 4964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:11:16.0714 4964 UI0Detect - ok
16:11:16.0745 4964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:11:16.0745 4964 uliagpkx - ok
16:11:16.0792 4964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:11:16.0792 4964 umbus - ok
16:11:16.0823 4964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:11:16.0823 4964 UmPass - ok
16:11:16.0870 4964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:11:16.0870 4964 upnphost - ok
16:11:16.0901 4964 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:11:16.0901 4964 USBAAPL64 - ok
16:11:16.0932 4964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:16.0948 4964 usbccgp - ok
16:11:16.0979 4964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:11:16.0979 4964 usbcir - ok
16:11:17.0010 4964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:11:17.0010 4964 usbehci - ok
16:11:17.0057 4964 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
16:11:17.0057 4964 usbfilter - ok
16:11:17.0104 4964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:11:17.0104 4964 usbhub - ok
16:11:17.0120 4964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:11:17.0120 4964 usbohci - ok
16:11:17.0151 4964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:11:17.0151 4964 usbprint - ok
16:11:17.0198 4964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:17.0198 4964 USBSTOR - ok
16:11:17.0213 4964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:11:17.0229 4964 usbuhci - ok
16:11:17.0260 4964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:11:17.0276 4964 usbvideo - ok
16:11:17.0307 4964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:11:17.0307 4964 UxSms - ok
16:11:17.0338 4964 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:17.0338 4964 VaultSvc - ok
16:11:17.0385 4964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:11:17.0385 4964 vdrvroot - ok
16:11:17.0447 4964 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:11:17.0463 4964 vds - ok
16:11:17.0494 4964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:17.0494 4964 vga - ok
16:11:17.0525 4964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:11:17.0525 4964 VgaSave - ok
16:11:17.0572 4964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:11:17.0572 4964 vhdmp - ok
16:11:17.0603 4964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:11:17.0603 4964 viaide - ok
16:11:17.0634 4964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:11:17.0634 4964 volmgr - ok
16:11:17.0681 4964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:11:17.0681 4964 volmgrx - ok
16:11:17.0712 4964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:11:17.0712 4964 volsnap - ok
16:11:17.0759 4964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:11:17.0759 4964 vsmraid - ok
16:11:17.0884 4964 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:11:17.0915 4964 VSS - ok
16:11:18.0009 4964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:11:18.0024 4964 vwifibus - ok
16:11:18.0040 4964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:11:18.0040 4964 vwififlt - ok
16:11:18.0102 4964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:11:18.0102 4964 vwifimp - ok
16:11:18.0149 4964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:11:18.0165 4964 W32Time - ok
16:11:18.0196 4964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:11:18.0196 4964 WacomPen - ok
16:11:18.0227 4964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:18.0227 4964 WANARP - ok
16:11:18.0243 4964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:18.0243 4964 Wanarpv6 - ok
16:11:18.0399 4964 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:18.0430 4964 WatAdminSvc - ok
16:11:18.0539 4964 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:11:18.0555 4964 wbengine - ok
16:11:18.0695 4964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:11:18.0695 4964 WbioSrvc - ok
16:11:18.0758 4964 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:11:18.0758 4964 wcncsvc - ok
16:11:18.0789 4964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:11:18.0789 4964 WcsPlugInService - ok
16:11:18.0820 4964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:11:18.0836 4964 Wd - ok
16:11:18.0882 4964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:11:18.0898 4964 Wdf01000 - ok
16:11:18.0929 4964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:18.0929 4964 WdiServiceHost - ok
16:11:18.0945 4964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:18.0945 4964 WdiSystemHost - ok
16:11:18.0976 4964 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:11:18.0976 4964 WebClient - ok
16:11:19.0023 4964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:11:19.0023 4964 Wecsvc - ok
16:11:19.0054 4964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:11:19.0054 4964 wercplsupport - ok
16:11:19.0101 4964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:11:19.0101 4964 WerSvc - ok
16:11:19.0163 4964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:19.0163 4964 WfpLwf - ok
16:11:19.0194 4964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:11:19.0194 4964 WIMMount - ok
16:11:19.0241 4964 WinDefend - ok
16:11:19.0257 4964 WinHttpAutoProxySvc - ok
16:11:19.0335 4964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:11:19.0335 4964 Winmgmt - ok
16:11:19.0506 4964 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:11:19.0538 4964 WinRM - ok
16:11:19.0662 4964 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:11:19.0662 4964 WinUsb - ok
16:11:19.0772 4964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:11:19.0787 4964 Wlansvc - ok
16:11:19.0865 4964 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:11:19.0865 4964 wlcrasvc - ok
16:11:20.0084 4964 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:11:20.0115 4964 wlidsvc - ok
16:11:20.0240 4964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:11:20.0240 4964 WmiAcpi - ok
16:11:20.0318 4964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:11:20.0318 4964 wmiApSrv - ok
16:11:20.0364 4964 WMPNetworkSvc - ok
16:11:20.0411 4964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:11:20.0411 4964 WPCSvc - ok
16:11:20.0442 4964 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:11:20.0458 4964 WPDBusEnum - ok
16:11:20.0489 4964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:11:20.0489 4964 ws2ifsl - ok
16:11:20.0505 4964 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:11:20.0505 4964 wscsvc - ok
16:11:20.0552 4964 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:11:20.0552 4964 WSDPrintDevice - ok
16:11:20.0552 4964 WSearch - ok
16:11:20.0723 4964 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:11:20.0754 4964 wuauserv - ok
16:11:20.0895 4964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:11:20.0895 4964 WudfPf - ok
16:11:20.0957 4964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:11:20.0957 4964 WUDFRd - ok
16:11:20.0988 4964 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:11:21.0004 4964 wudfsvc - ok
16:11:21.0051 4964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:11:21.0051 4964 WwanSvc - ok
16:11:21.0098 4964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:11:21.0332 4964 \Device\Harddisk0\DR0 - ok
16:11:21.0347 4964 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
16:11:21.0363 4964 \Device\Harddisk1\DR1 - ok
16:11:21.0378 4964 Boot (0x1200) (19224e138c20e94589524e4c5ba76fcd) \Device\Harddisk0\DR0\Partition0
16:11:21.0378 4964 \Device\Harddisk0\DR0\Partition0 - ok
16:11:21.0394 4964 Boot (0x1200) (206d827215248bc759eb2a99bada2216) \Device\Harddisk0\DR0\Partition1
16:11:21.0394 4964 \Device\Harddisk0\DR0\Partition1 - ok
16:11:21.0394 4964 Boot (0x1200) (a628e67d43aee66c679b5375e97f99bf) \Device\Harddisk1\DR1\Partition0
16:11:21.0410 4964 \Device\Harddisk1\DR1\Partition0 - ok
16:11:21.0410 4964 ============================================================
16:11:21.0410 4964 Scan finished
16:11:21.0410 4964 ============================================================
16:11:21.0425 4956 Detected object count: 0
16:11:21.0425 4956 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 16:13:18
-----------------------------
16:13:18.100 OS Version: Windows x64 6.1.7601 Service Pack 1
16:13:18.100 Number of processors: 2 586 0x100
16:13:18.100 ComputerName: SGL UserName:
16:13:19.457 Initialize success
16:13:58.324 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:13:58.324 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
16:13:58.355 Disk 0 MBR read successfully
16:13:58.355 Disk 0 MBR scan
16:13:58.371 Disk 0 Windows 7 default MBR code
16:13:58.371 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
16:13:58.402 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
16:13:58.402 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
16:13:58.418 Disk 0 scanning C:\Windows\system32\drivers
16:14:04.720 Service scanning
16:14:25.610 Modules scanning
16:14:25.625 Disk 0 trace - called modules:
16:14:25.672 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:14:25.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042e1610]
16:14:25.688 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ddf680]
16:14:25.703 Scan finished successfully
16:14:45.312 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
16:14:45.390 The log file has been saved successfully to "E:\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 10 June 2012 - 03:21 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 10 June 2012 - 04:22 PM

Hi Gringo,
The pc seems to be acting ok now.
Is there any decent add on for IE9 that's good for blocking ads or flash ads?
Here's the combofix log.

ComboFix 12-06-10.01 - Susan 06/10/2012 16:36:01.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2696 [GMT -4:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 22:31 . 2012-06-10 22:33 -------- d-----w- C:\FRST
2012-06-10 20:43 . 2012-06-10 20:43 -------- d-----w- c:\users\grant\AppData\Local\temp
2012-06-10 20:43 . 2012-06-10 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 20:43 . 2012-06-10 20:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-10 05:28 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E4E2281-E426-444B-B140-E83867945B24}\mpengine.dll
2012-06-09 14:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 02:30 . 2012-06-07 02:30 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes
2012-06-07 02:30 . 2012-06-07 02:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 02:30 . 2012-06-08 04:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 02:30 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 06:15 . 2012-04-29 13:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 06:15 . 2012-04-29 13:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-12-03 07:30 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-12-03 07:30 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-12-03 07:30 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-12-03 07:30 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-10-26 01:21 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-31 06:05 . 2012-05-09 11:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 11:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 11:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 03:10 . 2012-05-09 11:08 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 11:07 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 00:44 . 2011-04-27 19:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2011-04-18 17:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-09 11:07 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_03.32.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-02 14:31 . 2012-06-08 11:49 43786 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-10 18:37 42696 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-02 14:58 . 2012-06-08 03:59 3822 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-29 17:59 . 2012-06-10 18:37 3862 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1331892067-743340258-471163912-1008_UserData.bin
+ 2012-06-10 20:44 . 2012-06-10 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 03:31 . 2012-06-08 03:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 03:31 . 2012-06-08 03:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-10 20:44 . 2012-06-10 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-18 22:54 . 2012-06-10 20:09 277108 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-08 02:29 626512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-10 20:11 626512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-10 20:11 107756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-08 02:29 107756 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-10 20:43 406252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-08 03:31 406252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-17 12:58 . 2012-06-08 03:31 2539488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-17 12:58 . 2012-06-10 20:43 2539488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-29 17:56 . 2012-06-10 18:23 23913500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1331892067-743340258-471163912-1008-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 257696]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1338966981&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-10 16:49:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 20:49
ComboFix2.txt 2012-06-08 03:37
.
Pre-Run: 240,236,638,208 bytes free
Post-Run: 239,923,568,640 bytes free
.
- - End Of File - - 684C207F2A6212888515848E5B199D43

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 10 June 2012 - 04:35 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1 MUI [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 10 June 2012 - 08:02 PM

Hello Gringo,
Here are the logs you requested. PC seems to be running ok. IE9 is slow loading stuff but that's cause I stopped cache and eliminate every time I close it.
Thanks again. Peter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Susan :: SGL [administrator]

6/10/2012 8:10:19 PM
mbam-log-2012-06-10 (20-10-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347897
Time elapsed: 41 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:49 PM, on 6/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1338966981&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7169 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 10 June 2012 - 09:38 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 11 June 2012 - 12:16 AM

Hi Gringo,
ESET did not make a log report. It just said that "no threats were found." Things seem to be running well.
Thanks so much. Peter

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 11 June 2012 - 12:29 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Peter424

Peter424
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 11 June 2012 - 05:59 PM

Hi Gringo,
Thanks for helping us out with that trojan.
Everything seems to be running well now.
I especially appreciate you letting us know what you use.
Also, I wish there was some kind of guide for me understanding what files and things are bad when reading a combofix or hijack this log.
Anyway, thank you again for your time and help.
Peter

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 11 June 2012 - 06:25 PM

You are more than welcome and glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:48 PM

Posted 14 June 2012 - 01:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users