Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes After Startup


  • This topic is locked This topic is locked
15 replies to this topic

#1 SWH85

SWH85

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 15 June 2012 - 11:15 PM

Ok I have tried to follow the steps as close as possible.

About a week ago the computer started running slow after start up and freezing. I use Sophos Antivirus fully licenced edition and ran a scan, no results. I downloaded and ran trend Micro house call, no results. I downloaded and ran Malwarebytes and it found a an extension mismatch in a jpeg file. I rebooted and got this message:

"There was a problem starting C:\ProgramData\Malwarebytes\Malwarebytes'Anti-Malware\cleanup.dll The specified module could not be found"

Everytime I reboot now after startup and on desktop when I try and click anything the computer freezes up.

So I have had to run these scans from safe mode.

The GMER I had a problem with, I could only select the Services, Registry and Files options, the other options above were all greyed out. I ran and it found no problems, the log was empty.

I will post the other DDS logs here now, I was going to try uninstalling Malwarebytes and restarting....

Attached Files



BC AdBot (Login to Remove)

 


#2 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 June 2012 - 12:10 AM

I have removed Malwarebytes in safe mode and rebooted and the system seems to run fine now and I reran the DDS and here are the new logs. I am concerned as to why Malwarebytes would be stopping the computer from running, is there something malicious which is clashing with Malwarebytes?


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HP at 14:34:45 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3839.2476 [GMT 10:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\dgdersvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MBCAME~1.LNK - C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{2876C9A0-85A1-48A2-9964-FE8590643B4C} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{2AF75566-9E07-4B93-B7A1-A7562A69CFE3} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{64C2ECCD-D52B-4C30-81D9-97646356A20F} : DhcpNameServer = 211.29.132.12 61.88.88.88
TCP: Interfaces\{6F84300F-5626-455B-81EA-726D631F5539} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{6F84300F-5626-455B-81EA-726D631F5539}\3486279637572E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88
TCP: Interfaces\{6F84300F-5626-455B-81EA-726D631F5539}\45548435F5248324644314 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8037D0C7-66EE-4289-9E69-6EF29D532869} : DhcpNameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{A38C9570-42A3-4847-8747-7125B2BEF171} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{C1CD819F-545F-461C-8D78-198051DC041F} : DhcpNameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{F532D244-D082-4383-B8DF-A310E921A7C9} : DhcpNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2010-12-20 95568]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2010-12-3 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2010-12-3 128512]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-17 167960]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-3-14 99864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-5-10 232472]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-17 1543704]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-20 18120]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\DRIVERS\NW1950.sys --> C:\Windows\system32\DRIVERS\NW1950.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 BBUpdate;BBUpdate;"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" --> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-10-16 16392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-06-16 02:49:51 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{517A1C50-9B01-45D7-8EFF-9FF73912462A}\mpengine.dll
2012-06-13 09:30:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:30:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 09:30:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:29:56 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:29:54 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:29:54 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 09:29:28 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 09:29:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 03:56:19 -------- d-----w- C:\Users\HP\AppData\Local\Facebook
2012-06-02 02:13:58 -------- d-----w- C:\Program Files (x86)\EaseUS
2012-06-02 02:06:33 -------- d-----w- C:\Users\HP\AppData\Roaming\GetRightToGo
2012-06-02 02:01:45 -------- d-----w- C:\Users\HP\Programs
2012-06-02 02:00:45 -------- d-----w- C:\Program Files (x86)\Convar
2012-05-26 06:50:19 -------- d-----w- C:\Sophos
2012-05-26 06:49:40 -------- d-----w- C:\scss_10
2012-05-26 04:05:38 73728 ----a-r- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05:38 73728 ----a-r- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05:38 73728 ----a-r- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-24 14:27:04 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-05-21 04:44:16 711240 ----a-w- C:\Windows\isRS-000.tmp
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 06:49:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 06:49:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 06:49:36 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 20:14:52 4376576 ----a-w- C:\Windows\System32\ffdshow.ax
2012-04-22 20:14:18 3515392 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2012-04-22 20:14:14 4489728 ----a-w- C:\Windows\System32\ffmpeg.dll
2012-04-22 20:12:22 4424704 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2012-04-08 23:47:28 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2012-04-08 23:47:14 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-04-08 23:46:24 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2012-04-08 23:45:58 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2012-04-08 23:45:58 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2012-04-08 23:45:58 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2012-04-08 23:45:56 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2012-04-08 23:45:56 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2012-04-08 23:45:56 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2012-04-08 23:45:54 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2012-04-08 23:40:36 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-04-08 23:39:46 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2012-04-08 23:39:32 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2012-04-08 23:39:32 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2012-04-08 23:39:30 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2012-04-08 23:39:30 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2012-04-08 23:39:28 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2012-04-08 23:39:28 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2012-04-08 23:39:26 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:23:54 775168 ----a-w- C:\Windows\System32\LAVVideo.ax
2012-03-29 14:23:54 555520 ----a-w- C:\Windows\System32\LAVSplitter.ax
2012-03-29 14:23:50 248832 ----a-w- C:\Windows\System32\LAVAudio.ax
2012-03-29 14:23:46 202240 ----a-w- C:\Windows\System32\libbluray.dll
2012-03-29 14:23:40 6757091 ----a-w- C:\Windows\System32\avcodec-lav-54.dll
2012-03-29 14:23:40 399620 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2012-03-29 14:23:40 214711 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2012-03-29 14:23:40 133299 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2012-03-29 14:23:40 1167294 ----a-w- C:\Windows\System32\avformat-lav-54.dll
2012-03-29 14:21:32 606720 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2012-03-29 14:21:32 462848 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2012-03-29 14:21:28 217600 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2012-03-29 14:21:26 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
2012-03-29 14:21:18 6582226 ----a-w- C:\Windows\SysWow64\avcodec-lav-54.dll
2012-03-29 14:21:18 374152 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2012-03-29 14:21:18 207872 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
2012-03-29 14:21:18 144523 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
2012-03-29 14:21:18 1152365 ----a-w- C:\Windows\SysWow64\avformat-lav-54.dll
2012-03-27 15:08:52 267264 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2012-03-27 15:08:24 348160 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-18 23:12:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:36:00.04 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 16 June 2012 - 12:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 June 2012 - 01:36 AM

OK something strange has happened not sure if it is normal. When I ran Security Check Sophos was quarantining something and it was not working or taking ages. I disabled Sophos on access scanning for ComboFix so I ran Security Check also again.

ComboFix ran all the stages taking almost an hour and was up to the stage deleting some files when Sophos popped up blocking some suspicious behaviour then the computer just rebooted and ComboFix then prepared the log report.

I tried opening Chrome and Internet Explorer to post the logs when I got "Illegal operation attempted on a registry key that has been marked for deletion". So I rebooted and they seem to open normally now. Here are the logs


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.4
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




ComboFix 12-06-15.06 - HP 16/06/2012 15:30:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3839.2206 [GMT 10:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 06:12 . 2012-06-16 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 02:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{517A1C50-9B01-45D7-8EFF-9FF73912462A}\mpengine.dll
2012-06-13 09:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 09:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 09:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 09:29 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 09:29 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:29 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 09:29 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 09:29 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 03:56 . 2012-06-09 04:49 -------- d-----w- c:\users\HP\AppData\Local\Facebook
2012-06-02 02:13 . 2012-06-02 02:13 -------- d-----w- c:\program files (x86)\EaseUS
2012-06-02 02:06 . 2012-06-02 02:10 -------- d-----w- c:\users\HP\AppData\Roaming\GetRightToGo
2012-06-02 02:01 . 2012-06-02 04:06 -------- d-----w- c:\users\HP\Programs
2012-06-02 02:00 . 2012-06-02 06:01 -------- d-----w- c:\program files (x86)\Convar
2012-05-26 06:50 . 2012-05-26 06:50 -------- d-----w- C:\Sophos
2012-05-26 06:49 . 2012-05-26 06:49 -------- d-----w- C:\scss_10
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-24 14:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 15:58 . 2011-05-24 02:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-09 15:44 . 2011-05-22 11:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-07 13:31 . 2011-05-25 00:53 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-05 06:49 . 2012-04-07 06:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 06:49 . 2011-10-17 04:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 06:49 . 2012-04-14 10:13 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 20:14 . 2012-04-22 20:14 4376576 ----a-w- c:\windows\system32\ffdshow.ax
2012-04-22 20:14 . 2012-04-22 20:14 3515392 ----a-w- c:\windows\SysWow64\ffdshow.ax
2012-04-22 20:14 . 2012-04-22 20:14 4489728 ----a-w- c:\windows\system32\ffmpeg.dll
2012-04-22 20:12 . 2012-04-22 20:12 4424704 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2012-04-08 23:47 . 2012-04-08 23:47 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2012-04-08 23:47 . 2012-04-08 23:47 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-08 23:46 . 2012-04-08 23:46 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-04-08 23:45 . 2012-04-08 23:45 183808 ----a-w- c:\windows\system32\ff_unrar.dll
2012-04-08 23:45 . 2012-04-08 23:45 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2012-04-08 23:45 . 2012-04-08 23:45 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-04-08 23:45 . 2012-04-08 23:45 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
2012-04-08 23:45 . 2012-04-08 23:45 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2012-04-08 23:45 . 2012-04-08 23:45 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-04-08 23:45 . 2012-04-08 23:45 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2012-04-08 23:40 . 2012-04-08 23:40 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-04-08 23:39 . 2012-04-08 23:39 260608 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2012-04-08 23:39 . 2012-04-08 23:39 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2012-04-08 23:39 . 2012-04-08 23:39 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2012-04-08 23:39 . 2012-04-08 23:39 1525248 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2012-04-08 23:39 . 2012-04-08 23:39 146944 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2012-04-08 23:39 . 2012-04-08 23:39 212480 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2012-04-08 23:39 . 2012-04-08 23:39 115200 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2012-04-08 23:39 . 2012-04-08 23:39 328704 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2012-04-06 12:18 . 2011-05-22 11:00 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-12 02:08 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:23 . 2012-03-29 14:23 775168 ----a-w- c:\windows\system32\LAVVideo.ax
2012-03-29 14:23 . 2012-03-29 14:23 555520 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-03-29 14:23 . 2012-03-29 14:23 248832 ----a-w- c:\windows\system32\LAVAudio.ax
2012-03-29 14:23 . 2012-03-29 14:23 202240 ----a-w- c:\windows\system32\libbluray.dll
2012-03-29 14:23 . 2012-03-29 14:23 6757091 ----a-w- c:\windows\system32\avcodec-lav-54.dll
2012-03-29 14:23 . 2012-03-29 14:23 399620 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-03-29 14:23 . 2012-03-29 14:23 214711 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-03-29 14:23 . 2012-03-29 14:23 133299 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-03-29 14:23 . 2012-03-29 14:23 1167294 ----a-w- c:\windows\system32\avformat-lav-54.dll
2012-03-29 14:21 . 2012-03-29 14:21 606720 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2012-03-29 14:21 . 2012-03-29 14:21 462848 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2012-03-29 14:21 . 2012-03-29 14:21 217600 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2012-03-29 14:21 . 2012-03-29 14:21 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
2012-03-29 14:21 . 2012-03-29 14:21 6582226 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll
2012-03-29 14:21 . 2012-03-29 14:21 374152 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 207872 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
2012-03-29 14:21 . 2012-03-29 14:21 144523 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 1152365 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll
2012-03-27 15:08 . 2012-03-27 15:08 267264 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2012-03-27 15:08 . 2012-03-27 15:08 348160 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-18 23:12 . 2011-02-09 02:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-09 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-02 976320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-03-14 494616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MBCameraMonitor.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-5-7 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\users\HP\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\HP\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E052.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-12-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-10 22072]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 119632]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-17 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-14 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-17 1543704]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:49]
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000Core.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 04:48]
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000UA.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 04:48]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 12:01]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 12:01]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:45]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E052.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-16 16:21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 06:21
.
Pre-Run: 362,501,107,712 bytes free
Post-Run: 363,013,918,720 bytes free
.
- - End Of File - - 518A10F8ABF251FDEB810A3755F585B4

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 16 June 2012 - 01:52 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 June 2012 - 02:26 AM

Here are the logs.



16:54:24.0978 4012 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
16:54:26.0056 4012 ============================================================
16:54:26.0056 4012 Current date / time: 2012/06/16 16:54:26.0056
16:54:26.0056 4012 SystemInfo:
16:54:26.0056 4012
16:54:26.0056 4012 OS Version: 6.1.7601 ServicePack: 1.0
16:54:26.0056 4012 Product type: Workstation
16:54:26.0056 4012 ComputerName: HOME
16:54:26.0056 4012 UserName: HP
16:54:26.0056 4012 Windows directory: C:\Windows
16:54:26.0056 4012 System windows directory: C:\Windows
16:54:26.0056 4012 Running under WOW64
16:54:26.0056 4012 Processor architecture: Intel x64
16:54:26.0056 4012 Number of processors: 2
16:54:26.0056 4012 Page size: 0x1000
16:54:26.0056 4012 Boot type: Normal boot
16:54:26.0056 4012 ============================================================
16:54:27.0444 4012 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:54:27.0460 4012 Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:54:27.0460 4012 ============================================================
16:54:27.0460 4012 \Device\Harddisk0\DR0:
16:54:27.0460 4012 MBR partitions:
16:54:27.0460 4012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:54:27.0460 4012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x48E9E800
16:54:27.0460 4012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48ED1000, BlocksNum 0x1986800
16:54:27.0460 4012 \Device\Harddisk2\DR2:
16:54:27.0460 4012 MBR partitions:
16:54:27.0460 4012 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
16:54:27.0460 4012 ============================================================
16:54:27.0538 4012 C: <-> \Device\Harddisk0\DR0\Partition1
16:54:27.0584 4012 D: <-> \Device\Harddisk0\DR0\Partition2
16:54:28.0021 4012 I: <-> \Device\Harddisk2\DR2\Partition0
16:54:28.0021 4012 ============================================================
16:54:28.0021 4012 Initialize success
16:54:28.0021 4012 ============================================================
16:54:34.0292 1920 ============================================================
16:54:34.0292 1920 Scan started
16:54:34.0292 1920 Mode: Manual;
16:54:34.0292 1920 ============================================================
16:54:35.0338 1920 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:54:35.0369 1920 1394ohci - ok
16:54:35.0478 1920 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
16:54:35.0509 1920 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
16:54:35.0556 1920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:54:35.0572 1920 ACPI - ok
16:54:35.0587 1920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:54:35.0603 1920 AcpiPmi - ok
16:54:35.0618 1920 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
16:54:35.0634 1920 ACPIService - ok
16:54:35.0696 1920 ADIHdAudAddService (0fa60a409e1c8ab9a81901311d15393d) C:\Windows\system32\drivers\ADIHdAud.sys
16:54:35.0712 1920 ADIHdAudAddService - ok
16:54:35.0774 1920 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:54:35.0806 1920 AdobeARMservice - ok
16:54:36.0024 1920 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:54:36.0040 1920 AdobeFlashPlayerUpdateSvc - ok
16:54:36.0211 1920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:54:36.0289 1920 adp94xx - ok
16:54:36.0336 1920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:54:36.0352 1920 adpahci - ok
16:54:36.0383 1920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:54:36.0398 1920 adpu320 - ok
16:54:36.0430 1920 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
16:54:36.0445 1920 AEADIFilters - ok
16:54:36.0476 1920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:54:36.0492 1920 AeLookupSvc - ok
16:54:36.0554 1920 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:54:36.0586 1920 AFD - ok
16:54:36.0632 1920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:54:36.0648 1920 agp440 - ok
16:54:36.0695 1920 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:54:36.0726 1920 ALG - ok
16:54:36.0757 1920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:54:36.0773 1920 aliide - ok
16:54:36.0788 1920 AMD External Events Utility (c4c88cd854b28fc85495c841a0f6a069) C:\Windows\system32\atiesrxx.exe
16:54:36.0804 1920 AMD External Events Utility - ok
16:54:36.0820 1920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:54:36.0851 1920 amdide - ok
16:54:36.0882 1920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:54:36.0898 1920 AmdK8 - ok
16:54:37.0381 1920 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
16:54:37.0522 1920 amdkmdag - ok
16:54:37.0662 1920 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
16:54:37.0678 1920 amdkmdap - ok
16:54:37.0709 1920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:54:37.0724 1920 AmdPPM - ok
16:54:37.0756 1920 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
16:54:37.0756 1920 amdsata - ok
16:54:37.0818 1920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:54:37.0834 1920 amdsbs - ok
16:54:37.0849 1920 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
16:54:37.0865 1920 amdxata - ok
16:54:37.0912 1920 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
16:54:37.0927 1920 androidusb - ok
16:54:38.0005 1920 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:54:38.0021 1920 AppID - ok
16:54:38.0052 1920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:54:38.0068 1920 AppIDSvc - ok
16:54:38.0161 1920 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:54:38.0161 1920 Appinfo - ok
16:54:38.0270 1920 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:54:38.0286 1920 Apple Mobile Device - ok
16:54:38.0348 1920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:54:38.0364 1920 arc - ok
16:54:38.0395 1920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:54:38.0426 1920 arcsas - ok
16:54:38.0458 1920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:54:38.0458 1920 AsyncMac - ok
16:54:38.0504 1920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:54:38.0520 1920 atapi - ok
16:54:38.0910 1920 atikmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atikmdag.sys
16:54:39.0004 1920 atikmdag - ok
16:54:39.0113 1920 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:54:39.0113 1920 AtiPcie - ok
16:54:39.0222 1920 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:54:39.0300 1920 AudioEndpointBuilder - ok
16:54:39.0316 1920 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:54:39.0316 1920 AudioSrv - ok
16:54:39.0378 1920 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:54:39.0394 1920 AxInstSV - ok
16:54:39.0456 1920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:54:39.0487 1920 b06bdrv - ok
16:54:39.0518 1920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:54:39.0534 1920 b57nd60a - ok
16:54:39.0659 1920 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:54:39.0674 1920 BBSvc - ok
16:54:39.0674 1920 BBUpdate - ok
16:54:39.0737 1920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:54:39.0752 1920 BDESVC - ok
16:54:39.0768 1920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:54:39.0784 1920 Beep - ok
16:54:39.0893 1920 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:54:39.0908 1920 BFE - ok
16:54:40.0002 1920 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:54:40.0158 1920 BITS - ok
16:54:40.0220 1920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:54:40.0220 1920 blbdrive - ok
16:54:40.0314 1920 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:54:40.0330 1920 Bonjour Service - ok
16:54:40.0345 1920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:54:40.0361 1920 bowser - ok
16:54:40.0376 1920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:54:40.0392 1920 BrFiltLo - ok
16:54:40.0408 1920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:54:40.0423 1920 BrFiltUp - ok
16:54:40.0470 1920 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:54:40.0486 1920 BridgeMP - ok
16:54:40.0564 1920 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:54:40.0579 1920 Browser - ok
16:54:40.0610 1920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:54:40.0626 1920 Brserid - ok
16:54:40.0642 1920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:54:40.0657 1920 BrSerWdm - ok
16:54:40.0673 1920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:54:40.0688 1920 BrUsbMdm - ok
16:54:40.0704 1920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:54:40.0720 1920 BrUsbSer - ok
16:54:40.0798 1920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:54:40.0813 1920 BTHMODEM - ok
16:54:40.0844 1920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:54:40.0876 1920 bthserv - ok
16:54:40.0969 1920 CalendarSynchService (8f65d2b9331a2b38fcf69f24f756c2fd) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
16:54:41.0000 1920 CalendarSynchService - ok
16:54:41.0047 1920 catchme - ok
16:54:41.0078 1920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:54:41.0094 1920 cdfs - ok
16:54:41.0125 1920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:54:41.0156 1920 cdrom - ok
16:54:41.0219 1920 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:54:41.0234 1920 CertPropSvc - ok
16:54:41.0266 1920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:54:41.0281 1920 circlass - ok
16:54:41.0359 1920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:54:41.0375 1920 CLFS - ok
16:54:41.0453 1920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:54:41.0515 1920 clr_optimization_v2.0.50727_32 - ok
16:54:41.0578 1920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:54:41.0624 1920 clr_optimization_v2.0.50727_64 - ok
16:54:41.0687 1920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:54:41.0765 1920 clr_optimization_v4.0.30319_32 - ok
16:54:41.0796 1920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:54:41.0812 1920 clr_optimization_v4.0.30319_64 - ok
16:54:41.0858 1920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:54:41.0858 1920 CmBatt - ok
16:54:41.0874 1920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:54:41.0890 1920 cmdide - ok
16:54:41.0968 1920 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:54:41.0983 1920 CNG - ok
16:54:41.0999 1920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:54:42.0014 1920 Compbatt - ok
16:54:42.0046 1920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:54:42.0046 1920 CompositeBus - ok
16:54:42.0061 1920 COMSysApp - ok
16:54:42.0092 1920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:54:42.0108 1920 crcdisk - ok
16:54:42.0186 1920 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:54:42.0202 1920 CryptSvc - ok
16:54:42.0264 1920 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:54:42.0264 1920 DcomLaunch - ok
16:54:42.0326 1920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:54:42.0326 1920 defragsvc - ok
16:54:42.0373 1920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:54:42.0389 1920 DfsC - ok
16:54:42.0436 1920 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
16:54:42.0436 1920 dgderdrv - ok
16:54:42.0498 1920 dgdersvc (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe
16:54:42.0529 1920 dgdersvc - ok
16:54:42.0592 1920 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:54:42.0607 1920 Dhcp - ok
16:54:42.0638 1920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:54:42.0638 1920 discache - ok
16:54:42.0685 1920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:54:42.0701 1920 Disk - ok
16:54:42.0716 1920 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:54:42.0732 1920 Dnscache - ok
16:54:42.0779 1920 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:54:42.0872 1920 dot3svc - ok
16:54:42.0919 1920 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:54:42.0919 1920 DPS - ok
16:54:42.0966 1920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:54:42.0982 1920 drmkaud - ok
16:54:43.0091 1920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:54:43.0138 1920 DXGKrnl - ok
16:54:43.0184 1920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:54:43.0184 1920 EapHost - ok
16:54:43.0387 1920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:54:43.0450 1920 ebdrv - ok
16:54:43.0543 1920 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:54:43.0559 1920 EFS - ok
16:54:43.0637 1920 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:54:43.0684 1920 ehRecvr - ok
16:54:43.0715 1920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:54:43.0746 1920 ehSched - ok
16:54:43.0824 1920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:54:43.0855 1920 elxstor - ok
16:54:43.0949 1920 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
16:54:43.0980 1920 EpsonBidirectionalService - ok
16:54:44.0074 1920 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
16:54:44.0074 1920 EPSON_EB_RPCV4_04 - ok
16:54:44.0136 1920 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
16:54:44.0136 1920 EPSON_PM_RPCV4_04 - ok
16:54:44.0167 1920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:54:44.0183 1920 ErrDev - ok
16:54:44.0245 1920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:54:44.0261 1920 EventSystem - ok
16:54:44.0323 1920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:54:44.0339 1920 exfat - ok
16:54:44.0354 1920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:54:44.0370 1920 fastfat - ok
16:54:44.0464 1920 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:54:44.0479 1920 Fax - ok
16:54:44.0495 1920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:54:44.0510 1920 fdc - ok
16:54:44.0526 1920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:54:44.0542 1920 fdPHost - ok
16:54:44.0542 1920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:54:44.0573 1920 FDResPub - ok
16:54:44.0588 1920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:54:44.0604 1920 FileInfo - ok
16:54:44.0604 1920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:54:44.0620 1920 Filetrace - ok
16:54:44.0635 1920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:54:44.0651 1920 flpydisk - ok
16:54:44.0698 1920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:54:44.0713 1920 FltMgr - ok
16:54:44.0854 1920 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:54:44.0885 1920 FontCache - ok
16:54:44.0963 1920 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:54:44.0994 1920 FontCache3.0.0.0 - ok
16:54:45.0041 1920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:54:45.0056 1920 FsDepends - ok
16:54:45.0103 1920 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:54:45.0119 1920 Fs_Rec - ok
16:54:45.0166 1920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:54:45.0166 1920 fvevol - ok
16:54:45.0212 1920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:54:45.0212 1920 gagp30kx - ok
16:54:45.0306 1920 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
16:54:45.0337 1920 GameConsoleService - ok
16:54:45.0368 1920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:54:45.0384 1920 GEARAspiWDM - ok
16:54:45.0478 1920 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:54:45.0509 1920 gpsvc - ok
16:54:45.0571 1920 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:54:45.0602 1920 gusvc - ok
16:54:45.0680 1920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:54:45.0680 1920 hcw85cir - ok
16:54:45.0774 1920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:54:45.0774 1920 HDAudBus - ok
16:54:45.0805 1920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:54:45.0805 1920 HidBatt - ok
16:54:45.0836 1920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:54:45.0852 1920 HidBth - ok
16:54:45.0868 1920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:54:45.0883 1920 HidIr - ok
16:54:45.0914 1920 hidkmdf (ac0e56c858b86732420a44827b7ce2c9) C:\Windows\system32\DRIVERS\hidkmdf.sys
16:54:45.0930 1920 hidkmdf - ok
16:54:45.0946 1920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:54:45.0961 1920 hidserv - ok
16:54:45.0992 1920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:54:45.0992 1920 HidUsb - ok
16:54:46.0039 1920 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:54:46.0086 1920 hkmsvc - ok
16:54:46.0133 1920 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:54:46.0164 1920 HomeGroupListener - ok
16:54:46.0226 1920 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:54:46.0242 1920 HomeGroupProvider - ok
16:54:46.0320 1920 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:54:46.0351 1920 HP Support Assistant Service - ok
16:54:46.0429 1920 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:54:46.0460 1920 HPDrvMntSvc.exe - ok
16:54:46.0523 1920 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:54:46.0570 1920 hpqwmiex - ok
16:54:46.0632 1920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:54:46.0648 1920 HpSAMD - ok
16:54:46.0694 1920 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:54:46.0710 1920 HTCAND64 - ok
16:54:46.0835 1920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:54:46.0850 1920 HTTP - ok
16:54:46.0913 1920 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:54:46.0944 1920 hwdatacard - ok
16:54:46.0991 1920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:54:47.0006 1920 hwpolicy - ok
16:54:47.0022 1920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:54:47.0038 1920 i8042prt - ok
16:54:47.0100 1920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:54:47.0116 1920 iaStorV - ok
16:54:47.0256 1920 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:54:47.0365 1920 idsvc - ok
16:54:47.0412 1920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:54:47.0412 1920 iirsp - ok
16:54:47.0521 1920 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:54:47.0537 1920 IKEEXT - ok
16:54:47.0584 1920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:54:47.0599 1920 intelide - ok
16:54:47.0630 1920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:54:47.0646 1920 intelppm - ok
16:54:47.0708 1920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:54:47.0740 1920 IPBusEnum - ok
16:54:47.0818 1920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:54:47.0833 1920 IpFilterDriver - ok
16:54:47.0958 1920 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:54:48.0332 1920 iphlpsvc - ok
16:54:48.0364 1920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:54:48.0379 1920 IPMIDRV - ok
16:54:48.0410 1920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:54:48.0426 1920 IPNAT - ok
16:54:48.0535 1920 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:54:48.0551 1920 iPod Service - ok
16:54:48.0566 1920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:54:48.0566 1920 IRENUM - ok
16:54:48.0598 1920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:54:48.0598 1920 isapnp - ok
16:54:48.0629 1920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:54:48.0691 1920 iScsiPrt - ok
16:54:48.0707 1920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:54:48.0722 1920 kbdclass - ok
16:54:48.0754 1920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:54:48.0785 1920 kbdhid - ok
16:54:48.0863 1920 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:54:48.0863 1920 KeyIso - ok
16:54:48.0894 1920 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:54:48.0910 1920 KSecDD - ok
16:54:48.0941 1920 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:54:48.0941 1920 KSecPkg - ok
16:54:48.0972 1920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:54:48.0972 1920 ksthunk - ok
16:54:49.0019 1920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:54:49.0050 1920 KtmRm - ok
16:54:49.0097 1920 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:54:49.0112 1920 LanmanServer - ok
16:54:49.0175 1920 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:54:49.0190 1920 LanmanWorkstation - ok
16:54:49.0253 1920 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:54:49.0268 1920 LightScribeService - ok
16:54:49.0284 1920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:54:49.0300 1920 lltdio - ok
16:54:49.0346 1920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:54:49.0393 1920 lltdsvc - ok
16:54:49.0393 1920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:54:49.0409 1920 lmhosts - ok
16:54:49.0456 1920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:54:49.0471 1920 LSI_FC - ok
16:54:49.0502 1920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:54:49.0518 1920 LSI_SAS - ok
16:54:49.0549 1920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:54:49.0565 1920 LSI_SAS2 - ok
16:54:49.0580 1920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:54:49.0596 1920 LSI_SCSI - ok
16:54:49.0627 1920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:54:49.0643 1920 luafv - ok
16:54:49.0705 1920 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:54:49.0736 1920 mcdbus - ok
16:54:49.0846 1920 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:54:49.0877 1920 Mcx2Svc - ok
16:54:49.0924 1920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:54:49.0939 1920 megasas - ok
16:54:49.0986 1920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:54:50.0048 1920 MegaSR - ok
16:54:50.0111 1920 MEMSWEEP2 - ok
16:54:50.0220 1920 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:54:50.0236 1920 Microsoft Office Groove Audit Service - ok
16:54:50.0282 1920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:54:50.0282 1920 MMCSS - ok
16:54:50.0298 1920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:54:50.0314 1920 Modem - ok
16:54:50.0314 1920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:54:50.0329 1920 monitor - ok
16:54:50.0360 1920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:54:50.0376 1920 mouclass - ok
16:54:50.0407 1920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:54:50.0423 1920 mouhid - ok
16:54:50.0470 1920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:54:50.0485 1920 mountmgr - ok
16:54:50.0532 1920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:54:50.0548 1920 mpio - ok
16:54:50.0579 1920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:54:50.0579 1920 mpsdrv - ok
16:54:50.0704 1920 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:54:50.0719 1920 MpsSvc - ok
16:54:50.0750 1920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:54:50.0782 1920 MRxDAV - ok
16:54:50.0844 1920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:50.0844 1920 mrxsmb - ok
16:54:50.0906 1920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:50.0922 1920 mrxsmb10 - ok
16:54:50.0938 1920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:50.0953 1920 mrxsmb20 - ok
16:54:50.0969 1920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:54:50.0984 1920 msahci - ok
16:54:51.0000 1920 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:54:51.0031 1920 msdsm - ok
16:54:51.0062 1920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:54:51.0094 1920 MSDTC - ok
16:54:51.0109 1920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:54:51.0125 1920 Msfs - ok
16:54:51.0125 1920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:54:51.0140 1920 mshidkmdf - ok
16:54:51.0156 1920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:54:51.0172 1920 msisadrv - ok
16:54:51.0203 1920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:54:51.0250 1920 MSiSCSI - ok
16:54:51.0265 1920 msiserver - ok
16:54:51.0281 1920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:54:51.0296 1920 MSKSSRV - ok
16:54:51.0312 1920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:51.0328 1920 MSPCLOCK - ok
16:54:51.0343 1920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:54:51.0359 1920 MSPQM - ok
16:54:51.0437 1920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:54:51.0452 1920 MsRPC - ok
16:54:51.0499 1920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:54:51.0515 1920 mssmbios - ok
16:54:51.0562 1920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:54:51.0562 1920 MSTEE - ok
16:54:51.0593 1920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:54:51.0608 1920 MTConfig - ok
16:54:51.0608 1920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:54:51.0624 1920 Mup - ok
16:54:51.0686 1920 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:54:51.0702 1920 napagent - ok
16:54:51.0749 1920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:54:51.0764 1920 NativeWifiP - ok
16:54:51.0842 1920 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:54:51.0874 1920 NDIS - ok
16:54:51.0905 1920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:54:51.0920 1920 NdisCap - ok
16:54:51.0920 1920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:51.0936 1920 NdisTapi - ok
16:54:51.0983 1920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:51.0998 1920 Ndisuio - ok
16:54:52.0045 1920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:52.0061 1920 NdisWan - ok
16:54:52.0108 1920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:54:52.0123 1920 NDProxy - ok
16:54:52.0170 1920 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:54:52.0186 1920 Netaapl - ok
16:54:52.0217 1920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:54:52.0248 1920 NetBIOS - ok
16:54:52.0310 1920 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:54:52.0326 1920 NetBT - ok
16:54:52.0357 1920 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:54:52.0357 1920 Netlogon - ok
16:54:52.0420 1920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:54:52.0435 1920 Netman - ok
16:54:52.0466 1920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:54:52.0498 1920 netprofm - ok
16:54:52.0576 1920 netr28x (254af6df67eafa8c6e0aa0d316487673) C:\Windows\system32\DRIVERS\netr28x.sys
16:54:52.0607 1920 netr28x - ok
16:54:52.0700 1920 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:54:52.0778 1920 NetTcpPortSharing - ok
16:54:52.0825 1920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:54:52.0841 1920 nfrd960 - ok
16:54:52.0919 1920 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:54:52.0934 1920 NlaSvc - ok
16:54:52.0950 1920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:54:52.0950 1920 Npfs - ok
16:54:52.0966 1920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:54:52.0997 1920 nsi - ok
16:54:52.0997 1920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:54:53.0012 1920 nsiproxy - ok
16:54:53.0137 1920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:54:53.0168 1920 Ntfs - ok
16:54:53.0246 1920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:54:53.0262 1920 Null - ok
16:54:53.0356 1920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:54:53.0387 1920 nvraid - ok
16:54:53.0434 1920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:54:53.0449 1920 nvstor - ok
16:54:53.0496 1920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:54:53.0512 1920 nv_agp - ok
16:54:53.0543 1920 NW1950 (1490b742e560e337ac6d2f80ce9fe14b) C:\Windows\system32\DRIVERS\NW1950.sys
16:54:53.0543 1920 NW1950 - ok
16:54:53.0668 1920 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:54:53.0699 1920 odserv - ok
16:54:53.0746 1920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:54:53.0761 1920 ohci1394 - ok
16:54:53.0824 1920 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:54:53.0839 1920 ose - ok
16:54:53.0886 1920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:54:53.0933 1920 p2pimsvc - ok
16:54:53.0964 1920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:54:54.0011 1920 p2psvc - ok
16:54:54.0042 1920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:54:54.0042 1920 Parport - ok
16:54:54.0089 1920 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:54:54.0105 1920 partmgr - ok
16:54:54.0136 1920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:54:54.0151 1920 PcaSvc - ok
16:54:54.0183 1920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:54:54.0183 1920 pci - ok
16:54:54.0198 1920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:54:54.0214 1920 pciide - ok
16:54:54.0229 1920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:54:54.0245 1920 pcmcia - ok
16:54:54.0276 1920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:54:54.0276 1920 pcw - ok
16:54:54.0323 1920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:54:54.0339 1920 PEAUTH - ok
16:54:54.0495 1920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:54:54.0510 1920 PerfHost - ok
16:54:54.0713 1920 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:54:54.0744 1920 pla - ok
16:54:54.0807 1920 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:54:54.0822 1920 PlugPlay - ok
16:54:54.0853 1920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:54:54.0869 1920 PNRPAutoReg - ok
16:54:54.0885 1920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:54:54.0900 1920 PNRPsvc - ok
16:54:54.0947 1920 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:54:54.0994 1920 PolicyAgent - ok
16:54:55.0025 1920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:54:55.0056 1920 Power - ok
16:54:55.0150 1920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:54:55.0165 1920 PptpMiniport - ok
16:54:55.0197 1920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:54:55.0212 1920 Processor - ok
16:54:55.0228 1920 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:54:55.0259 1920 ProfSvc - ok
16:54:55.0290 1920 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:54:55.0290 1920 ProtectedStorage - ok
16:54:55.0353 1920 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:54:55.0368 1920 Psched - ok
16:54:55.0555 1920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:54:55.0633 1920 ql2300 - ok
16:54:55.0758 1920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:54:55.0789 1920 ql40xx - ok
16:54:55.0821 1920 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:54:55.0836 1920 QWAVE - ok
16:54:55.0867 1920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:54:55.0867 1920 QWAVEdrv - ok
16:54:55.0883 1920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:54:55.0883 1920 RasAcd - ok
16:54:55.0930 1920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:54:55.0945 1920 RasAgileVpn - ok
16:54:55.0961 1920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:54:56.0023 1920 RasAuto - ok
16:54:56.0070 1920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:56.0101 1920 Rasl2tp - ok
16:54:56.0164 1920 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:54:56.0179 1920 RasMan - ok
16:54:56.0195 1920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:56.0195 1920 RasPppoe - ok
16:54:56.0226 1920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:54:56.0242 1920 RasSstp - ok
16:54:56.0304 1920 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:54:56.0335 1920 rdbss - ok
16:54:56.0351 1920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:54:56.0367 1920 rdpbus - ok
16:54:56.0367 1920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:56.0382 1920 RDPCDD - ok
16:54:56.0413 1920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:54:56.0429 1920 RDPENCDD - ok
16:54:56.0445 1920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:54:56.0460 1920 RDPREFMP - ok
16:54:56.0663 1920 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:54:56.0663 1920 RDPWD - ok
16:54:56.0772 1920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:54:56.0788 1920 rdyboost - ok
16:54:56.0819 1920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:54:56.0897 1920 RemoteAccess - ok
16:54:56.0928 1920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:54:56.0944 1920 RemoteRegistry - ok
16:54:56.0959 1920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:54:56.0975 1920 RpcEptMapper - ok
16:54:56.0991 1920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:54:57.0006 1920 RpcLocator - ok
16:54:57.0069 1920 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:54:57.0069 1920 RpcSs - ok
16:54:57.0069 1920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:54:57.0084 1920 rspndr - ok
16:54:57.0131 1920 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:54:57.0147 1920 RTL8167 - ok
16:54:57.0178 1920 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:54:57.0178 1920 SamSs - ok
16:54:57.0240 1920 SASDIFSV - ok
16:54:57.0271 1920 SASKUTIL - ok
16:54:57.0381 1920 SAVAdminService (c77e73dbce16aa2fe51bbbb042d3303b) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:54:57.0381 1920 SAVAdminService - ok
16:54:57.0443 1920 SAVOnAccess (7f5c54e0634827a87032eedf95f63715) C:\Windows\system32\DRIVERS\savonaccess.sys
16:54:57.0474 1920 SAVOnAccess - ok
16:54:57.0521 1920 SAVService (def34501c7a84166678f80d6e8c7b6f5) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
16:54:57.0537 1920 SAVService - ok
16:54:57.0630 1920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:54:57.0646 1920 sbp2port - ok
16:54:57.0724 1920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:54:57.0771 1920 SCardSvr - ok
16:54:57.0817 1920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:54:57.0833 1920 scfilter - ok
16:54:57.0958 1920 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:54:57.0973 1920 Schedule - ok
16:54:58.0020 1920 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:54:58.0020 1920 SCPolicySvc - ok
16:54:58.0036 1920 sdcfilter (7e450d5b46ff8fe82dab822d3b48e3b3) C:\Windows\system32\DRIVERS\sdcfilter.sys
16:54:58.0051 1920 sdcfilter - ok
16:54:58.0067 1920 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:54:58.0083 1920 SDRSVC - ok
16:54:58.0114 1920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:54:58.0129 1920 secdrv - ok
16:54:58.0161 1920 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:54:58.0176 1920 seclogon - ok
16:54:58.0207 1920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:54:58.0207 1920 SENS - ok
16:54:58.0239 1920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:54:58.0254 1920 SensrSvc - ok
16:54:58.0285 1920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:54:58.0301 1920 Serenum - ok
16:54:58.0317 1920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:54:58.0317 1920 Serial - ok
16:54:58.0363 1920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:54:58.0379 1920 sermouse - ok
16:54:58.0473 1920 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:54:58.0519 1920 SessionEnv - ok
16:54:58.0535 1920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:54:58.0551 1920 sffdisk - ok
16:54:58.0613 1920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:54:58.0613 1920 sffp_mmc - ok
16:54:58.0629 1920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:54:58.0644 1920 sffp_sd - ok
16:54:58.0707 1920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:54:58.0707 1920 sfloppy - ok
16:54:58.0800 1920 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:54:59.0143 1920 SharedAccess - ok
16:54:59.0190 1920 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:54:59.0221 1920 ShellHWDetection - ok
16:54:59.0253 1920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:54:59.0268 1920 SiSRaid2 - ok
16:54:59.0299 1920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:54:59.0315 1920 SiSRaid4 - ok
16:54:59.0440 1920 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:54:59.0643 1920 SkypeUpdate - ok
16:54:59.0689 1920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:54:59.0705 1920 Smb - ok
16:54:59.0736 1920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:54:59.0752 1920 SNMPTRAP - ok
16:54:59.0845 1920 Sophos AutoUpdate Service (4bf422afa499bf0001332756aff0bcb1) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:54:59.0861 1920 Sophos AutoUpdate Service - ok
16:54:59.0892 1920 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
16:54:59.0908 1920 SophosBootDriver - ok
16:54:59.0908 1920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:54:59.0908 1920 spldr - ok
16:54:59.0986 1920 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:55:00.0048 1920 Spooler - ok
16:55:00.0282 1920 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:55:00.0501 1920 sppsvc - ok
16:55:00.0625 1920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:55:00.0672 1920 sppuinotify - ok
16:55:00.0781 1920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:55:00.0781 1920 srv - ok
16:55:00.0922 1920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:55:00.0937 1920 srv2 - ok
16:55:00.0984 1920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:01.0000 1920 srvnet - ok
16:55:01.0093 1920 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
16:55:01.0109 1920 ssadbus - ok
16:55:01.0171 1920 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:55:01.0187 1920 ssadmdfl - ok
16:55:01.0249 1920 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
16:55:01.0265 1920 ssadmdm - ok
16:55:01.0296 1920 ssadserd (aabc1907cac4e2c99d849deaa5e77c9b) C:\Windows\system32\DRIVERS\ssadserd.sys
16:55:01.0327 1920 ssadserd - ok
16:55:01.0359 1920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:55:01.0374 1920 SSDPSRV - ok
16:55:01.0390 1920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:55:01.0405 1920 SstpSvc - ok
16:55:01.0421 1920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:01.0437 1920 stexstor - ok
16:55:01.0515 1920 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:55:01.0530 1920 stisvc - ok
16:55:01.0546 1920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:55:01.0561 1920 swenum - ok
16:55:01.0905 1920 swi_service (4f4c3efceeda23d2261c255430842d22) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:55:02.0107 1920 swi_service - ok
16:55:02.0217 1920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:55:02.0357 1920 swprv - ok
16:55:02.0497 1920 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:55:02.0560 1920 SysMain - ok
16:55:02.0669 1920 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:55:02.0731 1920 TabletInputService - ok
16:55:02.0794 1920 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:55:02.0809 1920 TapiSrv - ok
16:55:02.0841 1920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:55:02.0872 1920 TBS - ok
16:55:03.0199 1920 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:55:03.0231 1920 Tcpip - ok
16:55:03.0387 1920 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:03.0402 1920 TCPIP6 - ok
16:55:03.0480 1920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:55:03.0480 1920 tcpipreg - ok
16:55:03.0511 1920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:55:03.0527 1920 TDPIPE - ok
16:55:03.0558 1920 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:55:03.0574 1920 TDTCP - ok
16:55:03.0621 1920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:55:03.0636 1920 tdx - ok
16:55:03.0667 1920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:55:03.0683 1920 TermDD - ok
16:55:03.0730 1920 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:55:03.0761 1920 TermService - ok
16:55:03.0823 1920 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
16:55:03.0839 1920 TFsExDisk - ok
16:55:03.0870 1920 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:55:03.0901 1920 Themes - ok
16:55:03.0933 1920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:55:03.0933 1920 THREADORDER - ok
16:55:03.0979 1920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:55:03.0995 1920 TrkWks - ok
16:55:04.0135 1920 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:55:04.0151 1920 TrustedInstaller - ok
16:55:04.0213 1920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:04.0229 1920 tssecsrv - ok
16:55:04.0323 1920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:55:04.0338 1920 TsUsbFlt - ok
16:55:04.0416 1920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:04.0432 1920 tunnel - ok
16:55:04.0494 1920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:04.0510 1920 uagp35 - ok
16:55:04.0572 1920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:55:04.0588 1920 udfs - ok
16:55:04.0619 1920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:55:04.0635 1920 UI0Detect - ok
16:55:04.0697 1920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:55:04.0713 1920 uliagpkx - ok
16:55:04.0744 1920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:55:04.0759 1920 umbus - ok
16:55:04.0806 1920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:55:04.0822 1920 UmPass - ok
16:55:04.0853 1920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:55:04.0931 1920 upnphost - ok
16:55:04.0993 1920 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:55:05.0009 1920 USBAAPL64 - ok
16:55:05.0040 1920 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:05.0056 1920 usbccgp - ok
16:55:05.0134 1920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:55:05.0149 1920 usbcir - ok
16:55:05.0165 1920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:05.0181 1920 usbehci - ok
16:55:05.0196 1920 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
16:55:05.0212 1920 usbfilter - ok
16:55:05.0290 1920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:05.0305 1920 usbhub - ok
16:55:05.0337 1920 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:55:05.0352 1920 usbohci - ok
16:55:05.0383 1920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:05.0399 1920 usbprint - ok
16:55:05.0430 1920 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:55:05.0446 1920 usbscan - ok
16:55:05.0477 1920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:05.0493 1920 USBSTOR - ok
16:55:05.0508 1920 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:05.0508 1920 usbuhci - ok
16:55:05.0539 1920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:55:05.0555 1920 usbvideo - ok
16:55:05.0586 1920 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:55:05.0602 1920 usb_rndisx - ok
16:55:05.0617 1920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:55:05.0617 1920 UxSms - ok
16:55:05.0664 1920 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:55:05.0664 1920 VaultSvc - ok
16:55:05.0711 1920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:55:05.0727 1920 vdrvroot - ok
16:55:05.0805 1920 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:55:05.0836 1920 vds - ok
16:55:05.0851 1920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:05.0867 1920 vga - ok
16:55:05.0883 1920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:55:05.0883 1920 VgaSave - ok
16:55:05.0914 1920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:55:05.0929 1920 vhdmp - ok
16:55:05.0945 1920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:55:05.0961 1920 viaide - ok
16:55:05.0992 1920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:55:06.0007 1920 volmgr - ok
16:55:06.0085 1920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:55:06.0101 1920 volmgrx - ok
16:55:06.0226 1920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:55:06.0241 1920 volsnap - ok
16:55:06.0304 1920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:06.0351 1920 vsmraid - ok
16:55:06.0507 1920 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:55:06.0553 1920 VSS - ok
16:55:06.0663 1920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:55:06.0678 1920 vwifibus - ok
16:55:06.0678 1920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:55:06.0694 1920 vwififlt - ok
16:55:06.0725 1920 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:55:06.0741 1920 vwifimp - ok
16:55:06.0787 1920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:55:06.0819 1920 W32Time - ok
16:55:06.0834 1920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:06.0850 1920 WacomPen - ok
16:55:06.0912 1920 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:06.0928 1920 WANARP - ok
16:55:06.0943 1920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:06.0943 1920 Wanarpv6 - ok
16:55:07.0068 1920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:55:07.0287 1920 WatAdminSvc - ok
16:55:07.0411 1920 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:55:07.0443 1920 wbengine - ok
16:55:07.0536 1920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:55:07.0552 1920 WbioSrvc - ok
16:55:07.0614 1920 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:55:07.0630 1920 wcncsvc - ok
16:55:07.0645 1920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:55:07.0661 1920 WcsPlugInService - ok
16:55:07.0708 1920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:55:07.0723 1920 Wd - ok
16:55:07.0786 1920 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:55:07.0801 1920 WDC_SAM - ok
16:55:07.0957 1920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:55:07.0973 1920 Wdf01000 - ok
16:55:08.0004 1920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:08.0020 1920 WdiServiceHost - ok
16:55:08.0020 1920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:55:08.0020 1920 WdiSystemHost - ok
16:55:08.0098 1920 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:55:08.0160 1920 WebClient - ok
16:55:08.0207 1920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:55:08.0285 1920 Wecsvc - ok
16:55:08.0285 1920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:55:08.0301 1920 wercplsupport - ok
16:55:08.0316 1920 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:55:08.0347 1920 WerSvc - ok
16:55:08.0379 1920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:08.0394 1920 WfpLwf - ok
16:55:08.0394 1920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:55:08.0410 1920 WIMMount - ok
16:55:08.0441 1920 WinDefend - ok
16:55:08.0441 1920 WinHttpAutoProxySvc - ok
16:55:08.0503 1920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:55:08.0519 1920 Winmgmt - ok
16:55:08.0675 1920 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:55:08.0753 1920 WinRM - ok
16:55:08.0940 1920 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:55:08.0956 1920 WinUsb - ok
16:55:09.0065 1920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:55:09.0081 1920 Wlansvc - ok
16:55:09.0096 1920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:55:09.0112 1920 WmiAcpi - ok
16:55:09.0127 1920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:55:09.0159 1920 wmiApSrv - ok
16:55:09.0190 1920 WMPNetworkSvc - ok
16:55:09.0221 1920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:55:09.0237 1920 WPCSvc - ok
16:55:09.0299 1920 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:55:09.0315 1920 WPDBusEnum - ok
16:55:09.0330 1920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:09.0346 1920 ws2ifsl - ok
16:55:09.0361 1920 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:55:09.0393 1920 wscsvc - ok
16:55:09.0393 1920 WSearch - ok
16:55:09.0564 1920 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:55:09.0595 1920 wuauserv - ok
16:55:09.0767 1920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:55:09.0783 1920 WudfPf - ok
16:55:09.0829 1920 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:09.0845 1920 WUDFRd - ok
16:55:09.0907 1920 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:55:09.0923 1920 wudfsvc - ok
16:55:09.0985 1920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:55:10.0095 1920 WwanSvc - ok
16:55:10.0157 1920 MBR (0x1B8) (8cddf14380e76f6be19537f89edd345c) \Device\Harddisk0\DR0
16:55:10.0391 1920 \Device\Harddisk0\DR0 - ok
16:55:10.0391 1920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
16:55:10.0391 1920 \Device\Harddisk2\DR2 - ok
16:55:10.0407 1920 Boot (0x1200) (e3b2e092c76f4a0cc550a829c3d12965) \Device\Harddisk0\DR0\Partition0
16:55:10.0407 1920 \Device\Harddisk0\DR0\Partition0 - ok
16:55:10.0407 1920 Boot (0x1200) (102703685169abcaa46d6e0137a9d2b9) \Device\Harddisk0\DR0\Partition1
16:55:10.0407 1920 \Device\Harddisk0\DR0\Partition1 - ok
16:55:10.0453 1920 Boot (0x1200) (5f55a1c43512b1ed8b7d719d50c887e6) \Device\Harddisk0\DR0\Partition2
16:55:10.0453 1920 \Device\Harddisk0\DR0\Partition2 - ok
16:55:10.0453 1920 Boot (0x1200) (27d4fd525ebcb1ffd0e57a327f6ea579) \Device\Harddisk2\DR2\Partition0
16:55:10.0453 1920 \Device\Harddisk2\DR2\Partition0 - ok
16:55:10.0453 1920 ============================================================
16:55:10.0453 1920 Scan finished
16:55:10.0453 1920 ============================================================
16:55:10.0469 3832 Detected object count: 0
16:55:10.0469 3832 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 16:57:09
-----------------------------
16:57:09.396 OS Version: Windows x64 6.1.7601 Service Pack 1
16:57:09.396 Number of processors: 2 586 0x602
16:57:09.396 ComputerName: HOME UserName: HP
16:57:11.299 Initialize success
16:58:22.815 AVAST engine defs: 12061501
16:58:34.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
16:58:34.156 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
16:58:34.172 Disk 0 MBR read successfully
16:58:34.172 Disk 0 MBR scan
16:58:34.188 Disk 0 unknown MBR code
16:58:34.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:58:34.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597309 MB offset 206848
16:58:34.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13069 MB offset 1223495680
16:58:34.297 Disk 0 scanning C:\Windows\system32\drivers
16:58:51.504 Service scanning
16:59:19.103 Modules scanning
16:59:19.103 Disk 0 trace - called modules:
16:59:19.119 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:59:19.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003d613c0]
16:59:19.634 3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80036ec040]
16:59:19.634 5 amdxata.sys[fffff88000e647a8] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8003d4b3a0]
16:59:21.506 AVAST engine scan C:\Windows
16:59:29.243 AVAST engine scan C:\Windows\system32
17:08:26.211 AVAST engine scan C:\Windows\system32\drivers
17:08:48.691 AVAST engine scan C:\Users\HP
17:21:01.176 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
17:21:01.176 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 16:57:09
-----------------------------
16:57:09.396 OS Version: Windows x64 6.1.7601 Service Pack 1
16:57:09.396 Number of processors: 2 586 0x602
16:57:09.396 ComputerName: HOME UserName: HP
16:57:11.299 Initialize success
16:58:22.815 AVAST engine defs: 12061501
16:58:34.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
16:58:34.156 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
16:58:34.172 Disk 0 MBR read successfully
16:58:34.172 Disk 0 MBR scan
16:58:34.188 Disk 0 unknown MBR code
16:58:34.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:58:34.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597309 MB offset 206848
16:58:34.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13069 MB offset 1223495680
16:58:34.297 Disk 0 scanning C:\Windows\system32\drivers
16:58:51.504 Service scanning
16:59:19.103 Modules scanning
16:59:19.103 Disk 0 trace - called modules:
16:59:19.119 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:59:19.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003d613c0]
16:59:19.634 3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80036ec040]
16:59:19.634 5 amdxata.sys[fffff88000e647a8] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8003d4b3a0]
16:59:21.506 AVAST engine scan C:\Windows
16:59:29.243 AVAST engine scan C:\Windows\system32
17:08:26.211 AVAST engine scan C:\Windows\system32\drivers
17:08:48.691 AVAST engine scan C:\Users\HP
17:21:01.176 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
17:21:01.176 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"
17:22:46.678 AVAST engine scan C:\ProgramData
17:25:48.978 Scan finished successfully
17:26:14.488 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
17:26:14.504 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 16 June 2012 - 02:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 June 2012 - 03:49 AM

So have we actually found anything which needs to be removed or any infections or malware? Or does everything appear to be OK and was Malwarebytes just clashing with Windows and nothing sinister?? What can I run occasionally to complement Sophos Antivirus and Windows Defender if not Malwarebytes?

Here is the log, thanks so much for your help and such quick replies so far!!!!!




ComboFix 12-06-15.06 - HP 16/06/2012 17:50:04.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3839.2445 [GMT 10:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
Command switches used :: c:\users\HP\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 08:03 . 2012-06-16 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 02:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{517A1C50-9B01-45D7-8EFF-9FF73912462A}\mpengine.dll
2012-06-13 09:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 09:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 09:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 09:29 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 09:29 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 09:29 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 09:29 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 09:29 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 03:56 . 2012-06-09 04:49 -------- d-----w- c:\users\HP\AppData\Local\Facebook
2012-06-02 02:13 . 2012-06-02 02:13 -------- d-----w- c:\program files (x86)\EaseUS
2012-06-02 02:06 . 2012-06-02 02:10 -------- d-----w- c:\users\HP\AppData\Roaming\GetRightToGo
2012-06-02 02:01 . 2012-06-02 04:06 -------- d-----w- c:\users\HP\Programs
2012-06-02 02:00 . 2012-06-02 06:01 -------- d-----w- c:\program files (x86)\Convar
2012-05-26 06:50 . 2012-05-26 06:50 -------- d-----w- C:\Sophos
2012-05-26 06:49 . 2012-05-26 06:49 -------- d-----w- C:\scss_10
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-26 04:05 . 2012-05-26 04:05 73728 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-24 14:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 15:58 . 2011-05-24 02:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-09 15:44 . 2011-05-22 11:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-07 13:31 . 2011-05-25 00:53 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-05 06:49 . 2012-04-07 06:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 06:49 . 2011-10-17 04:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 06:49 . 2012-04-14 10:13 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 20:14 . 2012-04-22 20:14 4376576 ----a-w- c:\windows\system32\ffdshow.ax
2012-04-22 20:14 . 2012-04-22 20:14 3515392 ----a-w- c:\windows\SysWow64\ffdshow.ax
2012-04-22 20:14 . 2012-04-22 20:14 4489728 ----a-w- c:\windows\system32\ffmpeg.dll
2012-04-22 20:12 . 2012-04-22 20:12 4424704 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2012-04-08 23:47 . 2012-04-08 23:47 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2012-04-08 23:47 . 2012-04-08 23:47 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-08 23:46 . 2012-04-08 23:46 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-04-08 23:45 . 2012-04-08 23:45 183808 ----a-w- c:\windows\system32\ff_unrar.dll
2012-04-08 23:45 . 2012-04-08 23:45 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2012-04-08 23:45 . 2012-04-08 23:45 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-04-08 23:45 . 2012-04-08 23:45 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
2012-04-08 23:45 . 2012-04-08 23:45 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2012-04-08 23:45 . 2012-04-08 23:45 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-04-08 23:45 . 2012-04-08 23:45 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2012-04-08 23:40 . 2012-04-08 23:40 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-04-08 23:39 . 2012-04-08 23:39 260608 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2012-04-08 23:39 . 2012-04-08 23:39 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2012-04-08 23:39 . 2012-04-08 23:39 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2012-04-08 23:39 . 2012-04-08 23:39 1525248 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2012-04-08 23:39 . 2012-04-08 23:39 146944 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2012-04-08 23:39 . 2012-04-08 23:39 212480 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2012-04-08 23:39 . 2012-04-08 23:39 115200 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2012-04-08 23:39 . 2012-04-08 23:39 328704 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2012-04-06 12:18 . 2011-05-22 11:00 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-30 11:35 . 2012-05-12 02:08 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:23 . 2012-03-29 14:23 775168 ----a-w- c:\windows\system32\LAVVideo.ax
2012-03-29 14:23 . 2012-03-29 14:23 555520 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-03-29 14:23 . 2012-03-29 14:23 248832 ----a-w- c:\windows\system32\LAVAudio.ax
2012-03-29 14:23 . 2012-03-29 14:23 202240 ----a-w- c:\windows\system32\libbluray.dll
2012-03-29 14:23 . 2012-03-29 14:23 6757091 ----a-w- c:\windows\system32\avcodec-lav-54.dll
2012-03-29 14:23 . 2012-03-29 14:23 399620 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-03-29 14:23 . 2012-03-29 14:23 214711 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-03-29 14:23 . 2012-03-29 14:23 133299 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-03-29 14:23 . 2012-03-29 14:23 1167294 ----a-w- c:\windows\system32\avformat-lav-54.dll
2012-03-29 14:21 . 2012-03-29 14:21 606720 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2012-03-29 14:21 . 2012-03-29 14:21 462848 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2012-03-29 14:21 . 2012-03-29 14:21 217600 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2012-03-29 14:21 . 2012-03-29 14:21 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
2012-03-29 14:21 . 2012-03-29 14:21 6582226 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll
2012-03-29 14:21 . 2012-03-29 14:21 374152 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 207872 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
2012-03-29 14:21 . 2012-03-29 14:21 144523 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
2012-03-29 14:21 . 2012-03-29 14:21 1152365 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll
2012-03-27 15:08 . 2012-03-27 15:08 267264 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2012-03-27 15:08 . 2012-03-27 15:08 348160 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-18 23:12 . 2011-02-09 02:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-16_06.16.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-18 10:28 . 2012-06-16 08:08 63366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-16 08:08 44066 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-25 23:52 . 2012-06-16 08:08 12142 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933584255-3187479308-1190884965-1000_UserData.bin
- 2010-06-25 02:26 . 2012-06-16 05:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-25 02:26 . 2012-06-16 07:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-19 06:25 . 2012-06-16 07:44 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-19 06:25 . 2012-06-16 05:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 07:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-16 05:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-16 08:05 . 2012-06-16 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-16 06:14 . 2012-06-16 06:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-16 08:05 . 2012-06-16 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-16 06:14 . 2012-06-16 06:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-16 06:12 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-16 08:04 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-30 04:24 . 2012-06-16 07:37 2408137 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933584255-3187479308-1190884965-1000-12288.dat
- 2011-05-30 04:24 . 2012-06-16 06:12 2408137 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933584255-3187479308-1190884965-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-09 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-02 976320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-03-14 494616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MBCameraMonitor.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-5-7 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\users\HP\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\HP\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E052.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-12-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-10 22072]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 119632]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-17 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-14 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-17 1543704]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:49]
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000Core.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 04:48]
.
2012-06-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000UA.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 04:48]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 12:01]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933584255-3187479308-1190884965-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 12:01]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:45]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 10.1.1.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E052.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-16 18:24:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 08:24
ComboFix2.txt 2012-06-16 06:21
.
Pre-Run: 362,889,216,000 bytes free
Post-Run: 362,707,742,720 bytes free
.
- - End Of File - - 6D5212B695863D68E06086185093CE8E

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 16 June 2012 - 12:30 PM

Greetings


I don't know why MBAM did what it did but lets try to reinstall it ant this time


run this first to remove anything left over from MBAM - http://www.malwarebytes.org/mbam-clean.exe



:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar
BitTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 16 June 2012 - 10:39 PM

OK here we go, getting there almost done........ :-)

The MBAM removal tool seemed to clear out whatever conflict was happening.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: HOME [administrator]

17/06/2012 12:55:42 PM
mbam-log-2012-06-17 (12-55-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218384
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:38:50 PM, on 17/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Global Startup: MBCameraMonitor.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14008 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 16 June 2012 - 10:50 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Global Startup: MBCameraMonitor.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 17 June 2012 - 08:25 PM

The ESET scanner took a while.



I:\Chris' Old Laptop\Downloads\cnet_undodelete_exe.exe a variant of Win32/InstallCore.D application
I:\HOME\Backup Set 2012-04-22 060024\Backup Files 2012-05-06 060002\Backup files 3.zip probably a variant of Win32/Toolbar.Widgi application


Are these anything sinister? The I: is my external harddrive with backup of C: on it, also some files from an old laptop

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 17 June 2012 - 08:31 PM

Greetings


nothing to worry about there


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.


:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 SWH85

SWH85
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 17 June 2012 - 08:56 PM

All done and computer running well.

Thanks for your help

S

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 17 June 2012 - 08:57 PM

you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users