Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Update refusals/power off while scanning


  • This topic is locked This topic is locked
11 replies to this topic

#1 Tawnc

Tawnc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 19 June 2012 - 07:05 PM

Howdy folks, ok, to start with this is a win/vista/home premium machine that had a issue shutting down at random and then bios reverted to originals. After a tech decided that 1 mem stick was no good and setting the machine up as a 2 gig instead of the 4 gig it was we are trying to tackle this malware issue. After many many times trying I finaly have been able to update Superantispyware and Malwarebytes as well as Spybot S/D and Javacools Spywareblaster. I have run the Defogger and tried to run the DDS tool but something is not right there, I will enclose the log but it would not open as per the tutorial. I have ran Gmer and will post that log as well. This machine has about $5k worth of business software on it and some of it I cannot replace.(of course the hardware tech wanted to just reformat) The issues at this point is still random power offs, not shutdowns, as well as random security updates cause the same or get denied due to various reasons. Right now all scans say it is clear but I'm not sure I trust that.

Edit the DDS file was too large to post at any rate it opened a text file that basically was saying it was not able to run in DOS. I had downloaded to desktop and the icon looked nothing like what is was shown in the tutorial, again I'm not sure I did it correctly but I believe so and this is typical of any downloads or updates that pop issues.

Anyways thanks for the help and I will be waiting patiently.

Attached Files

  • Attached File  ark.txt   32.28KB   2 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 23 June 2012 - 09:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with this.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

p.s.
Please let me know what operating system you have on this computer.

#3 Tawnc

Tawnc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 23 June 2012 - 11:33 AM

This is a win/vista/home premium/32 bit. The TDDS download and then the startup of that program both produced an immediate poweroff. Many thanks for your time.
12:12:53.0917 2632 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:12:54.0278 2632 ============================================================
12:12:54.0278 2632 Current date / time: 2012/06/23 12:12:54.0278
12:12:54.0278 2632 SystemInfo:
12:12:54.0278 2632
12:12:54.0278 2632 OS Version: 6.0.6002 ServicePack: 2.0
12:12:54.0278 2632 Product type: Workstation
12:12:54.0278 2632 ComputerName: JANICEW
12:12:54.0278 2632 UserName: Patrick
12:12:54.0278 2632 Windows directory: C:\Windows
12:12:54.0278 2632 System windows directory: C:\Windows
12:12:54.0278 2632 Processor architecture: Intel x86
12:12:54.0278 2632 Number of processors: 4
12:12:54.0278 2632 Page size: 0x1000
12:12:54.0278 2632 Boot type: Normal boot
12:12:54.0278 2632 ============================================================
12:12:55.0354 2632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:12:55.0370 2632 ============================================================
12:12:55.0370 2632 \Device\Harddisk0\DR0:
12:12:55.0370 2632 MBR partitions:
12:12:55.0370 2632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:12:55.0370 2632 ============================================================
12:12:55.0385 2632 C: <-> \Device\Harddisk0\DR0\Partition0
12:12:55.0385 2632 ============================================================
12:12:55.0385 2632 Initialize success
12:12:55.0385 2632 ============================================================
12:12:59.0550 3540 ============================================================
12:12:59.0550 3540 Scan started
12:12:59.0550 3540 Mode: Manual;
12:12:59.0550 3540 ============================================================
12:13:01.0890 3540 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:13:02.0967 3540 !SASCORE - ok
12:13:03.0450 3540 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
12:13:03.0466 3540 aawservice - ok
12:13:03.0825 3540 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:13:03.0825 3540 ACPI - ok
12:13:03.0950 3540 AcrSch2Svc (c0c8248730ebb49bd8df2b0981fca312) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
12:13:03.0981 3540 AcrSch2Svc - ok
12:13:04.0012 3540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:13:04.0012 3540 AdobeARMservice - ok
12:13:04.0652 3540 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:13:04.0683 3540 AdobeFlashPlayerUpdateSvc - ok
12:13:05.0603 3540 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:13:05.0634 3540 adp94xx - ok
12:13:05.0666 3540 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:13:05.0681 3540 adpahci - ok
12:13:05.0697 3540 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:13:05.0712 3540 adpu160m - ok
12:13:05.0728 3540 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:13:05.0744 3540 adpu320 - ok
12:13:05.0759 3540 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:13:05.0759 3540 AeLookupSvc - ok
12:13:05.0790 3540 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:13:05.0806 3540 AFD - ok
12:13:05.0806 3540 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:13:05.0822 3540 agp440 - ok
12:13:05.0822 3540 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:13:05.0837 3540 aic78xx - ok
12:13:08.0583 3540 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
12:13:08.0598 3540 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
12:13:08.0598 3540 Akamai ( HiddenFile.Multi.Generic ) - warning
12:13:08.0598 3540 Akamai - detected HiddenFile.Multi.Generic (1)
12:13:09.0238 3540 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:13:09.0238 3540 ALG - ok
12:13:09.0300 3540 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:13:09.0300 3540 aliide - ok
12:13:09.0410 3540 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:13:09.0425 3540 amdagp - ok
12:13:09.0441 3540 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:13:09.0441 3540 amdide - ok
12:13:09.0503 3540 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:13:09.0503 3540 AmdK7 - ok
12:13:09.0566 3540 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:13:09.0566 3540 AmdK8 - ok
12:13:09.0597 3540 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:13:09.0597 3540 Appinfo - ok
12:13:09.0659 3540 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:13:09.0675 3540 arc - ok
12:13:09.0690 3540 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:13:09.0690 3540 arcsas - ok
12:13:09.0846 3540 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:13:09.0846 3540 aspnet_state - ok
12:13:09.0893 3540 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:09.0893 3540 AsyncMac - ok
12:13:09.0924 3540 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:13:09.0924 3540 atapi - ok
12:13:10.0611 3540 atashost (e86a4325824fa08f9200d57b9bcac4b8) C:\Windows\system32\atashost.exe
12:13:10.0611 3540 atashost - ok
12:13:11.0734 3540 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:13:11.0750 3540 AudioEndpointBuilder - ok
12:13:11.0750 3540 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:13:11.0750 3540 Audiosrv - ok
12:13:11.0781 3540 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:13:11.0781 3540 Beep - ok
12:13:12.0436 3540 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:13:12.0545 3540 BFE - ok
12:13:13.0793 3540 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:13:13.0809 3540 BITS - ok
12:13:13.0824 3540 blbdrive - ok
12:13:13.0856 3540 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:13:13.0856 3540 bowser - ok
12:13:13.0887 3540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:13:13.0887 3540 BrFiltLo - ok
12:13:13.0887 3540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:13:13.0887 3540 BrFiltUp - ok
12:13:13.0918 3540 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:13:13.0918 3540 Browser - ok
12:13:13.0980 3540 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\Windows\system32\DRIVERS\BrSerIb.sys
12:13:13.0980 3540 BrSerIb - ok
12:13:13.0996 3540 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:13:13.0996 3540 Brserid - ok
12:13:13.0996 3540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:13:14.0012 3540 BrSerWdm - ok
12:13:14.0012 3540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:13:14.0012 3540 BrUsbMdm - ok
12:13:14.0027 3540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:13:14.0027 3540 BrUsbSer - ok
12:13:14.0027 3540 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
12:13:14.0027 3540 BrUsbSIb - ok
12:13:14.0043 3540 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:13:14.0043 3540 BTHMODEM - ok
12:13:14.0074 3540 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:14.0074 3540 cdfs - ok
12:13:14.0105 3540 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:13:14.0105 3540 cdrom - ok
12:13:15.0026 3540 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:13:15.0041 3540 CertPropSvc - ok
12:13:15.0088 3540 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:13:15.0088 3540 circlass - ok
12:13:15.0135 3540 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:13:15.0135 3540 CLFS - ok
12:13:15.0806 3540 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:15.0821 3540 clr_optimization_v2.0.50727_32 - ok
12:13:15.0884 3540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:15.0993 3540 clr_optimization_v4.0.30319_32 - ok
12:13:16.0008 3540 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:13:16.0008 3540 cmdide - ok
12:13:16.0008 3540 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:13:16.0008 3540 Compbatt - ok
12:13:16.0008 3540 COMSysApp - ok
12:13:16.0024 3540 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:13:16.0024 3540 crcdisk - ok
12:13:16.0040 3540 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:13:16.0040 3540 Crusoe - ok
12:13:16.0071 3540 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:13:16.0086 3540 CryptSvc - ok
12:13:16.0820 3540 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:13:16.0866 3540 DcomLaunch - ok
12:13:17.0085 3540 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:13:17.0085 3540 DfsC - ok
12:13:17.0631 3540 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:13:17.0693 3540 DFSR - ok
12:13:18.0239 3540 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:13:18.0255 3540 Dhcp - ok
12:13:18.0473 3540 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:13:18.0473 3540 disk - ok
12:13:18.0629 3540 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:13:18.0645 3540 Dnscache - ok
12:13:18.0692 3540 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:13:18.0692 3540 dot3svc - ok
12:13:18.0926 3540 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:13:18.0972 3540 dot4 - ok
12:13:19.0050 3540 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:13:19.0066 3540 Dot4Print - ok
12:13:19.0144 3540 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:13:19.0144 3540 Dot4Scan - ok
12:13:19.0222 3540 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:13:19.0238 3540 dot4usb - ok
12:13:19.0503 3540 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:13:19.0534 3540 DPS - ok
12:13:20.0174 3540 DragonSvc (dc43f2715153541ebab2a702aff1611a) C:\Program Files\Common Files\Nuance\dgnsvc.exe
12:13:20.0236 3540 DragonSvc - ok
12:13:20.0283 3540 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:13:20.0283 3540 drmkaud - ok
12:13:20.0517 3540 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:20.0517 3540 DXGKrnl - ok
12:13:20.0751 3540 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:13:20.0751 3540 E1G60 - ok
12:13:20.0782 3540 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:13:20.0798 3540 EapHost - ok
12:13:20.0938 3540 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:13:20.0938 3540 Ecache - ok
12:13:21.0125 3540 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:13:21.0141 3540 ehRecvr - ok
12:13:21.0172 3540 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:13:21.0188 3540 ehSched - ok
12:13:21.0188 3540 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:13:21.0188 3540 ehstart - ok
12:13:21.0281 3540 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:13:21.0312 3540 elxstor - ok
12:13:21.0515 3540 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:13:21.0671 3540 EMDMgmt - ok
12:13:21.0765 3540 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
12:13:21.0827 3540 ENTECH - ok
12:13:22.0186 3540 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:13:22.0233 3540 EventSystem - ok
12:13:22.0404 3540 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:13:22.0404 3540 exfat - ok
12:13:22.0467 3540 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:13:22.0482 3540 fastfat - ok
12:13:22.0576 3540 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:13:22.0623 3540 fdc - ok
12:13:22.0701 3540 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:13:22.0701 3540 fdPHost - ok
12:13:22.0732 3540 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:13:22.0748 3540 FDResPub - ok
12:13:22.0950 3540 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:13:22.0966 3540 FileInfo - ok
12:13:22.0997 3540 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:13:22.0997 3540 Filetrace - ok
12:13:23.0309 3540 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:13:23.0481 3540 FLEXnet Licensing Service - ok
12:13:23.0543 3540 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:23.0543 3540 flpydisk - ok
12:13:23.0637 3540 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:13:23.0684 3540 FltMgr - ok
12:13:24.0573 3540 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:13:24.0760 3540 FontCache - ok
12:13:24.0822 3540 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:24.0822 3540 FontCache3.0.0.0 - ok
12:13:24.0869 3540 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
12:13:24.0869 3540 fssfltr - ok
12:13:25.0337 3540 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:13:25.0368 3540 fsssvc - ok
12:13:26.0039 3540 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:26.0039 3540 Fs_Rec - ok
12:13:26.0102 3540 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:13:26.0102 3540 gagp30kx - ok
12:13:26.0148 3540 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:13:26.0148 3540 GEARAspiWDM - ok
12:13:26.0195 3540 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
12:13:26.0195 3540 giveio - ok
12:13:26.0351 3540 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:13:26.0492 3540 gpsvc - ok
12:13:26.0679 3540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:26.0694 3540 gupdate - ok
12:13:26.0710 3540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:26.0710 3540 gupdatem - ok
12:13:26.0757 3540 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:13:26.0772 3540 gusvc - ok
12:13:26.0819 3540 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:13:26.0850 3540 HdAudAddService - ok
12:13:27.0038 3540 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:27.0053 3540 HDAudBus - ok
12:13:27.0069 3540 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:13:27.0069 3540 HidBth - ok
12:13:27.0084 3540 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:13:27.0084 3540 HidIr - ok
12:13:27.0116 3540 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:13:27.0131 3540 hidserv - ok
12:13:27.0147 3540 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:27.0162 3540 HidUsb - ok
12:13:27.0194 3540 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:13:27.0194 3540 hkmsvc - ok
12:13:27.0209 3540 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:13:27.0209 3540 HpCISSs - ok
12:13:27.0833 3540 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:13:27.0833 3540 hpqcxs08 - ok
12:13:27.0880 3540 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:13:27.0880 3540 HTCAND32 - ok
12:13:27.0942 3540 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
12:13:27.0942 3540 htcnprot - ok
12:13:28.0036 3540 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:13:28.0067 3540 HTTP - ok
12:13:28.0192 3540 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:13:28.0208 3540 i2omp - ok
12:13:28.0223 3540 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:28.0223 3540 i8042prt - ok
12:13:28.0254 3540 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:13:28.0254 3540 iaStorV - ok
12:13:28.0629 3540 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:13:28.0644 3540 IDriverT - ok
12:13:28.0972 3540 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:29.0003 3540 idsvc - ok
12:13:29.0019 3540 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:13:29.0019 3540 iirsp - ok
12:13:29.0502 3540 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:13:29.0627 3540 IKEEXT - ok
12:13:29.0658 3540 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
12:13:29.0674 3540 intelide - ok
12:13:29.0690 3540 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:29.0705 3540 intelppm - ok
12:13:29.0752 3540 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:13:29.0783 3540 IPBusEnum - ok
12:13:29.0830 3540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:29.0892 3540 IpFilterDriver - ok
12:13:30.0251 3540 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:13:30.0314 3540 iphlpsvc - ok
12:13:30.0329 3540 IpInIp - ok
12:13:30.0360 3540 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:13:30.0376 3540 IPMIDRV - ok
12:13:30.0516 3540 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:13:30.0516 3540 IPNAT - ok
12:13:30.0563 3540 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:13:30.0579 3540 IRENUM - ok
12:13:30.0844 3540 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:13:30.0844 3540 isapnp - ok
12:13:30.0922 3540 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:13:30.0922 3540 iScsiPrt - ok
12:13:30.0938 3540 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:13:30.0938 3540 iteatapi - ok
12:13:30.0953 3540 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:13:30.0953 3540 iteraid - ok
12:13:31.0000 3540 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:31.0000 3540 kbdclass - ok
12:13:31.0031 3540 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:31.0062 3540 kbdhid - ok
12:13:31.0172 3540 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:13:31.0172 3540 KeyIso - ok
12:13:31.0686 3540 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:13:31.0733 3540 KSecDD - ok
12:13:31.0796 3540 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:13:31.0889 3540 KtmRm - ok
12:13:32.0030 3540 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:13:32.0092 3540 LanmanServer - ok
12:13:32.0264 3540 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:13:32.0310 3540 LanmanWorkstation - ok
12:13:32.0513 3540 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:13:32.0544 3540 LBTServ - ok
12:13:32.0638 3540 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
12:13:32.0638 3540 LEqdUsb - ok
12:13:32.0700 3540 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
12:13:32.0700 3540 LHidEqd - ok
12:13:32.0794 3540 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:13:32.0794 3540 LHidFilt - ok
12:13:32.0903 3540 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:13:32.0934 3540 lltdio - ok
12:13:33.0059 3540 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:13:33.0075 3540 lltdsvc - ok
12:13:33.0106 3540 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:13:33.0106 3540 lmhosts - ok
12:13:33.0153 3540 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:13:33.0153 3540 LMouFilt - ok
12:13:33.0184 3540 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:13:33.0184 3540 LSI_FC - ok
12:13:33.0215 3540 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:13:33.0215 3540 LSI_SAS - ok
12:13:33.0246 3540 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:13:33.0262 3540 LSI_SCSI - ok
12:13:33.0309 3540 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:13:33.0324 3540 luafv - ok
12:13:33.0356 3540 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:13:33.0356 3540 Mcx2Svc - ok
12:13:33.0480 3540 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
12:13:33.0496 3540 MDM - ok
12:13:33.0512 3540 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:13:33.0512 3540 megasas - ok
12:13:33.0543 3540 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:13:33.0543 3540 MMCSS - ok
12:13:33.0558 3540 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:13:33.0574 3540 Modem - ok
12:13:33.0605 3540 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:13:33.0605 3540 monitor - ok
12:13:33.0636 3540 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:13:33.0636 3540 mouclass - ok
12:13:33.0652 3540 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:13:33.0699 3540 mouhid - ok
12:13:33.0746 3540 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:13:33.0746 3540 MountMgr - ok
12:13:33.0808 3540 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:13:33.0824 3540 MpFilter - ok
12:13:33.0886 3540 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:13:33.0886 3540 mpio - ok
12:13:34.0026 3540 MpKsl8f84b594 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4FC87F3-3860-43D4-876E-81981560C551}\MpKsl8f84b594.sys
12:13:34.0026 3540 MpKsl8f84b594 - ok
12:13:34.0042 3540 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:13:34.0042 3540 mpsdrv - ok
12:13:34.0167 3540 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:13:34.0214 3540 MpsSvc - ok
12:13:34.0229 3540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:13:34.0229 3540 Mraid35x - ok
12:13:34.0245 3540 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:13:34.0260 3540 MRxDAV - ok
12:13:34.0292 3540 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:34.0307 3540 mrxsmb - ok
12:13:34.0338 3540 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:34.0338 3540 mrxsmb10 - ok
12:13:34.0354 3540 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:34.0354 3540 mrxsmb20 - ok
12:13:34.0370 3540 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:13:34.0370 3540 msahci - ok
12:13:34.0385 3540 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:13:34.0385 3540 msdsm - ok
12:13:34.0416 3540 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:13:34.0432 3540 MSDTC - ok
12:13:34.0463 3540 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:13:34.0463 3540 Msfs - ok
12:13:34.0494 3540 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:13:34.0494 3540 msisadrv - ok
12:13:34.0541 3540 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:13:34.0557 3540 MSiSCSI - ok
12:13:34.0557 3540 msiserver - ok
12:13:34.0572 3540 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:13:34.0572 3540 MSKSSRV - ok
12:13:34.0838 3540 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:13:34.0838 3540 MsMpSvc - ok
12:13:34.0900 3540 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:34.0916 3540 MSPCLOCK - ok
12:13:34.0931 3540 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:13:34.0931 3540 MSPQM - ok
12:13:34.0962 3540 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:13:34.0962 3540 MsRPC - ok
12:13:34.0994 3540 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:34.0994 3540 mssmbios - ok
12:13:35.0040 3540 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:13:35.0040 3540 MSTEE - ok
12:13:35.0212 3540 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:13:35.0228 3540 Mup - ok
12:13:35.0611 3540 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:13:35.0902 3540 napagent - ok
12:13:36.0227 3540 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:13:36.0282 3540 NativeWifiP - ok
12:13:36.0926 3540 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:13:36.0950 3540 NDIS - ok
12:13:36.0973 3540 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:36.0974 3540 NdisTapi - ok
12:13:36.0982 3540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:36.0983 3540 Ndisuio - ok
12:13:37.0041 3540 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:37.0051 3540 NdisWan - ok
12:13:37.0063 3540 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:13:37.0064 3540 NDProxy - ok
12:13:37.0088 3540 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:13:37.0089 3540 NetBIOS - ok
12:13:37.0145 3540 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:13:37.0149 3540 netbt - ok
12:13:37.0162 3540 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:13:37.0193 3540 Netlogon - ok
12:13:37.0222 3540 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:13:37.0232 3540 Netman - ok
12:13:37.0339 3540 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:37.0376 3540 NetMsmqActivator - ok
12:13:37.0379 3540 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:37.0381 3540 NetPipeActivator - ok
12:13:37.0428 3540 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:13:37.0439 3540 netprofm - ok
12:13:37.0861 3540 netr28u (6f8480809d14f0594b4b1df07385da33) C:\Windows\system32\DRIVERS\netr28u.sys
12:13:37.0890 3540 netr28u - ok
12:13:37.0895 3540 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:37.0896 3540 NetTcpActivator - ok
12:13:37.0902 3540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:37.0903 3540 NetTcpPortSharing - ok
12:13:37.0942 3540 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:13:37.0944 3540 nfrd960 - ok
12:13:37.0965 3540 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:13:37.0967 3540 NisDrv - ok
12:13:38.0093 3540 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:13:38.0113 3540 NisSrv - ok
12:13:38.0155 3540 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:13:38.0238 3540 NlaSvc - ok
12:13:38.0389 3540 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:13:38.0402 3540 Npfs - ok
12:13:38.0471 3540 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:13:38.0496 3540 nsi - ok
12:13:38.0556 3540 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:13:38.0562 3540 nsiproxy - ok
12:13:38.0832 3540 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:13:38.0860 3540 Ntfs - ok
12:13:38.0884 3540 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:13:38.0908 3540 ntrigdigi - ok
12:13:38.0985 3540 nTuneService - ok
12:13:39.0030 3540 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:13:39.0031 3540 Null - ok
12:13:39.0128 3540 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
12:13:39.0134 3540 NVENETFD - ok
12:13:43.0334 3540 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:13:43.0381 3540 nvlddmkm - ok
12:13:43.0521 3540 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
12:13:43.0521 3540 NVR0Dev - ok
12:13:43.0755 3540 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:13:43.0755 3540 nvraid - ok
12:13:43.0786 3540 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:13:43.0786 3540 nvstor - ok
12:13:43.0817 3540 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
12:13:43.0817 3540 nvstor32 - ok
12:13:43.0958 3540 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
12:13:43.0958 3540 nvsvc - ok
12:13:43.0973 3540 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:13:44.0005 3540 nv_agp - ok
12:13:44.0005 3540 NwlnkFlt - ok
12:13:44.0051 3540 NwlnkFwd - ok
12:13:44.0098 3540 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:13:44.0098 3540 ohci1394 - ok
12:13:44.0363 3540 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:13:44.0379 3540 p2pimsvc - ok
12:13:44.0379 3540 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:13:44.0395 3540 p2psvc - ok
12:13:44.0426 3540 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:13:44.0426 3540 Parport - ok
12:13:44.0441 3540 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:13:44.0441 3540 partmgr - ok
12:13:44.0441 3540 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:13:44.0457 3540 Parvdm - ok
12:13:44.0660 3540 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
12:13:44.0660 3540 PassThru Service - ok
12:13:44.0738 3540 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
12:13:44.0753 3540 PCASp50 - ok
12:13:44.0800 3540 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:13:44.0800 3540 PcaSvc - ok
12:13:44.0863 3540 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:13:44.0878 3540 pci - ok
12:13:44.0878 3540 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:13:44.0878 3540 pciide - ok
12:13:44.0909 3540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:13:44.0925 3540 pcmcia - ok
12:13:44.0941 3540 PCTINDIS5 - ok
12:13:45.0081 3540 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:13:45.0143 3540 PEAUTH - ok
12:13:45.0299 3540 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:13:45.0346 3540 pla - ok
12:13:45.0565 3540 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:13:45.0580 3540 PlugPlay - ok
12:13:45.0611 3540 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
12:13:45.0611 3540 PnkBstrA - ok
12:13:45.0752 3540 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:13:45.0752 3540 PNRPAutoReg - ok
12:13:45.0767 3540 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:13:45.0767 3540 PNRPsvc - ok
12:13:45.0923 3540 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:13:45.0923 3540 PolicyAgent - ok
12:13:46.0064 3540 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:13:46.0064 3540 PptpMiniport - ok
12:13:46.0095 3540 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:13:46.0095 3540 Processor - ok
12:13:46.0111 3540 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:13:46.0173 3540 ProfSvc - ok
12:13:46.0189 3540 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:13:46.0189 3540 ProtectedStorage - ok
12:13:46.0516 3540 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:13:46.0532 3540 PSched - ok
12:13:46.0610 3540 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:13:46.0625 3540 ql2300 - ok
12:13:46.0657 3540 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:13:46.0672 3540 ql40xx - ok
12:13:46.0703 3540 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:13:46.0719 3540 QWAVE - ok
12:13:46.0719 3540 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:13:46.0719 3540 QWAVEdrv - ok
12:13:47.0203 3540 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
12:13:47.0234 3540 RapiMgr - ok
12:13:48.0107 3540 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
12:13:48.0107 3540 RapportCerberus_34302 - ok
12:13:48.0575 3540 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:13:48.0591 3540 RapportEI - ok
12:13:48.0919 3540 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
12:13:48.0950 3540 RapportKELL - ok
12:13:49.0059 3540 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
12:13:49.0090 3540 RapportMgmtService - ok
12:13:49.0137 3540 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:13:49.0137 3540 RapportPG - ok
12:13:49.0153 3540 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:13:49.0153 3540 RasAcd - ok
12:13:49.0168 3540 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:13:49.0184 3540 RasAuto - ok
12:13:49.0184 3540 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:49.0199 3540 Rasl2tp - ok
12:13:49.0231 3540 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:13:49.0246 3540 RasMan - ok
12:13:49.0262 3540 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:49.0277 3540 RasPppoe - ok
12:13:49.0293 3540 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:13:49.0293 3540 RasSstp - ok
12:13:49.0340 3540 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:13:49.0355 3540 rdbss - ok
12:13:49.0355 3540 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:49.0355 3540 RDPCDD - ok
12:13:49.0387 3540 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:13:49.0402 3540 rdpdr - ok
12:13:49.0402 3540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:13:49.0402 3540 RDPENCDD - ok
12:13:49.0465 3540 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:13:49.0480 3540 RDPWD - ok
12:13:49.0527 3540 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:13:49.0527 3540 RemoteAccess - ok
12:13:49.0543 3540 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:13:49.0558 3540 RemoteRegistry - ok
12:13:49.0605 3540 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
12:13:49.0605 3540 RimUsb - ok
12:13:49.0636 3540 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
12:13:49.0636 3540 RimVSerPort - ok
12:13:49.0667 3540 RivaTuner32 - ok
12:13:49.0714 3540 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:13:49.0714 3540 ROOTMODEM - ok
12:13:49.0995 3540 RoxLiveShare9 - ok
12:13:50.0073 3540 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:13:50.0089 3540 RpcLocator - ok
12:13:50.0182 3540 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:13:50.0182 3540 RpcSs - ok
12:13:50.0213 3540 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:13:50.0213 3540 rspndr - ok
12:13:50.0229 3540 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:13:50.0229 3540 SamSs - ok
12:13:50.0260 3540 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:13:50.0260 3540 SASDIFSV - ok
12:13:50.0557 3540 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:13:50.0557 3540 SASKUTIL - ok
12:13:50.0759 3540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:13:50.0775 3540 sbp2port - ok
12:13:51.0149 3540 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
12:13:51.0181 3540 SBSDWSCService - ok
12:13:51.0227 3540 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:13:51.0227 3540 SCardSvr - ok
12:13:52.0148 3540 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:13:52.0179 3540 Schedule - ok
12:13:52.0210 3540 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:13:52.0210 3540 SCPolicySvc - ok
12:13:52.0522 3540 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:13:52.0538 3540 SDRSVC - ok
12:13:52.0647 3540 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:13:52.0663 3540 SeaPort - ok
12:13:52.0725 3540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:13:52.0725 3540 secdrv - ok
12:13:52.0772 3540 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:13:52.0772 3540 seclogon - ok
12:13:52.0803 3540 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:13:52.0803 3540 SENS - ok
12:13:52.0850 3540 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:13:52.0850 3540 Serenum - ok
12:13:52.0865 3540 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:13:52.0865 3540 Serial - ok
12:13:52.0881 3540 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:13:52.0881 3540 sermouse - ok
12:13:52.0912 3540 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:13:52.0912 3540 SessionEnv - ok
12:13:52.0912 3540 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:13:52.0928 3540 sffdisk - ok
12:13:52.0928 3540 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:13:52.0928 3540 sffp_mmc - ok
12:13:52.0928 3540 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:13:52.0928 3540 sffp_sd - ok
12:13:52.0943 3540 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:13:52.0959 3540 sfloppy - ok
12:13:53.0037 3540 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:13:53.0053 3540 SharedAccess - ok
12:13:53.0131 3540 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:13:53.0131 3540 ShellHWDetection - ok
12:13:53.0146 3540 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:13:53.0146 3540 sisagp - ok
12:13:53.0193 3540 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:13:53.0193 3540 SiSRaid2 - ok
12:13:53.0224 3540 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:13:53.0224 3540 SiSRaid4 - ok
12:13:54.0769 3540 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:13:54.0862 3540 slsvc - ok
12:13:55.0127 3540 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:13:55.0143 3540 SLUINotify - ok
12:13:55.0190 3540 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:13:55.0190 3540 Smb - ok
12:13:55.0221 3540 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\Windows\system32\DRIVERS\snapman.sys
12:13:55.0237 3540 snapman - ok
12:13:55.0252 3540 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:13:55.0252 3540 SNMPTRAP - ok
12:13:55.0283 3540 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
12:13:55.0283 3540 speedfan - ok
12:13:55.0330 3540 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:13:55.0330 3540 spldr - ok
12:13:55.0595 3540 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:13:55.0611 3540 Spooler - ok
12:13:55.0689 3540 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:13:55.0705 3540 srv - ok
12:13:55.0736 3540 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:13:55.0736 3540 srv2 - ok
12:13:55.0751 3540 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:13:55.0767 3540 srvnet - ok
12:13:55.0829 3540 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:13:55.0829 3540 SSDPSRV - ok
12:13:55.0845 3540 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:13:55.0845 3540 SstpSvc - ok
12:13:56.0017 3540 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:13:56.0048 3540 stisvc - ok
12:13:56.0079 3540 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:13:56.0079 3540 swenum - ok
12:13:56.0126 3540 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys
12:13:56.0157 3540 swmsflt - ok
12:13:56.0204 3540 SWNC8U80 (ca27e8ce559a9c0acc4f9ea468acf414) C:\Windows\system32\DRIVERS\swnc8u80.sys
12:13:56.0219 3540 SWNC8U80 - ok
12:13:56.0235 3540 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:13:56.0251 3540 swprv - ok
12:13:56.0282 3540 SWUMX80 (e0042a561eeed484b5c831c2a50b7e8b) C:\Windows\system32\DRIVERS\swumx80.sys
12:13:56.0297 3540 SWUMX80 - ok
12:13:56.0344 3540 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:13:56.0344 3540 Symc8xx - ok
12:13:56.0360 3540 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:13:56.0360 3540 Sym_hi - ok
12:13:56.0375 3540 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:13:56.0375 3540 Sym_u3 - ok
12:13:56.0422 3540 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:13:56.0453 3540 SysMain - ok
12:13:56.0485 3540 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:13:56.0485 3540 TabletInputService - ok
12:13:56.0531 3540 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:13:56.0531 3540 TapiSrv - ok
12:13:56.0594 3540 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:13:56.0594 3540 TBS - ok
12:13:57.0249 3540 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
12:13:57.0265 3540 Tcpip - ok
12:13:57.0296 3540 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
12:13:57.0296 3540 Tcpip6 - ok
12:13:57.0358 3540 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
12:13:57.0358 3540 tcpipreg - ok
12:13:57.0374 3540 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:13:57.0374 3540 TDPIPE - ok
12:13:57.0389 3540 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:13:57.0389 3540 TDTCP - ok
12:13:57.0405 3540 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:13:57.0405 3540 tdx - ok
12:13:57.0436 3540 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:13:57.0436 3540 TermDD - ok
12:13:57.0499 3540 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:13:57.0514 3540 TermService - ok
12:13:57.0561 3540 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:13:57.0577 3540 Themes - ok
12:13:57.0670 3540 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:13:57.0670 3540 THREADORDER - ok
12:13:57.0717 3540 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
12:13:57.0717 3540 tifsfilter - ok
12:13:57.0748 3540 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
12:13:57.0764 3540 timounter - ok
12:13:57.0811 3540 TridVid (e91ba04603569828caade76507a076ce) C:\Windows\system32\DRIVERS\TridVid.sys
12:13:57.0826 3540 TridVid - ok
12:13:57.0842 3540 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:13:57.0842 3540 TrkWks - ok
12:13:58.0045 3540 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:13:58.0045 3540 TrustedInstaller - ok
12:13:58.0060 3540 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:58.0060 3540 tssecsrv - ok
12:13:58.0091 3540 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:13:58.0091 3540 tunmp - ok
12:13:58.0107 3540 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:13:58.0107 3540 tunnel - ok
12:13:58.0123 3540 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:13:58.0123 3540 uagp35 - ok
12:13:58.0169 3540 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:13:58.0169 3540 udfs - ok
12:13:58.0185 3540 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:13:58.0279 3540 UI0Detect - ok
12:13:58.0294 3540 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:13:58.0294 3540 uliagpkx - ok
12:13:58.0325 3540 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:13:58.0325 3540 uliahci - ok
12:13:58.0357 3540 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:13:58.0357 3540 UlSata - ok
12:13:58.0372 3540 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:13:58.0372 3540 ulsata2 - ok
12:13:58.0403 3540 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:13:58.0403 3540 umbus - ok
12:13:58.0450 3540 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:13:58.0450 3540 upnphost - ok
12:13:58.0497 3540 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
12:13:58.0528 3540 USBAAPL - ok
12:13:58.0559 3540 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:13:58.0559 3540 usbaudio - ok
12:13:58.0575 3540 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys
12:13:58.0575 3540 usbbus - ok
12:13:58.0606 3540 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:58.0637 3540 usbccgp - ok
12:13:58.0669 3540 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:13:58.0669 3540 usbcir - ok
12:13:58.0700 3540 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:13:58.0700 3540 UsbDiag - ok
12:13:58.0747 3540 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:13:58.0762 3540 usbehci - ok
12:13:58.0793 3540 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:13:58.0793 3540 usbhub - ok
12:13:58.0809 3540 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:13:58.0809 3540 USBModem - ok
12:13:58.0825 3540 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:13:58.0825 3540 usbohci - ok
12:13:58.0840 3540 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:13:58.0840 3540 usbprint - ok
12:13:58.0856 3540 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:13:58.0887 3540 usbscan - ok
12:13:58.0903 3540 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:58.0918 3540 USBSTOR - ok
12:13:58.0949 3540 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:13:58.0949 3540 usbuhci - ok
12:13:58.0981 3540 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
12:13:58.0981 3540 usb_rndisx - ok
12:13:59.0012 3540 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:13:59.0012 3540 UxSms - ok
12:13:59.0059 3540 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:13:59.0074 3540 vds - ok
12:13:59.0090 3540 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:59.0090 3540 vga - ok
12:13:59.0137 3540 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:13:59.0137 3540 VgaSave - ok
12:13:59.0137 3540 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:13:59.0152 3540 viaagp - ok
12:13:59.0215 3540 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:13:59.0215 3540 ViaC7 - ok
12:13:59.0215 3540 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:13:59.0215 3540 viaide - ok
12:13:59.0246 3540 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:13:59.0246 3540 volmgr - ok
12:13:59.0293 3540 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:13:59.0308 3540 volmgrx - ok
12:13:59.0339 3540 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:13:59.0355 3540 volsnap - ok
12:13:59.0371 3540 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:13:59.0386 3540 vsmraid - ok
12:13:59.0480 3540 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:13:59.0542 3540 VSS - ok
12:13:59.0620 3540 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:13:59.0636 3540 W32Time - ok
12:13:59.0683 3540 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:13:59.0683 3540 WacomPen - ok
12:13:59.0698 3540 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:59.0698 3540 Wanarp - ok
12:13:59.0698 3540 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:59.0714 3540 Wanarpv6 - ok
12:14:00.0244 3540 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
12:14:00.0260 3540 WcesComm - ok
12:14:00.0322 3540 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:14:00.0353 3540 wcncsvc - ok
12:14:00.0416 3540 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:14:00.0416 3540 WcsPlugInService - ok
12:14:00.0447 3540 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:14:00.0447 3540 Wd - ok
12:14:00.0494 3540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:14:00.0509 3540 Wdf01000 - ok
12:14:00.0556 3540 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:14:00.0556 3540 WdiServiceHost - ok
12:14:00.0572 3540 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:14:00.0572 3540 WdiSystemHost - ok
12:14:00.0634 3540 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:14:00.0650 3540 WebClient - ok
12:14:00.0681 3540 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:14:00.0697 3540 Wecsvc - ok
12:14:00.0697 3540 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:14:00.0697 3540 wercplsupport - ok
12:14:00.0728 3540 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:14:00.0743 3540 WerSvc - ok
12:14:00.0790 3540 wind502u (273c96a39944c720c3365543fb2ad7d8) C:\Windows\system32\DRIVERS\wind502u.sys
12:14:00.0806 3540 wind502u - ok
12:14:01.0024 3540 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:14:01.0040 3540 WinDefend - ok
12:14:01.0102 3540 WINFLASH - ok
12:14:01.0118 3540 WinHttpAutoProxySvc - ok
12:14:01.0258 3540 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:14:01.0274 3540 Winmgmt - ok
12:14:01.0367 3540 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:14:01.0399 3540 WinRM - ok
12:14:01.0492 3540 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
12:14:01.0492 3540 WinUSB - ok
12:14:01.0648 3540 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:14:01.0679 3540 Wlansvc - ok
12:14:01.0789 3540 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:14:01.0789 3540 wlcrasvc - ok
12:14:02.0335 3540 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:14:02.0381 3540 wlidsvc - ok
12:14:02.0615 3540 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:14:02.0631 3540 WmiAcpi - ok
12:14:02.0740 3540 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:02.0756 3540 wmiApSrv - ok
12:14:03.0052 3540 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:14:03.0083 3540 WMPNetworkSvc - ok
12:14:03.0161 3540 WMZuneComm (cac923906c526433e789d76f4f596601) c:\Program Files\Zune\WMZuneComm.exe
12:14:03.0161 3540 WMZuneComm - ok
12:14:03.0302 3540 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:14:03.0317 3540 WPCSvc - ok
12:14:03.0349 3540 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:14:03.0349 3540 WPDBusEnum - ok
12:14:03.0380 3540 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:14:03.0380 3540 WpdUsb - ok
12:14:04.0331 3540 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:14:04.0347 3540 WPFFontCache_v0400 - ok
12:14:04.0378 3540 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:04.0378 3540 ws2ifsl - ok
12:14:04.0394 3540 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:14:04.0441 3540 wscsvc - ok
12:14:04.0441 3540 WSearch - ok
12:14:05.0735 3540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:14:05.0751 3540 wuauserv - ok
12:14:05.0938 3540 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:14:05.0954 3540 WudfPf - ok
12:14:05.0985 3540 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:05.0985 3540 WUDFRd - ok
12:14:06.0001 3540 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
12:14:06.0063 3540 wudfsvc - ok
12:14:06.0157 3540 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
12:14:06.0172 3540 x10nets - ok
12:14:06.0203 3540 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
12:14:06.0203 3540 XUIF - ok
12:14:07.0514 3540 ZuneNetworkSvc (7288e904b5514d601ba004954e4393bb) c:\Program Files\Zune\ZuneNss.exe
12:14:07.0670 3540 ZuneNetworkSvc - ok
12:14:08.0075 3540 ZuneWlanCfgSvc (945eba97cb6c85f5baea4dd2e8410c81) c:\Windows\system32\ZuneWlanCfgSvc.exe
12:14:08.0107 3540 ZuneWlanCfgSvc - ok
12:14:08.0138 3540 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:14:09.0542 3540 \Device\Harddisk0\DR0 - ok
12:14:09.0542 3540 Boot (0x1200) (3707ee2ee7d3f24d36c704344d5a9d3e) \Device\Harddisk0\DR0\Partition0
12:14:09.0557 3540 \Device\Harddisk0\DR0\Partition0 - ok
12:14:09.0557 3540 ============================================================
12:14:09.0557 3540 Scan finished
12:14:09.0557 3540 ============================================================
12:14:09.0557 3032 Detected object count: 1
12:14:09.0557 3032 Actual detected object count: 1
12:14:40.0821 3032 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:14:40.0821 3032 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
12:14:50.0689 3088 Deinitialize success

Attached Files

  • Attached File  MBR.zip   543bytes   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 23 June 2012 - 12:43 PM

When you executed the aswMBR there was an other log. Can you post it?
The .dat file you attached is a copy of the MBR should we need it.

===

Delete your version of DDS tool.

Download from here:

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

p.s.
If you can it might be wise to used a good computer to download the file to a CD an to copy the files to the desktop of the problem computer.
Then run the tool. There are three versions. You only need to run one of them.

If the file is too large to post attach it.

#5 Tawnc

Tawnc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 23 June 2012 - 02:09 PM

Ok, think this is what you wanted, working on the rest.




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 12:23:10
-----------------------------
12:23:10.295 OS Version: Windows 6.0.6002 Service Pack 2
12:23:10.295 Number of processors: 4 586 0xF0B
12:23:10.295 ComputerName: JANICEW UserName: Patrick
12:23:59.342 Initialize success
12:24:35.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
12:24:35.834 Disk 0 Vendor: ST350063 3.AA Size: 476940MB BusType: 6
12:24:35.865 Disk 0 MBR read successfully
12:24:35.865 Disk 0 MBR scan
12:24:35.865 Disk 0 Windows VISTA default MBR code
12:24:35.897 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:24:35.928 Disk 0 scanning sectors +976771072
12:24:36.068 Disk 0 scanning C:\Windows\system32\drivers
12:24:49.313 Service scanning
12:25:01.496 Service MpKsl8f84b594 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4FC87F3-3860-43D4-876E-81981560C551}\MpKsl8f84b594.sys **LOCKED** 32
12:25:25.832 Modules scanning
12:25:38.702 Disk 0 trace - called modules:
12:25:38.733 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
12:25:38.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f17ac8]
12:25:38.749 3 CLASSPNP.SYS[8a5dc8b3] -> nt!IofCallDriver -> [0x87787b68]
12:25:38.749 5 acpi.sys[84a8c6bc] -> nt!IofCallDriver -> \Device\0000005e[0x87787c90]
12:25:38.765 Scan finished successfully
12:25:57.266 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
12:25:57.360 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"

#6 Tawnc

Tawnc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 23 June 2012 - 02:15 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_31
Run by Patrick at 15:13:28 on 2012-06-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.756 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\atashost.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM] -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\patrick\appdata\roaming\microsoft\windows\start menu\programs\startup\Logitech . Product Registration.lnk.disabled
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Microsoft Office.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf converter 7\cnvres_eng.dll /100
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://office.emdeon.com/HOME/ScriptX/smsx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://emdeon.webex.com/client/T27L10NSP11EP5/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8357272B-9D14-4C9C-B09E-5B5A7EE495D5} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C0B7B59B-5594-49EC-9954-A112557D4A2B} : DhcpNameServer = 209.183.50.151 209.183.50.151
TCP: Interfaces\{C2D0E329-A144-405A-80FC-5639825E51C1} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\a28iou2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
R1 MpKsl8f84b594;MpKsl8f84b594;c:\programdata\microsoft\microsoft antimalware\definition updates\{d4fc87f3-3860-43d4-876e-81981560c551}\MpKsl8f84b594.sys [2012-6-23 29904]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-16 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-1 21504]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-3-28 43928]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-8-12 296808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-1 21504]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-12 1153368]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-11-3 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2009-11-3 11520]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-8 257224]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-1-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-1-10 142976]
S3 TridVid;X10 Video Capture;c:\windows\system32\drivers\TridVid.sys [2010-6-18 165904]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys [2004-3-25 336256]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-06-23 16:12:31 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d4fc87f3-3860-43d4-876e-81981560c551}\MpKsl8f84b594.sys
2012-06-22 20:10:05 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d4fc87f3-3860-43d4-876e-81981560c551}\mpengine.dll
2012-06-22 20:07:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:06:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 20:06:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 20:47:52 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-18 23:58:22 -------- d-----w- c:\users\patrick\appdata\local\SavingsApp
2012-06-18 23:58:05 -------- d-----w- c:\program files\Yahoo!
2012-06-16 01:18:29 -------- d-----w- c:\program files\Runtime Software
2012-06-13 23:26:43 -------- d-----w- C:\logs
2012-06-13 18:36:54 -------- d-----w- c:\program files\ESET
2012-06-13 11:46:31 -------- d-----w- c:\users\patrick\appdata\local\{67885836-8AFE-49F1-9C27-6C76E824DF0D}
2012-06-13 11:46:30 -------- d-----w- c:\users\patrick\appdata\local\{354A281C-F4C6-4319-BDF9-9FAD51759876}
2012-06-13 05:50:35 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5db06bda-cf25-4b8d-afe7-7e2a131321e2}\gapaengine.dll
2012-06-13 05:42:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-13 04:04:38 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-13 03:47:51 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 03:46:49 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 01:01:43 -------- d-----w- c:\users\patrick\appdata\roaming\SUPERAntiSpyware.com
2012-06-13 01:01:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-12 22:29:01 53248 ----a-r- c:\users\patrick\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-06-12 22:27:45 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-12 22:18:28 -------- d-----w- c:\users\patrick\appdata\roaming\Logishrd
2012-06-12 21:54:50 388096 ----a-r- c:\users\patrick\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-12 21:54:46 -------- d-----w- c:\program files\Trend Micro
2012-06-12 21:31:06 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7512cd59-f632-4e96-b464-5500e6319892}\mpengine.dll
2012-06-12 21:27:17 -------- d-----w- c:\users\patrick\appdata\local\{8A326D0F-6916-4123-866D-3450A3B0AC6E}
2012-06-12 21:27:05 -------- d-----w- c:\users\patrick\appdata\local\{ABE71684-0E4F-40AE-8C17-80F166F5A576}
2012-06-11 22:18:43 -------- d-----w- c:\users\patrick\appdata\local\{B98AB2CF-7704-4DE4-B229-BF2B5DA67569}
2012-06-11 22:18:29 -------- d-----w- c:\users\patrick\appdata\local\{96A4450F-CBDF-475A-A1A6-F9628F6123E0}
2012-06-09 03:06:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 00:52:35 -------- d-----w- c:\users\patrick\appdata\local\{83AD0152-5DF3-47AC-AD0F-717AFA50B3C5}
2012-06-09 00:52:14 -------- d-----w- c:\users\patrick\appdata\local\{0A4390E8-7B1F-469E-A091-D0F27713D8A2}
2012-06-07 00:28:42 -------- d-----w- c:\users\patrick\appdata\local\{5374ACB8-E9DC-49BD-A2EF-A872E5F59D33}
2012-06-03 14:38:50 -------- d-----w- c:\users\patrick\appdata\local\{65E36EAF-4EB3-4218-9965-C0C450EC2661}
2012-06-02 18:47:11 -------- d-----w- c:\users\patrick\appdata\local\{5A949551-1EB5-4D8E-B134-67A3AD7AA471}
2012-06-02 18:47:00 -------- d-----w- c:\users\patrick\appdata\local\{2D66A011-DA71-4C2D-B59A-254D346B24F0}
2012-06-01 21:57:39 -------- d-----w- c:\programdata\Brother
.
==================== Find3M ====================
.
2012-06-09 03:06:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 15:14:28.28 ===============

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 24 June 2012 - 07:58 AM

Please reset your Hosts file.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#8 Tawnc

Tawnc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 24 June 2012 - 12:25 PM

After a reboot sceurity check worked as described and log included.

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6) Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


ComboFix 12-06-24.01 - Patrick 06/24/2012 12:13:42.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1170 [GMT -4:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome.manifest
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\background.html
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\browser.xul
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossrider.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossriderapi.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\dialog.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\manage-apps.html
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\messaging.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.xul
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\push.html
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\search_dialog.xul
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\chrome\content\update.html
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\defaults\preferences\prefs.js
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\install.rdf
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\locale\en-US\translations.dtd
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\button1.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\button2.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\button3.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\button4.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\button5.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\crossrider_statusbar.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\icon128.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\icon16.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\icon24.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\icon48.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\panelarrow-up.png
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\popup.css
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\popup.html
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\popup_binding.xml
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\skin.css
c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\extensions\crossriderapp4639@crossrider.com\skin\update.css
c:\windows\system32\ctl3d32.1
c:\windows\system32\drivers\~GLH0014.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 16:33 . 2012-06-24 16:34 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2012-06-24 16:33 . 2012-06-24 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 16:00 . 2012-06-24 16:00 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{733CEA82-DF07-4A2F-80DC-8F12E66D3D6E}\offreg.dll
2012-06-24 15:57 . 2012-06-24 15:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{733CEA82-DF07-4A2F-80DC-8F12E66D3D6E}\MpKsla907e6b1.sys
2012-06-24 00:11 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{733CEA82-DF07-4A2F-80DC-8F12E66D3D6E}\mpengine.dll
2012-06-23 16:08 . 2012-06-23 16:08 -------- d-----w- c:\program files\7-Zip
2012-06-22 20:10 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 20:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:06 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:06 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:06 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:06 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:06 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:58 . 2012-06-18 23:58 -------- d-----w- c:\users\Patrick\AppData\Local\SavingsApp
2012-06-18 23:58 . 2012-06-19 03:30 -------- d-----w- c:\programdata\Yahoo!
2012-06-18 23:58 . 2012-06-19 03:30 -------- d-----w- c:\program files\Yahoo!
2012-06-16 01:18 . 2012-06-16 01:18 -------- d-----w- c:\program files\Runtime Software
2012-06-13 23:26 . 2012-06-13 23:26 -------- d-----w- C:\logs
2012-06-13 18:36 . 2012-06-13 18:36 -------- d-----w- c:\program files\ESET
2012-06-13 05:50 . 2012-06-13 05:48 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DB06BDA-CF25-4B8D-AFE7-7E2A131321E2}\gapaengine.dll
2012-06-13 05:42 . 2012-06-13 05:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-13 04:04 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-13 03:47 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 03:46 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 01:01 . 2012-06-13 01:01 -------- d-----w- c:\users\Patrick\AppData\Roaming\SUPERAntiSpyware.com
2012-06-13 01:01 . 2012-06-13 01:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-12 22:29 . 2012-06-12 22:29 -------- d-----w- c:\users\Patrick\AppData\Roaming\Leadertech
2012-06-12 22:29 . 2012-06-12 22:29 53248 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-12 22:27 . 2012-06-18 18:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-12 22:25 . 2012-06-12 22:31 -------- d-----w- c:\programdata\Logishrd
2012-06-12 22:25 . 2012-06-12 22:26 -------- d-----w- c:\program files\Logitech
2012-06-12 22:20 . 2012-06-12 22:29 -------- d-----w- c:\program files\Common Files\Logishrd
2012-06-12 22:18 . 2012-06-12 22:31 -------- d-----w- c:\users\Patrick\AppData\Roaming\Logitech
2012-06-12 22:18 . 2012-06-12 22:18 -------- d-----w- c:\users\Patrick\AppData\Roaming\Logishrd
2012-06-12 21:54 . 2012-06-12 21:54 388096 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-12 21:54 . 2012-06-12 21:54 -------- d-----w- c:\program files\Trend Micro
2012-06-12 21:31 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7512CD59-F632-4E96-B464-5500E6319892}\mpengine.dll
2012-06-09 03:48 . 2012-06-09 03:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Trusteer
2012-06-09 03:06 . 2012-06-09 03:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 21:57 . 2012-06-02 15:30 -------- d-----w- c:\programdata\Brother
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 03:06 . 2011-09-24 15:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-03-12 23:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-10 19:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 19:49 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 19:50 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-10 19:50 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk.disabled [2012-6-12 1151]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2010-3-28 1876]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Akamai NetSession Interface"="c:\users\Patrick\AppData\Local\Akamai\netsession_win.exe"
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"EvtMgr6"=c:\program files\Logitech\SetPointP\SetPoint.exe /launchGaming
"RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
"PDF7 Registry Controller"=c:\program files\Nuance\PDF Converter 7\RegistryController.exe
"PDF5 Registry Controller"=c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
"Nuance PDF Converter 7-reminder"="c:\program files\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter 7\Ereg\Ereg.ini"
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking11\Ereg.ini
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA907E6B1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 03:06]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 23:18]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 23:18]
.
2012-06-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-03-12 20:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Nuance PDF Converter 7.0 - c:\program files\Nuance\PDF Converter 7\cnvres_eng.dll /100
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\a28iou2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-24 12:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{58f90db9-05d6-48c7-8d2b-625de4430d44}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:13000f9f
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{597326da-0a31-44e1-963a-0afa12330318}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e00044b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c2d0e329-a144-405a-80fc-5639825e51c1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00044b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{da1f7085-d3b8-4c04-b5db-cfa62e83e41a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-06-24 12:37:14
ComboFix-quarantined-files.txt 2012-06-24 16:37
.
Pre-Run: 326,653,063,168 bytes free
Post-Run: 326,011,568,128 bytes free
.
- - End Of File - - 16A6CF552B950BC18EDA8194A2E8666F

Edited by Tawnc, 24 June 2012 - 12:36 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 24 June 2012 - 01:07 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7

Remove this old version of Adobe reader.
Adobe Reader 9 Adobe.


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.257 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please let me know what problem persists.

#10 Tawnc

Tawnc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 June 2012 - 06:48 PM

Well after a week of the button mashers having at it whatever was there seems to be gone. I would have liked to actually seen something I can put my finger on and say that was it but I guess combofix must have found and corrected a issue. I have no update refusals and all scans come back clean and no poweroffs.

I thank you fine sir and as well to the rest of the behind the scenes staff you all are one of the only real human 1 on 1 help centers left in the world and I thank you for your time.

Tawnc

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 30 June 2012 - 08:07 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 06 July 2012 - 09:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users