Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect by ZeroAccess Rootkit, affecting firefox & IE


  • This topic is locked This topic is locked
24 replies to this topic

#1 Redwing999

Redwing999

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 09 June 2012 - 07:34 PM

Dear Sir/Madam,

I previously posted in the following forum thread asking for help with the google redirect problem stated in this thread's topic:
http://www.bleepingcomputer.com/forums/topic456208.html/page__pid__2723181#entry2723181

Instructions were given by Broni. And after running a series of diagnosis scans listed in the thread above, my computer was diagnosed to have ZeroAccess Rootkit.

I really want to rid this Rootkit thingy, and I followed the following guidelines given by Broni:
http://www.bleepingcomputer.com/forums/topic34773.html

Following the guide, I generated DDS.txt, Attach.txt, and ark.txt, and here I am posting DDS.txt below, with Attach & ark being attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by Alex Koon at 21:33:12 on 2012-06-09
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://solutions.us.fujitsu.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\alex koon\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe
mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe
mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HP Color LaserJet CM2320 MFP Series Fax] c:\program files\hp\hp color laserjet cm2320 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\alexko~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{668C80A2-CCFF-4D2F-926C-C904A15F851A} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{8F2515FC-61D6-47F9-8C46-A3FCFEBD23CA} : DhcpNameServer = 10.1.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex koon\appdata\roaming\mozilla\firefox\profiles\plp4ev3a.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alex koon\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-08 22:58:08 -------- d-----w- c:\users\alex koon\appdata\roaming\Malwarebytes
2012-06-08 22:58:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 22:58:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 22:58:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-06 10:12:09 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-27 21:33:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-25 22:48:35 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{49a9a32f-6a86-4981-b970-fe4c44aebbf6}\mpengine.dll
2012-05-11 15:35:24 -------- d-----w- c:\users\alex koon\appdata\roaming\IrfanView
2012-05-11 15:35:24 -------- d-----w- c:\program files\IrfanView
.
==================== Find3M ====================
.
2012-06-06 10:12:02 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-27 14:19:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-27 14:19:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 04:46:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43:16 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:29:05 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:20:17 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 21:33:40.17 ===============

Please offer some advise on how to solve my google redirect problem (in Firefox & IE, but not chrome) by getting rid of ZeroAccess Rootkit.

Thanks very much for your help.

Best,
Alex

Attached Files


Edited by Redwing999, 09 June 2012 - 07:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 10 June 2012 - 12:33 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 01:38 AM

Hi Gringo,

I have read your whole post, I first ran SecurityCheck.exe as you advised.
While SecurityCheck.exe was in the stage of "Preparing", it encountered an error, and a window came up saying:

Line -1:
Error: Variable must be of type "Object".

After I clicked ok, it goes on and produced the following log:

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
Adobe Flash Player 11.2.202.233
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

I then ran ComboFix as advised. It seems to have deleted a folder called "Brand Affinity Technologies" from Program Files. I do not recall installing any software from that company. ComboFix produced the following log:

ComboFix 12-06-09.02 - Alex Koon 10/06/12 16:14:57.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2995.1843 [GMT 10:00]
Running from: c:\users\Alex Koon\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\users\Alex Koon\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\users\Alex Koon\AppData\Roaming\Malwarebytes
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 22:58 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 10:12 . 2012-06-06 10:12 -------- d-----w- c:\program files\Common Files\Java
2012-06-06 10:12 . 2012-06-06 10:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-27 21:33 . 2012-05-27 21:33 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-25 22:48 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A9A32F-6A86-4981-B970-FE4C44AEBBF6}\mpengine.dll
2012-05-11 15:35 . 2012-05-11 15:35 -------- d-----w- c:\users\Alex Koon\AppData\Roaming\IrfanView
2012-05-11 15:35 . 2012-05-11 15:35 -------- d-----w- c:\program files\IrfanView
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 10:12 . 2011-03-23 22:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-27 14:19 . 2012-04-07 16:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-27 14:19 . 2011-06-14 22:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 04:46 . 2012-05-08 23:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-08 23:18 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43 . 2012-05-08 23:18 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:29 . 2012-05-08 23:18 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:20 . 2012-05-08 23:18 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-03 01:55 . 2011-05-30 23:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-19 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-19 166424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-05-22 24576]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 104960]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 128360]
"FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2009-10-16 107880]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 138088]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 33640]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-10-03 167008]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2009-10-01 143360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-16 19968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Alex Koon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-9 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-15 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-07-20 60576]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-07-15 41632]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 17008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2010-04-20 12776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-27 62824]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-08-27 12800]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 111488]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 5632]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-365268101-1576805569-2491809101-1000Core.job
- c:\users\Alex Koon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:38]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-365268101-1576805569-2491809101-1000UA.job
- c:\users\Alex Koon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Alex Koon\AppData\Roaming\Mozilla\Firefox\Profiles\plp4ev3a.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4100)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Fujitsu\Application Panel\BtnHndHkb.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-10 16:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 06:27
.
Pre-Run: 260,716,953,600 bytes free
Post-Run: 260,946,296,832 bytes free
.
- - End Of File - - 27097C28A680E420512D8AA6E13BD357

I have just tested Google search on Firefox. The redirect problem seems to have gone completely. I hope this is permanent, but I don't know.

Please advise on the next step.

Also, my computer currently do not have any anti-virus. I originally had Norton, but it rendered my computer very slow. What anti-virus, and what other software would you recommend me to install to avoid similar problems in the future?

Thanks for your help, Gringo.

Best,
Alex

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 10 June 2012 - 03:10 AM

Greetings Alex

Also, my computer currently do not have any anti-virus. I originally had Norton, but it rendered my computer very slow. What anti-virus, and what other software would you recommend me to install to avoid similar problems in the future?

I will get you one a little later when we are done (so it does not interfere)

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 08:06 AM

Hi Gringo,

TDSS Killer seems to have found no threat. Here is the report:

22:33:08.0556 2576 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:33:09.0975 2576 ============================================================
22:33:09.0975 2576 Current date / time: 2012/06/10 22:33:09.0975
22:33:09.0975 2576 SystemInfo:
22:33:09.0975 2576
22:33:09.0975 2576 OS Version: 6.1.7600 ServicePack: 0.0
22:33:09.0975 2576 Product type: Workstation
22:33:09.0975 2576 ComputerName: REDWING
22:33:09.0975 2576 UserName: Alex Koon
22:33:09.0975 2576 Windows directory: C:\windows
22:33:09.0975 2576 System windows directory: C:\windows
22:33:09.0975 2576 Processor architecture: Intel x86
22:33:09.0975 2576 Number of processors: 4
22:33:09.0975 2576 Page size: 0x1000
22:33:09.0975 2576 Boot type: Normal boot
22:33:09.0975 2576 ============================================================
22:33:10.0334 2576 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:33:10.0334 2576 ============================================================
22:33:10.0334 2576 \Device\Harddisk0\DR0:
22:33:10.0334 2576 MBR partitions:
22:33:10.0334 2576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x64000
22:33:10.0334 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2064800, BlocksNum 0x2BD90800
22:33:10.0334 2576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2DDF5000, BlocksNum 0xC590800
22:33:10.0334 2576 ============================================================
22:33:10.0350 2576 C: <-> \Device\Harddisk0\DR0\Partition1
22:33:10.0506 2576 D: <-> \Device\Harddisk0\DR0\Partition2
22:33:10.0506 2576 ============================================================
22:33:10.0506 2576 Initialize success
22:33:10.0506 2576 ============================================================
22:33:24.0842 4344 ============================================================
22:33:24.0842 4344 Scan started
22:33:24.0842 4344 Mode: Manual;
22:33:24.0842 4344 ============================================================
22:33:25.0139 4344 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\drivers\1394ohci.sys
22:33:25.0154 4344 1394ohci - ok
22:33:25.0217 4344 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\drivers\ACPI.sys
22:33:25.0217 4344 ACPI - ok
22:33:25.0263 4344 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\drivers\acpipmi.sys
22:33:25.0263 4344 AcpiPmi - ok
22:33:25.0326 4344 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\drivers\adp94xx.sys
22:33:25.0341 4344 adp94xx - ok
22:33:25.0388 4344 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\drivers\adpahci.sys
22:33:25.0404 4344 adpahci - ok
22:33:25.0451 4344 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\drivers\adpu320.sys
22:33:25.0451 4344 adpu320 - ok
22:33:25.0497 4344 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
22:33:25.0497 4344 AeLookupSvc - ok
22:33:25.0575 4344 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
22:33:25.0591 4344 AFD - ok
22:33:25.0653 4344 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
22:33:25.0653 4344 AgereModemAudio - ok
22:33:25.0763 4344 AgereSoftModem (75e3fec5a4aac46fff76ac794c8340ea) C:\windows\system32\DRIVERS\AGRSM.sys
22:33:25.0809 4344 AgereSoftModem - ok
22:33:25.0841 4344 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:33:25.0841 4344 agp440 - ok
22:33:25.0887 4344 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\drivers\djsvs.sys
22:33:25.0887 4344 aic78xx - ok
22:33:25.0934 4344 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
22:33:25.0950 4344 ALG - ok
22:33:25.0981 4344 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:33:25.0981 4344 aliide - ok
22:33:25.0997 4344 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:33:26.0012 4344 amdagp - ok
22:33:26.0028 4344 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:33:26.0028 4344 amdide - ok
22:33:26.0075 4344 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\drivers\amdk8.sys
22:33:26.0075 4344 AmdK8 - ok
22:33:26.0106 4344 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\drivers\amdppm.sys
22:33:26.0106 4344 AmdPPM - ok
22:33:26.0137 4344 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\drivers\amdsata.sys
22:33:26.0137 4344 amdsata - ok
22:33:26.0184 4344 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\drivers\amdsbs.sys
22:33:26.0199 4344 amdsbs - ok
22:33:26.0215 4344 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\drivers\amdxata.sys
22:33:26.0215 4344 amdxata - ok
22:33:26.0246 4344 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
22:33:26.0246 4344 AppID - ok
22:33:26.0309 4344 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
22:33:26.0309 4344 AppIDSvc - ok
22:33:26.0340 4344 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
22:33:26.0340 4344 Appinfo - ok
22:33:26.0449 4344 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:26.0449 4344 Apple Mobile Device - ok
22:33:26.0511 4344 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
22:33:26.0527 4344 AppMgmt - ok
22:33:26.0574 4344 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\drivers\arc.sys
22:33:26.0574 4344 arc - ok
22:33:26.0589 4344 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\drivers\arcsas.sys
22:33:26.0589 4344 arcsas - ok
22:33:26.0636 4344 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:33:26.0636 4344 AsyncMac - ok
22:33:26.0667 4344 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:33:26.0667 4344 atapi - ok
22:33:26.0730 4344 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
22:33:26.0761 4344 AudioEndpointBuilder - ok
22:33:26.0761 4344 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
22:33:26.0777 4344 Audiosrv - ok
22:33:26.0823 4344 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
22:33:26.0839 4344 AxInstSV - ok
22:33:26.0901 4344 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\drivers\bxvbdx.sys
22:33:26.0933 4344 b06bdrv - ok
22:33:26.0979 4344 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:33:27.0011 4344 b57nd60x - ok
22:33:27.0057 4344 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
22:33:27.0057 4344 BDESVC - ok
22:33:27.0089 4344 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:33:27.0089 4344 Beep - ok
22:33:27.0151 4344 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
22:33:27.0182 4344 BFE - ok
22:33:27.0260 4344 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\system32\qmgr.dll
22:33:27.0276 4344 BITS - ok
22:33:27.0323 4344 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\drivers\blbdrive.sys
22:33:27.0323 4344 blbdrive - ok
22:33:27.0463 4344 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:33:27.0463 4344 Bonjour Service - ok
22:33:27.0525 4344 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
22:33:27.0525 4344 bowser - ok
22:33:27.0557 4344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\BrFiltLo.sys
22:33:27.0557 4344 BrFiltLo - ok
22:33:27.0572 4344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\BrFiltUp.sys
22:33:27.0572 4344 BrFiltUp - ok
22:33:27.0603 4344 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
22:33:27.0603 4344 BridgeMP - ok
22:33:27.0635 4344 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
22:33:27.0635 4344 Browser - ok
22:33:27.0681 4344 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:33:27.0697 4344 Brserid - ok
22:33:27.0713 4344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:33:27.0713 4344 BrSerWdm - ok
22:33:27.0744 4344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:33:27.0744 4344 BrUsbMdm - ok
22:33:27.0759 4344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:33:27.0759 4344 BrUsbSer - ok
22:33:27.0806 4344 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:33:27.0806 4344 BthEnum - ok
22:33:27.0837 4344 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\drivers\bthmodem.sys
22:33:27.0837 4344 BTHMODEM - ok
22:33:27.0869 4344 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:33:27.0869 4344 BthPan - ok
22:33:27.0947 4344 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
22:33:27.0962 4344 BTHPORT - ok
22:33:28.0009 4344 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
22:33:28.0009 4344 bthserv - ok
22:33:28.0040 4344 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
22:33:28.0040 4344 BTHUSB - ok
22:33:28.0118 4344 catchme - ok
22:33:28.0165 4344 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:33:28.0165 4344 cdfs - ok
22:33:28.0212 4344 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
22:33:28.0212 4344 cdrom - ok
22:33:28.0243 4344 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
22:33:28.0259 4344 CertPropSvc - ok
22:33:28.0290 4344 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\drivers\circlass.sys
22:33:28.0290 4344 circlass - ok
22:33:28.0321 4344 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:33:28.0321 4344 CLFS - ok
22:33:28.0383 4344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:28.0383 4344 clr_optimization_v2.0.50727_32 - ok
22:33:28.0508 4344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:28.0508 4344 clr_optimization_v4.0.30319_32 - ok
22:33:28.0539 4344 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\drivers\CmBatt.sys
22:33:28.0539 4344 CmBatt - ok
22:33:28.0555 4344 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:33:28.0571 4344 cmdide - ok
22:33:28.0633 4344 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
22:33:28.0649 4344 CNG - ok
22:33:28.0695 4344 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\drivers\compbatt.sys
22:33:28.0695 4344 Compbatt - ok
22:33:28.0742 4344 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\drivers\CompositeBus.sys
22:33:28.0742 4344 CompositeBus - ok
22:33:28.0742 4344 COMSysApp - ok
22:33:28.0773 4344 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\drivers\crcdisk.sys
22:33:28.0773 4344 crcdisk - ok
22:33:28.0805 4344 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
22:33:28.0805 4344 CryptSvc - ok
22:33:28.0867 4344 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
22:33:28.0883 4344 CSC - ok
22:33:28.0945 4344 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\windows\System32\cscsvc.dll
22:33:28.0945 4344 CscService - ok
22:33:29.0054 4344 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
22:33:29.0054 4344 DcomLaunch - ok
22:33:29.0117 4344 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
22:33:29.0132 4344 defragsvc - ok
22:33:29.0210 4344 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
22:33:29.0210 4344 DfsC - ok
22:33:29.0257 4344 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
22:33:29.0273 4344 Dhcp - ok
22:33:29.0288 4344 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:33:29.0288 4344 discache - ok
22:33:29.0335 4344 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\drivers\disk.sys
22:33:29.0351 4344 Disk - ok
22:33:29.0382 4344 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
22:33:29.0382 4344 Dnscache - ok
22:33:29.0444 4344 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
22:33:29.0444 4344 dot3svc - ok
22:33:29.0475 4344 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
22:33:29.0491 4344 DPS - ok
22:33:29.0507 4344 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:33:29.0507 4344 drmkaud - ok
22:33:29.0585 4344 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
22:33:29.0600 4344 DXGKrnl - ok
22:33:29.0647 4344 e1kexpress (bfd58de8912eab4f9995a8add08bc51c) C:\windows\system32\DRIVERS\e1k6232.sys
22:33:29.0663 4344 e1kexpress - ok
22:33:29.0694 4344 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
22:33:29.0709 4344 EapHost - ok
22:33:29.0959 4344 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\drivers\evbdx.sys
22:33:30.0037 4344 ebdrv - ok
22:33:30.0193 4344 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
22:33:30.0193 4344 EFS - ok
22:33:30.0287 4344 ehRecvr (bc667d6c0a8a857caba77818f1a953fd) C:\windows\ehome\ehRecvr.exe
22:33:30.0302 4344 ehRecvr - ok
22:33:30.0349 4344 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
22:33:30.0349 4344 ehSched - ok
22:33:30.0427 4344 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\drivers\elxstor.sys
22:33:30.0443 4344 elxstor - ok
22:33:30.0458 4344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:33:30.0458 4344 ErrDev - ok
22:33:30.0505 4344 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
22:33:30.0521 4344 EventSystem - ok
22:33:30.0552 4344 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:33:30.0552 4344 exfat - ok
22:33:30.0583 4344 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:33:30.0583 4344 fastfat - ok
22:33:30.0661 4344 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
22:33:30.0677 4344 Fax - ok
22:33:30.0708 4344 FBIOSDRV (22ec3b0ea37cdf4355ae627004f3103c) C:\windows\system32\Drivers\FBIOSDRV.sys
22:33:30.0708 4344 FBIOSDRV - ok
22:33:30.0739 4344 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\drivers\fdc.sys
22:33:30.0739 4344 fdc - ok
22:33:30.0770 4344 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
22:33:30.0770 4344 fdPHost - ok
22:33:30.0786 4344 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
22:33:30.0786 4344 FDResPub - ok
22:33:30.0801 4344 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:33:30.0801 4344 FileInfo - ok
22:33:30.0817 4344 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:33:30.0817 4344 Filetrace - ok
22:33:30.0848 4344 FJGSDisk (1f2918e7ffb62d21fefba43b0f943f6b) C:\windows\system32\DRIVERS\FJGSDisk.sys
22:33:30.0848 4344 FJGSDisk - ok
22:33:30.0879 4344 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\drivers\flpydisk.sys
22:33:30.0879 4344 flpydisk - ok
22:33:30.0911 4344 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:33:30.0926 4344 FltMgr - ok
22:33:30.0989 4344 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\windows\system32\FntCache.dll
22:33:31.0004 4344 FontCache - ok
22:33:31.0067 4344 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:33:31.0067 4344 FontCache3.0.0.0 - ok
22:33:31.0113 4344 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:33:31.0113 4344 FsDepends - ok
22:33:31.0145 4344 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
22:33:31.0145 4344 Fs_Rec - ok
22:33:31.0176 4344 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\windows\system32\drivers\FUJ02B1.sys
22:33:31.0176 4344 FUJ02B1 - ok
22:33:31.0238 4344 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\windows\system32\drivers\FUJ02E3.sys
22:33:31.0238 4344 FUJ02E3 - ok
22:33:31.0301 4344 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
22:33:31.0301 4344 fvevol - ok
22:33:31.0332 4344 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\drivers\gagp30kx.sys
22:33:31.0347 4344 gagp30kx - ok
22:33:31.0394 4344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:31.0394 4344 GEARAspiWDM - ok
22:33:31.0472 4344 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
22:33:31.0472 4344 gpsvc - ok
22:33:31.0503 4344 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:33:31.0503 4344 hcw85cir - ok
22:33:31.0566 4344 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
22:33:31.0581 4344 HdAudAddService - ok
22:33:31.0613 4344 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\drivers\HDAudBus.sys
22:33:31.0613 4344 HDAudBus - ok
22:33:31.0644 4344 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\drivers\HECI.sys
22:33:31.0644 4344 HECI - ok
22:33:31.0675 4344 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\drivers\HidBatt.sys
22:33:31.0675 4344 HidBatt - ok
22:33:31.0691 4344 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\drivers\hidbth.sys
22:33:31.0691 4344 HidBth - ok
22:33:31.0722 4344 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\drivers\hidir.sys
22:33:31.0722 4344 HidIr - ok
22:33:31.0753 4344 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
22:33:31.0753 4344 hidserv - ok
22:33:31.0784 4344 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
22:33:31.0784 4344 HidUsb - ok
22:33:31.0800 4344 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
22:33:31.0815 4344 hkmsvc - ok
22:33:31.0831 4344 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
22:33:31.0831 4344 HomeGroupListener - ok
22:33:31.0878 4344 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
22:33:31.0878 4344 HomeGroupProvider - ok
22:33:31.0987 4344 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:33:31.0987 4344 hpqcxs08 - ok
22:33:32.0034 4344 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:33:32.0049 4344 hpqddsvc - ok
22:33:32.0081 4344 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:33:32.0081 4344 HpSAMD - ok
22:33:32.0159 4344 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
22:33:32.0159 4344 HTTP - ok
22:33:32.0174 4344 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
22:33:32.0174 4344 hwpolicy - ok
22:33:32.0221 4344 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:33:32.0221 4344 i8042prt - ok
22:33:32.0283 4344 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\drivers\iaStor.sys
22:33:32.0283 4344 iaStor - ok
22:33:32.0346 4344 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\drivers\iaStorV.sys
22:33:32.0361 4344 iaStorV - ok
22:33:32.0486 4344 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:33:32.0502 4344 idsvc - ok
22:33:32.0939 4344 igfx (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdkmd32.sys
22:33:33.0095 4344 igfx - ok
22:33:33.0219 4344 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\drivers\iirsp.sys
22:33:33.0219 4344 iirsp - ok
22:33:33.0313 4344 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
22:33:33.0329 4344 IKEEXT - ok
22:33:33.0391 4344 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\drivers\Impcd.sys
22:33:33.0391 4344 Impcd - ok
22:33:33.0625 4344 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\windows\system32\drivers\RTKVHDA.sys
22:33:33.0703 4344 IntcAzAudAddService - ok
22:33:33.0859 4344 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys
22:33:33.0859 4344 IntcDAud - ok
22:33:33.0875 4344 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:33:33.0890 4344 intelide - ok
22:33:33.0921 4344 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\drivers\intelppm.sys
22:33:33.0921 4344 intelppm - ok
22:33:33.0953 4344 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
22:33:33.0953 4344 IPBusEnum - ok
22:33:33.0968 4344 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:33:33.0968 4344 IpFilterDriver - ok
22:33:34.0031 4344 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
22:33:34.0062 4344 iphlpsvc - ok
22:33:34.0093 4344 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\drivers\IPMIDrv.sys
22:33:34.0093 4344 IPMIDRV - ok
22:33:34.0124 4344 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:33:34.0124 4344 IPNAT - ok
22:33:34.0249 4344 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:33:34.0265 4344 iPod Service - ok
22:33:34.0296 4344 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:33:34.0296 4344 IRENUM - ok
22:33:34.0311 4344 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:33:34.0311 4344 isapnp - ok
22:33:34.0358 4344 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\drivers\msiscsi.sys
22:33:34.0358 4344 iScsiPrt - ok
22:33:34.0405 4344 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
22:33:34.0405 4344 kbdclass - ok
22:33:34.0452 4344 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
22:33:34.0452 4344 kbdhid - ok
22:33:34.0499 4344 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:33:34.0499 4344 KeyIso - ok
22:33:34.0514 4344 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
22:33:34.0514 4344 KSecDD - ok
22:33:34.0545 4344 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
22:33:34.0561 4344 KSecPkg - ok
22:33:34.0592 4344 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
22:33:34.0608 4344 KtmRm - ok
22:33:34.0686 4344 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\System32\srvsvc.dll
22:33:34.0701 4344 LanmanServer - ok
22:33:34.0717 4344 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
22:33:34.0733 4344 LanmanWorkstation - ok
22:33:34.0779 4344 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys
22:33:34.0779 4344 LHidFlt2 - ok
22:33:34.0826 4344 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\windows\system32\Drivers\LHidUsb.Sys
22:33:34.0842 4344 LHidUsb - ok
22:33:34.0873 4344 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:33:34.0873 4344 lltdio - ok
22:33:34.0920 4344 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
22:33:34.0920 4344 lltdsvc - ok
22:33:34.0935 4344 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
22:33:34.0951 4344 lmhosts - ok
22:33:34.0982 4344 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys
22:33:34.0982 4344 LMouFlt2 - ok
22:33:35.0091 4344 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:33:35.0107 4344 LMS - ok
22:33:35.0154 4344 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\drivers\lsi_fc.sys
22:33:35.0154 4344 LSI_FC - ok
22:33:35.0185 4344 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\drivers\lsi_sas.sys
22:33:35.0185 4344 LSI_SAS - ok
22:33:35.0216 4344 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\drivers\lsi_sas2.sys
22:33:35.0216 4344 LSI_SAS2 - ok
22:33:35.0247 4344 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\drivers\lsi_scsi.sys
22:33:35.0247 4344 LSI_SCSI - ok
22:33:35.0263 4344 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:33:35.0263 4344 luafv - ok
22:33:35.0310 4344 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
22:33:35.0310 4344 MBAMProtector - ok
22:33:35.0435 4344 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:33:35.0450 4344 MBAMService - ok
22:33:35.0481 4344 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
22:33:35.0481 4344 Mcx2Svc - ok
22:33:35.0497 4344 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\drivers\megasas.sys
22:33:35.0497 4344 megasas - ok
22:33:35.0559 4344 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\drivers\MegaSR.sys
22:33:35.0575 4344 MegaSR - ok
22:33:35.0591 4344 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:33:35.0606 4344 MMCSS - ok
22:33:35.0622 4344 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:33:35.0622 4344 Modem - ok
22:33:35.0653 4344 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:33:35.0653 4344 monitor - ok
22:33:35.0700 4344 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:33:35.0700 4344 mouclass - ok
22:33:35.0731 4344 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:33:35.0731 4344 mouhid - ok
22:33:35.0762 4344 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
22:33:35.0762 4344 mountmgr - ok
22:33:35.0856 4344 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:33:35.0856 4344 MozillaMaintenance - ok
22:33:35.0887 4344 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\drivers\mpio.sys
22:33:35.0887 4344 mpio - ok
22:33:35.0918 4344 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:33:35.0918 4344 mpsdrv - ok
22:33:36.0012 4344 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
22:33:36.0027 4344 MpsSvc - ok
22:33:36.0043 4344 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
22:33:36.0043 4344 MRxDAV - ok
22:33:36.0105 4344 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
22:33:36.0105 4344 mrxsmb - ok
22:33:36.0152 4344 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:33:36.0168 4344 mrxsmb10 - ok
22:33:36.0183 4344 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:33:36.0183 4344 mrxsmb20 - ok
22:33:36.0215 4344 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\drivers\msahci.sys
22:33:36.0215 4344 msahci - ok
22:33:36.0246 4344 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\drivers\msdsm.sys
22:33:36.0261 4344 msdsm - ok
22:33:36.0293 4344 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
22:33:36.0308 4344 MSDTC - ok
22:33:36.0339 4344 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:33:36.0339 4344 Msfs - ok
22:33:36.0355 4344 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:33:36.0355 4344 mshidkmdf - ok
22:33:36.0386 4344 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:33:36.0386 4344 msisadrv - ok
22:33:36.0433 4344 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
22:33:36.0433 4344 MSiSCSI - ok
22:33:36.0449 4344 msiserver - ok
22:33:36.0480 4344 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:33:36.0480 4344 MSKSSRV - ok
22:33:36.0495 4344 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:33:36.0495 4344 MSPCLOCK - ok
22:33:36.0495 4344 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:33:36.0495 4344 MSPQM - ok
22:33:36.0527 4344 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:33:36.0542 4344 MsRPC - ok
22:33:36.0558 4344 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:33:36.0573 4344 mssmbios - ok
22:33:36.0605 4344 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:33:36.0605 4344 MSTEE - ok
22:33:36.0620 4344 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\drivers\MTConfig.sys
22:33:36.0620 4344 MTConfig - ok
22:33:36.0636 4344 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:33:36.0636 4344 Mup - ok
22:33:36.0667 4344 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
22:33:36.0683 4344 napagent - ok
22:33:36.0745 4344 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:33:36.0761 4344 NativeWifiP - ok
22:33:36.0823 4344 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
22:33:36.0839 4344 NDIS - ok
22:33:36.0870 4344 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:33:36.0870 4344 NdisCap - ok
22:33:36.0885 4344 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:33:36.0885 4344 NdisTapi - ok
22:33:36.0917 4344 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
22:33:36.0917 4344 Ndisuio - ok
22:33:36.0948 4344 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
22:33:36.0948 4344 NdisWan - ok
22:33:36.0963 4344 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
22:33:36.0963 4344 NDProxy - ok
22:33:37.0026 4344 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
22:33:37.0026 4344 Net Driver HPZ12 - ok
22:33:37.0057 4344 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:33:37.0057 4344 NetBIOS - ok
22:33:37.0073 4344 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
22:33:37.0088 4344 NetBT - ok
22:33:37.0119 4344 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:33:37.0119 4344 Netlogon - ok
22:33:37.0182 4344 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
22:33:37.0182 4344 Netman - ok
22:33:37.0229 4344 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
22:33:37.0244 4344 netprofm - ok
22:33:37.0307 4344 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:33:37.0322 4344 NetTcpPortSharing - ok
22:33:37.0743 4344 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\windows\system32\DRIVERS\NETw5s32.sys
22:33:37.0853 4344 NETw5s32 - ok
22:33:37.0993 4344 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\drivers\nfrd960.sys
22:33:37.0993 4344 nfrd960 - ok
22:33:38.0024 4344 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
22:33:38.0055 4344 NlaSvc - ok
22:33:38.0087 4344 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:33:38.0087 4344 Npfs - ok
22:33:38.0087 4344 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
22:33:38.0102 4344 nsi - ok
22:33:38.0118 4344 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:33:38.0118 4344 nsiproxy - ok
22:33:38.0227 4344 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
22:33:38.0243 4344 Ntfs - ok
22:33:38.0289 4344 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:33:38.0289 4344 Null - ok
22:33:38.0305 4344 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\drivers\nvraid.sys
22:33:38.0321 4344 nvraid - ok
22:33:38.0352 4344 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\drivers\nvstor.sys
22:33:38.0352 4344 nvstor - ok
22:33:38.0383 4344 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:33:38.0399 4344 nv_agp - ok
22:33:38.0414 4344 O2MDGRDR (482b93afc173cd957766b6f435ef4a27) C:\windows\system32\drivers\o2mdg.sys
22:33:38.0414 4344 O2MDGRDR - ok
22:33:38.0461 4344 O2SDGRDR (b97064dc65731b3e53d6984f20d3c0ce) C:\windows\system32\drivers\o2sdg.sys
22:33:38.0461 4344 O2SDGRDR - ok
22:33:38.0586 4344 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:33:38.0601 4344 odserv - ok
22:33:38.0617 4344 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:33:38.0617 4344 ohci1394 - ok
22:33:38.0664 4344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:38.0664 4344 ose - ok
22:33:38.0726 4344 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:33:38.0742 4344 p2pimsvc - ok
22:33:38.0789 4344 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
22:33:38.0804 4344 p2psvc - ok
22:33:38.0835 4344 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\drivers\parport.sys
22:33:38.0835 4344 Parport - ok
22:33:38.0882 4344 partmgr (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
22:33:38.0882 4344 partmgr - ok
22:33:38.0898 4344 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\drivers\parvdm.sys
22:33:38.0898 4344 Parvdm - ok
22:33:38.0945 4344 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
22:33:38.0945 4344 PcaSvc - ok
22:33:38.0991 4344 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\drivers\pci.sys
22:33:39.0007 4344 pci - ok
22:33:39.0038 4344 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:33:39.0038 4344 pciide - ok
22:33:39.0085 4344 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\drivers\pcmcia.sys
22:33:39.0085 4344 pcmcia - ok
22:33:39.0116 4344 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:33:39.0116 4344 pcw - ok
22:33:39.0179 4344 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:33:39.0194 4344 PEAUTH - ok
22:33:39.0288 4344 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
22:33:39.0319 4344 PeerDistSvc - ok
22:33:39.0459 4344 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
22:33:39.0506 4344 pla - ok
22:33:39.0678 4344 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
22:33:39.0693 4344 PlugPlay - ok
22:33:39.0756 4344 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
22:33:39.0756 4344 Pml Driver HPZ12 - ok
22:33:39.0771 4344 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
22:33:39.0787 4344 PNRPAutoReg - ok
22:33:39.0818 4344 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:33:39.0818 4344 PNRPsvc - ok
22:33:39.0881 4344 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
22:33:39.0881 4344 PolicyAgent - ok
22:33:39.0927 4344 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
22:33:39.0943 4344 Power - ok
22:33:39.0990 4344 PowerSavingUtilityService (d384518bbd4dc0fee1a57675cb2032c9) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
22:33:39.0990 4344 PowerSavingUtilityService - ok
22:33:40.0037 4344 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:33:40.0052 4344 PptpMiniport - ok
22:33:40.0083 4344 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\drivers\processr.sys
22:33:40.0083 4344 Processor - ok
22:33:40.0115 4344 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
22:33:40.0115 4344 ProfSvc - ok
22:33:40.0161 4344 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:33:40.0161 4344 ProtectedStorage - ok
22:33:40.0208 4344 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:33:40.0208 4344 Psched - ok
22:33:40.0271 4344 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\windows\system32\Drivers\PxHelp20.sys
22:33:40.0271 4344 PxHelp20 - ok
22:33:40.0411 4344 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\drivers\ql2300.sys
22:33:40.0458 4344 ql2300 - ok
22:33:40.0567 4344 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\drivers\ql40xx.sys
22:33:40.0583 4344 ql40xx - ok
22:33:40.0629 4344 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
22:33:40.0645 4344 QWAVE - ok
22:33:40.0692 4344 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:33:40.0692 4344 QWAVEdrv - ok
22:33:40.0692 4344 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:33:40.0707 4344 RasAcd - ok
22:33:40.0739 4344 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:33:40.0739 4344 RasAgileVpn - ok
22:33:40.0785 4344 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
22:33:40.0785 4344 RasAuto - ok
22:33:40.0817 4344 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:33:40.0817 4344 Rasl2tp - ok
22:33:40.0848 4344 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
22:33:40.0863 4344 RasMan - ok
22:33:40.0895 4344 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:33:40.0895 4344 RasPppoe - ok
22:33:40.0910 4344 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:33:40.0910 4344 RasSstp - ok
22:33:40.0957 4344 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
22:33:40.0973 4344 rdbss - ok
22:33:40.0988 4344 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\drivers\rdpbus.sys
22:33:40.0988 4344 rdpbus - ok
22:33:41.0019 4344 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
22:33:41.0019 4344 RDPCDD - ok
22:33:41.0051 4344 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
22:33:41.0066 4344 RDPDR - ok
22:33:41.0129 4344 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:33:41.0129 4344 RDPENCDD - ok
22:33:41.0160 4344 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:33:41.0160 4344 RDPREFMP - ok
22:33:41.0207 4344 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
22:33:41.0222 4344 RDPWD - ok
22:33:41.0253 4344 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
22:33:41.0253 4344 rdyboost - ok
22:33:41.0300 4344 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
22:33:41.0300 4344 RemoteAccess - ok
22:33:41.0347 4344 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
22:33:41.0363 4344 RemoteRegistry - ok
22:33:41.0394 4344 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:33:41.0409 4344 RFCOMM - ok
22:33:41.0519 4344 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:33:41.0534 4344 RichVideo - ok
22:33:41.0581 4344 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
22:33:41.0581 4344 RpcEptMapper - ok
22:33:41.0612 4344 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
22:33:41.0612 4344 RpcLocator - ok
22:33:41.0659 4344 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
22:33:41.0675 4344 RpcSs - ok
22:33:41.0706 4344 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:33:41.0721 4344 rspndr - ok
22:33:41.0768 4344 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\windows\system32\Drivers\RtsUStor.sys
22:33:41.0784 4344 RSUSBSTOR - ok
22:33:41.0799 4344 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\drivers\vms3cap.sys
22:33:41.0799 4344 s3cap - ok
22:33:41.0846 4344 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:33:41.0846 4344 SamSs - ok
22:33:41.0877 4344 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\drivers\sbp2port.sys
22:33:41.0877 4344 sbp2port - ok
22:33:41.0909 4344 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
22:33:41.0924 4344 SCardSvr - ok
22:33:41.0940 4344 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
22:33:41.0940 4344 scfilter - ok
22:33:42.0049 4344 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
22:33:42.0049 4344 Schedule - ok
22:33:42.0080 4344 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
22:33:42.0080 4344 SCPolicySvc - ok
22:33:42.0143 4344 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\windows\system32\DRIVERS\sdbus.sys
22:33:42.0143 4344 sdbus - ok
22:33:42.0189 4344 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
22:33:42.0205 4344 SDRSVC - ok
22:33:42.0236 4344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:33:42.0236 4344 secdrv - ok
22:33:42.0252 4344 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
22:33:42.0252 4344 seclogon - ok
22:33:42.0267 4344 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
22:33:42.0267 4344 SENS - ok
22:33:42.0314 4344 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
22:33:42.0314 4344 SensrSvc - ok
22:33:42.0361 4344 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\drivers\serenum.sys
22:33:42.0361 4344 Serenum - ok
22:33:42.0392 4344 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\drivers\serial.sys
22:33:42.0392 4344 Serial - ok
22:33:42.0423 4344 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\drivers\sermouse.sys
22:33:42.0423 4344 sermouse - ok
22:33:42.0470 4344 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
22:33:42.0470 4344 SessionEnv - ok
22:33:42.0501 4344 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
22:33:42.0501 4344 sffdisk - ok
22:33:42.0533 4344 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:33:42.0533 4344 sffp_mmc - ok
22:33:42.0548 4344 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
22:33:42.0548 4344 sffp_sd - ok
22:33:42.0579 4344 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\drivers\sfloppy.sys
22:33:42.0579 4344 sfloppy - ok
22:33:42.0642 4344 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
22:33:42.0657 4344 SharedAccess - ok
22:33:42.0704 4344 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
22:33:42.0720 4344 ShellHWDetection - ok
22:33:42.0751 4344 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:33:42.0751 4344 sisagp - ok
22:33:42.0798 4344 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\drivers\SiSRaid2.sys
22:33:42.0798 4344 SiSRaid2 - ok
22:33:42.0829 4344 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\drivers\sisraid4.sys
22:33:42.0829 4344 SiSRaid4 - ok
22:33:42.0860 4344 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:33:42.0860 4344 Smb - ok
22:33:42.0907 4344 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
22:33:42.0923 4344 SNMPTRAP - ok
22:33:43.0203 4344 SNP2UVC (24dfa2657d916292abbad91acd921a52) C:\windows\system32\DRIVERS\snp2uvc.sys
22:33:43.0281 4344 SNP2UVC - ok
22:33:43.0391 4344 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:33:43.0391 4344 spldr - ok
22:33:43.0453 4344 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
22:33:43.0469 4344 Spooler - ok
22:33:43.0749 4344 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
22:33:43.0827 4344 sppsvc - ok
22:33:43.0952 4344 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
22:33:43.0952 4344 sppuinotify - ok
22:33:44.0030 4344 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
22:33:44.0061 4344 srv - ok
22:33:44.0108 4344 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
22:33:44.0124 4344 srv2 - ok
22:33:44.0171 4344 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
22:33:44.0171 4344 srvnet - ok
22:33:44.0202 4344 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
22:33:44.0217 4344 SSDPSRV - ok
22:33:44.0233 4344 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
22:33:44.0233 4344 SstpSvc - ok
22:33:44.0264 4344 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\drivers\stexstor.sys
22:33:44.0264 4344 stexstor - ok
22:33:44.0295 4344 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
22:33:44.0295 4344 StillCam - ok
22:33:44.0358 4344 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
22:33:44.0358 4344 StiSvc - ok
22:33:44.0405 4344 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\drivers\vmstorfl.sys
22:33:44.0405 4344 storflt - ok
22:33:44.0436 4344 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
22:33:44.0436 4344 StorSvc - ok
22:33:44.0467 4344 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\drivers\storvsc.sys
22:33:44.0467 4344 storvsc - ok
22:33:44.0498 4344 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:33:44.0498 4344 swenum - ok
22:33:44.0545 4344 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
22:33:44.0561 4344 swprv - ok
22:33:44.0623 4344 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\drivers\SynTP.sys
22:33:44.0639 4344 SynTP - ok
22:33:44.0732 4344 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
22:33:44.0763 4344 SysMain - ok
22:33:44.0779 4344 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
22:33:44.0779 4344 TabletInputService - ok
22:33:44.0810 4344 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
22:33:44.0826 4344 TapiSrv - ok
22:33:44.0841 4344 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
22:33:44.0841 4344 TBS - ok
22:33:45.0013 4344 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
22:33:45.0044 4344 Tcpip - ok
22:33:45.0060 4344 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
22:33:45.0075 4344 TCPIP6 - ok
22:33:45.0091 4344 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
22:33:45.0107 4344 tcpipreg - ok
22:33:45.0122 4344 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
22:33:45.0122 4344 TDPIPE - ok
22:33:45.0153 4344 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
22:33:45.0153 4344 TDTCP - ok
22:33:45.0185 4344 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
22:33:45.0185 4344 tdx - ok
22:33:45.0216 4344 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\drivers\termdd.sys
22:33:45.0231 4344 TermDD - ok
22:33:45.0294 4344 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
22:33:45.0325 4344 TermService - ok
22:33:45.0341 4344 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
22:33:45.0341 4344 Themes - ok
22:33:45.0356 4344 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:33:45.0372 4344 THREADORDER - ok
22:33:45.0403 4344 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
22:33:45.0403 4344 TPM - ok
22:33:45.0434 4344 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
22:33:45.0450 4344 TrkWks - ok
22:33:45.0497 4344 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
22:33:45.0512 4344 TrustedInstaller - ok
22:33:45.0543 4344 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
22:33:45.0543 4344 tssecsrv - ok
22:33:45.0590 4344 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
22:33:45.0590 4344 tunnel - ok
22:33:45.0606 4344 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\drivers\uagp35.sys
22:33:45.0606 4344 uagp35 - ok
22:33:45.0653 4344 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
22:33:45.0668 4344 udfs - ok
22:33:45.0715 4344 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
22:33:45.0715 4344 UI0Detect - ok
22:33:45.0746 4344 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:33:45.0762 4344 uliagpkx - ok
22:33:45.0809 4344 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
22:33:45.0809 4344 umbus - ok
22:33:45.0840 4344 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\drivers\umpass.sys
22:33:45.0840 4344 UmPass - ok
22:33:45.0871 4344 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\windows\System32\umrdp.dll
22:33:45.0887 4344 UmRdpService - ok
22:33:46.0152 4344 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:33:46.0214 4344 UNS - ok
22:33:46.0292 4344 UpdateNaviInstallService (c11d90101cb125afc47525066eff4ae9) C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
22:33:46.0292 4344 UpdateNaviInstallService - ok
22:33:46.0417 4344 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
22:33:46.0433 4344 upnphost - ok
22:33:46.0495 4344 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
22:33:46.0495 4344 USBAAPL - ok
22:33:46.0542 4344 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
22:33:46.0542 4344 usbaudio - ok
22:33:46.0573 4344 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
22:33:46.0573 4344 usbccgp - ok
22:33:46.0604 4344 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:33:46.0604 4344 usbcir - ok
22:33:46.0620 4344 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\drivers\usbehci.sys
22:33:46.0620 4344 usbehci - ok
22:33:46.0682 4344 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\drivers\usbhub.sys
22:33:46.0698 4344 usbhub - ok
22:33:46.0729 4344 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
22:33:46.0729 4344 usbohci - ok
22:33:46.0745 4344 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\drivers\usbprint.sys
22:33:46.0745 4344 usbprint - ok
22:33:46.0760 4344 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:33:46.0760 4344 USBSTOR - ok
22:33:46.0776 4344 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
22:33:46.0776 4344 usbuhci - ok
22:33:46.0854 4344 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
22:33:46.0869 4344 usbvideo - ok
22:33:46.0901 4344 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
22:33:46.0901 4344 UxSms - ok
22:33:46.0947 4344 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:33:46.0947 4344 VaultSvc - ok
22:33:46.0979 4344 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:33:46.0979 4344 vdrvroot - ok
22:33:47.0041 4344 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
22:33:47.0057 4344 vds - ok
22:33:47.0135 4344 VFPRadioSupportService (48a41a09eba08c44db367b68afa13234) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
22:33:47.0135 4344 VFPRadioSupportService - ok
22:33:47.0181 4344 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:33:47.0181 4344 vga - ok
22:33:47.0197 4344 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:33:47.0213 4344 VgaSave - ok
22:33:47.0244 4344 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\drivers\vhdmp.sys
22:33:47.0259 4344 vhdmp - ok
22:33:47.0306 4344 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:33:47.0306 4344 viaagp - ok
22:33:47.0337 4344 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\drivers\viac7.sys
22:33:47.0337 4344 ViaC7 - ok
22:33:47.0353 4344 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:33:47.0353 4344 viaide - ok
22:33:47.0415 4344 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\drivers\vmbus.sys
22:33:47.0415 4344 vmbus - ok
22:33:47.0447 4344 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\drivers\VMBusHID.sys
22:33:47.0447 4344 VMBusHID - ok
22:33:47.0478 4344 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\drivers\volmgr.sys
22:33:47.0478 4344 volmgr - ok
22:33:47.0525 4344 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:33:47.0525 4344 volmgrx - ok
22:33:47.0556 4344 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\drivers\volsnap.sys
22:33:47.0571 4344 volsnap - ok
22:33:47.0634 4344 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\drivers\vsmraid.sys
22:33:47.0649 4344 vsmraid - ok
22:33:47.0743 4344 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
22:33:47.0774 4344 VSS - ok
22:33:47.0805 4344 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:33:47.0805 4344 vwifibus - ok
22:33:47.0821 4344 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:33:47.0821 4344 vwififlt - ok
22:33:47.0868 4344 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
22:33:47.0883 4344 W32Time - ok
22:33:47.0915 4344 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\drivers\wacompen.sys
22:33:47.0915 4344 WacomPen - ok
22:33:47.0946 4344 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:33:47.0946 4344 WANARP - ok
22:33:47.0946 4344 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:33:47.0946 4344 Wanarpv6 - ok
22:33:48.0117 4344 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
22:33:48.0149 4344 WatAdminSvc - ok
22:33:48.0305 4344 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
22:33:48.0336 4344 wbengine - ok
22:33:48.0367 4344 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
22:33:48.0383 4344 WbioSrvc - ok
22:33:48.0414 4344 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\windows\System32\wcncsvc.dll
22:33:48.0429 4344 wcncsvc - ok
22:33:48.0445 4344 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
22:33:48.0461 4344 WcsPlugInService - ok
22:33:48.0507 4344 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\drivers\wd.sys
22:33:48.0507 4344 Wd - ok
22:33:48.0554 4344 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:33:48.0570 4344 Wdf01000 - ok
22:33:48.0585 4344 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:33:48.0601 4344 WdiServiceHost - ok
22:33:48.0601 4344 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:33:48.0601 4344 WdiSystemHost - ok
22:33:48.0632 4344 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\windows\System32\webclnt.dll
22:33:48.0663 4344 WebClient - ok
22:33:48.0679 4344 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
22:33:48.0695 4344 Wecsvc - ok
22:33:48.0726 4344 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
22:33:48.0726 4344 wercplsupport - ok
22:33:48.0741 4344 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
22:33:48.0757 4344 WerSvc - ok
22:33:48.0773 4344 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:33:48.0788 4344 WfpLwf - ok
22:33:48.0804 4344 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:33:48.0804 4344 WIMMount - ok
22:33:48.0897 4344 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:33:48.0913 4344 WinDefend - ok
22:33:48.0913 4344 WinHttpAutoProxySvc - ok
22:33:48.0975 4344 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
22:33:48.0975 4344 Winmgmt - ok
22:33:49.0116 4344 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
22:33:49.0147 4344 WinRM - ok
22:33:49.0272 4344 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
22:33:49.0272 4344 WinUsb - ok
22:33:49.0365 4344 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
22:33:49.0381 4344 Wlansvc - ok
22:33:49.0599 4344 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:49.0646 4344 wlidsvc - ok
22:33:49.0755 4344 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:33:49.0755 4344 WmiAcpi - ok
22:33:49.0833 4344 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
22:33:49.0833 4344 wmiApSrv - ok
22:33:49.0989 4344 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:33:50.0005 4344 WMPNetworkSvc - ok
22:33:50.0036 4344 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
22:33:50.0036 4344 WPCSvc - ok
22:33:50.0067 4344 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
22:33:50.0067 4344 WPDBusEnum - ok
22:33:50.0130 4344 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:33:50.0130 4344 ws2ifsl - ok
22:33:50.0177 4344 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
22:33:50.0192 4344 wscsvc - ok
22:33:50.0192 4344 WSearch - ok
22:33:50.0348 4344 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
22:33:50.0411 4344 wuauserv - ok
22:33:50.0520 4344 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
22:33:50.0520 4344 WudfPf - ok
22:33:50.0567 4344 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
22:33:50.0567 4344 WUDFRd - ok
22:33:50.0613 4344 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
22:33:50.0613 4344 wudfsvc - ok
22:33:50.0645 4344 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
22:33:50.0660 4344 WwanSvc - ok
22:33:50.0707 4344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:33:51.0003 4344 \Device\Harddisk0\DR0 - ok
22:33:51.0019 4344 Boot (0x1200) (d750aaca8d87cf466c2b2d6b2498a97f) \Device\Harddisk0\DR0\Partition0
22:33:51.0019 4344 \Device\Harddisk0\DR0\Partition0 - ok
22:33:51.0035 4344 Boot (0x1200) (e6e44bbdf69b5cfea09876c24c39c554) \Device\Harddisk0\DR0\Partition1
22:33:51.0035 4344 \Device\Harddisk0\DR0\Partition1 - ok
22:33:51.0050 4344 Boot (0x1200) (6b13f8df507108715067aec535d541a8) \Device\Harddisk0\DR0\Partition2
22:33:51.0050 4344 \Device\Harddisk0\DR0\Partition2 - ok
22:33:51.0050 4344 ============================================================
22:33:51.0050 4344 Scan finished
22:33:51.0050 4344 ============================================================
22:33:51.0066 3964 Detected object count: 0
22:33:51.0066 3964 Actual detected object count: 0

The aswMBR report is as follow:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 22:36:24
-----------------------------
22:36:24.926 OS Version: Windows 6.1.7600
22:36:24.926 Number of processors: 4 586 0x2502
22:36:24.933 ComputerName: REDWING UserName:
22:36:26.166 Initialize success
22:42:34.116 AVAST engine defs: 12061000
22:43:31.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:43:31.103 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:43:31.119 Disk 0 MBR read successfully
22:43:31.119 Disk 0 MBR scan
22:43:31.135 Disk 0 Windows 7 default MBR code
22:43:31.135 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
22:43:31.150 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 33556480
22:43:31.181 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 359201 MB offset 33966080
22:43:31.213 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 101153 MB offset 769609728
22:43:31.228 Disk 0 scanning sectors +976771072
22:43:31.275 Disk 0 scanning C:\windows\system32\drivers
22:43:40.853 Service scanning
22:44:03.364 Modules scanning
22:44:12.662 Disk 0 trace - called modules:
22:44:12.693 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
22:44:12.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87db8990]
22:44:12.709 3 CLASSPNP.SYS[8b7ad59e] -> nt!IofCallDriver -> [0x86253930]
22:44:12.709 5 ACPI.sys[8b08c3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86255028]
22:44:14.175 AVAST engine scan C:\windows
22:44:17.747 AVAST engine scan C:\windows\system32
22:46:27.682 AVAST engine scan C:\windows\system32\drivers
22:46:38.368 AVAST engine scan C:\Users\Alex Koon
23:00:39.398 AVAST engine scan C:\ProgramData
23:01:10.379 Scan finished successfully
23:05:08.571 Disk 0 MBR has been saved successfully to "C:\Users\Alex Koon\Desktop\MBR.dat"
23:05:08.578 The log file has been saved successfully to "C:\Users\Alex Koon\Desktop\aswMBR.txt"

Please advise on the next step. Thanks.

Best,
Alex

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 10 June 2012 - 11:48 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 05:49 PM

Hi Gringo,

Here is the ComboFix report log:

ComboFix 12-06-10.01 - Alex Koon 11/06/12 8:29.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2995.1644 [GMT 10:00]
Running from: c:\users\Alex Koon\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex Koon\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex Koon\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 22:34 . 2012-06-10 22:38 -------- d-----w- c:\users\Alex Koon\AppData\Local\temp
2012-06-10 22:34 . 2012-06-10 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 22:34 . 2012-06-10 22:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-10 06:22 . 2012-06-10 22:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A9A32F-6A86-4981-B970-FE4C44AEBBF6}\offreg.dll
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\users\Alex Koon\AppData\Roaming\Malwarebytes
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-08 22:58 . 2012-06-08 22:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 22:58 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 10:12 . 2012-06-06 10:12 -------- d-----w- c:\program files\Common Files\Java
2012-06-06 10:12 . 2012-06-06 10:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-27 21:33 . 2012-05-27 21:33 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-25 22:48 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A9A32F-6A86-4981-B970-FE4C44AEBBF6}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 10:12 . 2011-03-23 22:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-27 14:19 . 2012-04-07 16:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-27 14:19 . 2011-06-14 22:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 04:46 . 2012-05-08 23:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-08 23:18 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43 . 2012-05-08 23:18 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:29 . 2012-05-08 23:18 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:20 . 2012-05-08 23:18 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-03 01:55 . 2011-05-30 23:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-19 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-19 166424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-05-22 24576]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 104960]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 128360]
"FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2009-10-16 107880]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 138088]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 33640]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-10-03 167008]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2009-10-01 143360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-16 19968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Alex Koon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-9 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-15 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-07-20 60576]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-07-15 41632]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 17008]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2010-04-20 12776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-27 62824]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-08-27 12800]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 111488]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 5632]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-365268101-1576805569-2491809101-1000Core.job
- c:\users\Alex Koon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:38]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-365268101-1576805569-2491809101-1000UA.job
- c:\users\Alex Koon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Alex Koon\AppData\Roaming\Mozilla\Firefox\Profiles\plp4ev3a.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4188)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Fujitsu\Application Panel\BtnHndHkb.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-11 08:42:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 22:42
ComboFix2.txt 2012-06-10 06:27
.
Pre-Run: 259,819,937,792 bytes free
Post-Run: 259,893,456,896 bytes free
.
- - End Of File - - BDA2FB984687214CB5CCCC25CC541F8B

I have not encountered any problem running the CFscript on ComboFix.

The computer seems to be behaving just fine since the last time I ran ComboFix.

Please advise on the next step, especially on preventive measures. Thanks.

Best,
Alex

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 10 June 2012 - 06:05 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 32
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 07:25 PM

I have followed your instructions and produced log from MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Alex Koon :: REDWING [administrator]

Protection: Enabled

11/06/12 10:06:33
mbam-log-2012-06-11 (10-06-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220728
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

However, I encountered problems with HiJack.

When I selected DO A SYSTEM SCAN AND SAVE A LOG FILE, it gave me this bounce-up message:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\windows\System32\drivers\etc\hosts
and press Enter. Find the lines HijackThis reports and delete them.
Save the file as 'hosts'. (with quote) and reboot.
For Vista: simply, exit HijackThis, right click on the HijeckThis icon, choose 'Run as administrator'.

I clicked "OK", and then this error bounced up:

Cannot find the C:\Program File\Trend Micro\HijackThis\hijackthis.log file.
Do you want to create a new file?

I clicked "YES", and then I see an empty notepad opened. Nothing happens. I closed it. And I see the Hijack program not doing anything. So I closed that too.

Please advise on what to do. Thanks.

Best,
Alex

#10 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 07:27 PM

Also, I just noticed that the Malwarebytes Anti-Malware short-cut on my desktop has lost its icon after I ran HijackThis.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 10 June 2012 - 09:58 PM

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 June 2012 - 10:50 PM

Hi Gringo,

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:53, on 11/06/12
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\WINDOWS\snuvcdsm.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
O4 - HKLM\..\Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
O4 - HKLM\..\Run: [ConMgr] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour ?? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Bluetooth Feature Support (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe

--
End of file - 10052 bytes

The MBAM icon still appear to be lost. Please advise the next step. Thanks.

Best,
Alex

#13 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 11 June 2012 - 06:06 PM

"BUMP"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 11 June 2012 - 06:29 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
      O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Redwing999

Redwing999
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 11 June 2012 - 06:42 PM

Hi Gringo,

Thank you for the suggestion. But I think my system tray has very unnecessary icons/programs (I keep it at a minimal), and my computer starts up very quick smooth. So I think I'll pass this step of going through HijackThis again. Please go on to advise the next step. Thanks.

Best,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users