Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect issue


  • This topic is locked This topic is locked
17 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 20 June 2012 - 07:39 PM

Greetings...

I was directed here from a previous post. You can view that information at this link.

http://www.bleepingcomputer.com/forums/topic456487.html

FYI, there is no GMER log because this is a 64 bit Windows.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Karen at 20:25:55 on 2012-06-20
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
mURLSearchHooks: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
TB: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [Google Update] "C:\Users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{545BE5C9-341C-435C-8ACE-8DFE834FED79} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{545BE5C9-341C-435C-8ACE-8DFE834FED79}\65562796A7F6E602143433030253644373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{545BE5C9-341C-435C-8ACE-8DFE834FED79}\777777E277966696771667A7E236F6D6 : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
BHO-X64: Road Runner - No File
TB-X64: Road Runner Toolbar: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files (x86)\Road_Runner\prxtbRoad.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-18 21:47:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 21:47:02 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 21:46:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 21:46:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 02:56:58 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-14 02:46:17 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 02:46:17 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 02:46:17 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 02:46:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 02:46:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:46:11 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 02:46:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 02:46:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 16:42:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-09 16:42:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-09 16:41:39 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-09 16:41:39 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-06-09 16:39:36 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-09 16:38:40 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-06-09 16:38:40 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-06-09 16:38:27 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-09 16:38:15 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-06-09 16:38:15 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-06-09 16:37:22 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-06-09 16:37:22 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-06-09 16:37:09 2871808 ----a-w- C:\Windows\explorer.exe
2012-06-09 16:37:09 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-06-09 16:36:52 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-06-09 16:36:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-06-09 16:36:30 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-06-09 16:36:30 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-09 16:36:30 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-06-09 16:34:08 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-06-09 14:48:30 -------- d-----w- C:\ProgramData\IObit
2012-06-09 14:48:21 -------- d-----w- C:\Users\Karen\AppData\Roaming\IObit
2012-06-09 14:48:16 -------- d-----w- C:\Program Files (x86)\IObit
2012-06-09 13:15:40 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-06-09 13:15:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-09 13:15:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-09 13:15:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-31 12:30:36 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE7350F0-F1FD-4117-B112-E0493AEC0603}\mpengine.dll
2012-05-29 18:23:19 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2012-06-09 16:40:15 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-06-09 16:40:15 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-09 16:40:15 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-06-09 16:40:15 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-06-09 16:40:15 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-06-09 16:40:15 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-06-09 16:40:15 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-09 16:40:15 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-06-09 16:40:15 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-06-09 16:40:15 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-06-09 16:40:15 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-06-09 16:37:55 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-06-09 16:37:55 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:27:43.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 21 June 2012 - 12:41 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 21 June 2012 - 09:15 PM

I initially tried to run Security Check and I got a lot of "file could not be found" errors. It appeared to finish correctly.

I also tried to create a system restore point, but I kept getting error messages stating that the system restore manager couldn't start and that I could try to restart and it might work. It didn't until AFTER I ran ComboFix.

Also, after I ran ComboFix, I tried opening applications. None would open. The error message stated that the registry keys had been marked for deletion. I restarted and everything seems to be running correctly now.


Here are the 2 files with results.

Thanks!!


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````










ComboFix 12-06-21.02 - Karen 06/21/2012 21:20:36.1.3 - x64
Running from: c:\users\Karen\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 01:28 . 2012-06-22 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 00:36 . 2012-06-21 00:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-21 00:33 . 2012-06-21 00:33 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 00:32 . 2012-06-21 00:32 -------- d-----w- c:\programdata\McAfee
2012-06-18 21:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 21:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 21:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 21:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 21:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 21:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 21:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 21:46 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 21:46 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:56 . 2012-06-14 02:56 -------- d-----w- c:\program files (x86)\ESET
2012-06-14 02:46 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:46 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:46 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 02:46 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 02:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 16:42 . 2012-06-09 16:42 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-09 16:42 . 2012-06-09 16:42 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-09 16:41 . 2012-06-09 16:41 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-09 16:41 . 2012-06-09 16:41 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-09 16:39 . 2012-06-09 16:39 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-09 16:38 . 2012-06-09 16:38 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-09 16:38 . 2012-06-09 16:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-09 16:38 . 2012-06-09 16:38 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-09 16:38 . 2012-06-09 16:38 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-09 16:38 . 2012-06-09 16:38 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-09 16:37 . 2012-06-09 16:37 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-09 16:37 . 2012-06-09 16:37 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-09 16:37 . 2012-06-09 16:37 2871808 ----a-w- c:\windows\explorer.exe
2012-06-09 16:37 . 2012-06-09 16:37 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-06-09 16:36 . 2012-06-09 16:36 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-06-09 16:36 . 2012-06-09 16:36 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-06-09 16:36 . 2012-06-09 16:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-09 16:36 . 2012-06-09 16:36 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-09 16:36 . 2012-06-09 16:36 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-09 16:34 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\programdata\IObit
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\Karen\AppData\Roaming\IObit
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\program files (x86)\IObit
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\users\Karen\AppData\Roaming\Malwarebytes
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 13:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-31 12:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE7350F0-F1FD-4117-B112-E0493AEC0603}\mpengine.dll
2012-05-29 18:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 00:33 . 2011-11-16 13:13 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 16:37 . 2012-06-09 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-06-09 16:37 . 2012-06-09 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-03-30 11:35 . 2012-05-09 18:49 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files (x86)\Road_Runner\prxtbRoad.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Road_Runner\prxtbRoad.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files (x86)\Road_Runner\prxtbRoad.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778739511-2529545003-881932040-1000Core.job
- c:\users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 18:30]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778739511-2529545003-881932040-1000UA.job
- c:\users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 18:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
WebBrowser-{E4878B45-E2C0-4307-B6E8-734922F92F5B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FoxTab Media Player - c:\users\Karen\FoxTabFLVPlayer\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
.
**************************************************************************
.
Completion time: 2012-06-21 21:36:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 01:36
.
Pre-Run: 455,478,276,096 bytes free
Post-Run: 455,597,789,184 bytes free
.
- - End Of File - - CD91629086B3F9D1174BB768BDCF4C5D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 21 June 2012 - 09:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 22 June 2012 - 09:07 PM

21:45:42.0256 2844 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:45:42.0599 2844 ============================================================
21:45:42.0599 2844 Current date / time: 2012/06/22 21:45:42.0599
21:45:42.0599 2844 SystemInfo:
21:45:42.0599 2844
21:45:42.0599 2844 OS Version: 6.1.7601 ServicePack: 1.0
21:45:42.0599 2844 Product type: Workstation
21:45:42.0599 2844 ComputerName: KAREN-PC
21:45:42.0599 2844 UserName: Karen
21:45:42.0599 2844 Windows directory: C:\Windows
21:45:42.0599 2844 System windows directory: C:\Windows
21:45:42.0599 2844 Running under WOW64
21:45:42.0599 2844 Processor architecture: Intel x64
21:45:42.0599 2844 Number of processors: 3
21:45:42.0599 2844 Page size: 0x1000
21:45:42.0599 2844 Boot type: Normal boot
21:45:42.0599 2844 ============================================================
21:45:43.0707 2844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:43.0722 2844 Drive \Device\Harddisk1\DR1 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:45:43.0722 2844 ============================================================
21:45:43.0722 2844 \Device\Harddisk0\DR0:
21:45:43.0722 2844 MBR partitions:
21:45:43.0722 2844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:45:43.0722 2844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:45:43.0722 2844 \Device\Harddisk1\DR1:
21:45:43.0722 2844 MBR partitions:
21:45:43.0722 2844 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
21:45:43.0722 2844 ============================================================
21:45:43.0753 2844 C: <-> \Device\Harddisk0\DR0\Partition1
21:45:43.0753 2844 ============================================================
21:45:43.0753 2844 Initialize success
21:45:43.0753 2844 ============================================================
21:46:07.0341 4380 ============================================================
21:46:07.0341 4380 Scan started
21:46:07.0341 4380 Mode: Manual;
21:46:07.0341 4380 ============================================================
21:46:08.0417 4380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:46:08.0433 4380 1394ohci - ok
21:46:08.0495 4380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:46:08.0495 4380 ACPI - ok
21:46:08.0526 4380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:46:08.0526 4380 AcpiPmi - ok
21:46:08.0620 4380 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:46:08.0620 4380 AdobeARMservice - ok
21:46:08.0698 4380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:46:08.0714 4380 adp94xx - ok
21:46:08.0760 4380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:46:08.0776 4380 adpahci - ok
21:46:08.0807 4380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:46:08.0838 4380 adpu320 - ok
21:46:08.0979 4380 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
21:46:08.0994 4380 AdvancedSystemCareService5 - ok
21:46:09.0026 4380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:46:09.0026 4380 AeLookupSvc - ok
21:46:09.0150 4380 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
21:46:09.0150 4380 AESTFilters - ok
21:46:09.0244 4380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:46:09.0260 4380 AFD - ok
21:46:09.0291 4380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:46:09.0291 4380 agp440 - ok
21:46:09.0338 4380 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:46:09.0338 4380 ALG - ok
21:46:09.0369 4380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:46:09.0369 4380 aliide - ok
21:46:09.0416 4380 AMD External Events Utility (8f6c0ff277dbfe5ebed24e3543da7bfa) C:\Windows\system32\atiesrxx.exe
21:46:09.0431 4380 AMD External Events Utility - ok
21:46:09.0447 4380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:46:09.0447 4380 amdide - ok
21:46:09.0478 4380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:46:09.0494 4380 AmdK8 - ok
21:46:10.0008 4380 amdkmdag (9673319070166e26660eba4edf316fa2) C:\Windows\system32\DRIVERS\atipmdag.sys
21:46:10.0133 4380 amdkmdag - ok
21:46:10.0289 4380 amdkmdap (430d06d63952848e64cbbf23b5c1479e) C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:10.0320 4380 amdkmdap - ok
21:46:10.0352 4380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:46:10.0352 4380 AmdPPM - ok
21:46:10.0383 4380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:46:10.0414 4380 amdsata - ok
21:46:10.0461 4380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:46:10.0476 4380 amdsbs - ok
21:46:10.0492 4380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:46:10.0492 4380 amdxata - ok
21:46:10.0570 4380 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:46:10.0586 4380 Amsp - ok
21:46:10.0617 4380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:46:10.0632 4380 AppID - ok
21:46:10.0648 4380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:46:10.0648 4380 AppIDSvc - ok
21:46:10.0679 4380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:46:10.0679 4380 Appinfo - ok
21:46:10.0773 4380 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:46:10.0788 4380 Apple Mobile Device - ok
21:46:10.0835 4380 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:46:10.0851 4380 AppMgmt - ok
21:46:10.0882 4380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:46:10.0882 4380 arc - ok
21:46:10.0913 4380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:46:10.0913 4380 arcsas - ok
21:46:10.0944 4380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:10.0944 4380 AsyncMac - ok
21:46:10.0960 4380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:46:10.0976 4380 atapi - ok
21:46:11.0007 4380 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:46:11.0038 4380 AtiHdmiService - ok
21:46:11.0054 4380 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:46:11.0054 4380 AtiPcie - ok
21:46:11.0147 4380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:46:11.0163 4380 AudioEndpointBuilder - ok
21:46:11.0178 4380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:46:11.0194 4380 AudioSrv - ok
21:46:11.0225 4380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:46:11.0241 4380 AxInstSV - ok
21:46:11.0319 4380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:46:11.0334 4380 b06bdrv - ok
21:46:11.0381 4380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:11.0381 4380 b57nd60a - ok
21:46:11.0428 4380 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
21:46:11.0428 4380 BCM42RLY - ok
21:46:11.0662 4380 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:46:11.0740 4380 BCM43XX - ok
21:46:11.0865 4380 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\Windows\system32\DRIVERS\bcmvwl64.sys
21:46:11.0865 4380 BcmVWL - ok
21:46:11.0912 4380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:46:11.0927 4380 BDESVC - ok
21:46:11.0958 4380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:46:11.0958 4380 Beep - ok
21:46:12.0083 4380 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:46:12.0099 4380 BFE - ok
21:46:12.0224 4380 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:46:12.0224 4380 BITS - ok
21:46:12.0286 4380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:12.0286 4380 blbdrive - ok
21:46:12.0380 4380 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:46:12.0395 4380 Bonjour Service - ok
21:46:12.0442 4380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:46:12.0442 4380 bowser - ok
21:46:12.0458 4380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:46:12.0458 4380 BrFiltLo - ok
21:46:12.0473 4380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:46:12.0473 4380 BrFiltUp - ok
21:46:12.0489 4380 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:46:12.0504 4380 BridgeMP - ok
21:46:12.0536 4380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:46:12.0551 4380 Browser - ok
21:46:12.0582 4380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:46:12.0598 4380 Brserid - ok
21:46:12.0598 4380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:12.0598 4380 BrSerWdm - ok
21:46:12.0614 4380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:12.0614 4380 BrUsbMdm - ok
21:46:12.0614 4380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:12.0614 4380 BrUsbSer - ok
21:46:12.0629 4380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:46:12.0629 4380 BTHMODEM - ok
21:46:12.0676 4380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:46:12.0676 4380 bthserv - ok
21:46:12.0707 4380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:46:12.0707 4380 cdfs - ok
21:46:12.0754 4380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:46:12.0754 4380 cdrom - ok
21:46:12.0816 4380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:46:12.0816 4380 CertPropSvc - ok
21:46:12.0848 4380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:46:12.0848 4380 circlass - ok
21:46:12.0894 4380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:46:12.0910 4380 CLFS - ok
21:46:12.0988 4380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:12.0988 4380 clr_optimization_v2.0.50727_32 - ok
21:46:13.0035 4380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:46:13.0050 4380 clr_optimization_v2.0.50727_64 - ok
21:46:13.0066 4380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:13.0066 4380 CmBatt - ok
21:46:13.0082 4380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:46:13.0082 4380 cmdide - ok
21:46:13.0160 4380 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:46:13.0175 4380 CNG - ok
21:46:13.0191 4380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:46:13.0191 4380 Compbatt - ok
21:46:13.0222 4380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:46:13.0222 4380 CompositeBus - ok
21:46:13.0238 4380 COMSysApp - ok
21:46:13.0253 4380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:46:13.0253 4380 crcdisk - ok
21:46:13.0300 4380 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:46:13.0316 4380 CryptSvc - ok
21:46:13.0409 4380 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:46:13.0425 4380 CSC - ok
21:46:13.0518 4380 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:46:13.0518 4380 CscService - ok
21:46:13.0581 4380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:46:13.0596 4380 DcomLaunch - ok
21:46:13.0643 4380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:46:13.0643 4380 defragsvc - ok
21:46:13.0721 4380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:46:13.0721 4380 DfsC - ok
21:46:13.0768 4380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:46:13.0799 4380 Dhcp - ok
21:46:13.0815 4380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:46:13.0815 4380 discache - ok
21:46:13.0846 4380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:46:13.0846 4380 Disk - ok
21:46:13.0893 4380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:46:13.0893 4380 Dnscache - ok
21:46:13.0955 4380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:46:13.0971 4380 dot3svc - ok
21:46:14.0033 4380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:46:14.0033 4380 DPS - ok
21:46:14.0064 4380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:46:14.0064 4380 drmkaud - ok
21:46:14.0189 4380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:46:14.0205 4380 DXGKrnl - ok
21:46:14.0236 4380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:46:14.0252 4380 EapHost - ok
21:46:14.0517 4380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:46:14.0595 4380 ebdrv - ok
21:46:14.0735 4380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:46:14.0751 4380 EFS - ok
21:46:14.0876 4380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:46:14.0891 4380 ehRecvr - ok
21:46:14.0922 4380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:46:14.0922 4380 ehSched - ok
21:46:15.0016 4380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:46:15.0032 4380 elxstor - ok
21:46:15.0063 4380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:46:15.0063 4380 ErrDev - ok
21:46:15.0141 4380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:46:15.0141 4380 EventSystem - ok
21:46:15.0188 4380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:46:15.0203 4380 exfat - ok
21:46:15.0250 4380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:46:15.0250 4380 fastfat - ok
21:46:15.0359 4380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:46:15.0375 4380 Fax - ok
21:46:15.0390 4380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:46:15.0390 4380 fdc - ok
21:46:15.0406 4380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:46:15.0406 4380 fdPHost - ok
21:46:15.0422 4380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:46:15.0422 4380 FDResPub - ok
21:46:15.0437 4380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:46:15.0437 4380 FileInfo - ok
21:46:15.0453 4380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:46:15.0453 4380 Filetrace - ok
21:46:15.0453 4380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:15.0453 4380 flpydisk - ok
21:46:15.0500 4380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:46:15.0515 4380 FltMgr - ok
21:46:15.0624 4380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:46:15.0640 4380 FontCache - ok
21:46:15.0718 4380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:46:15.0718 4380 FontCache3.0.0.0 - ok
21:46:15.0780 4380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:46:15.0780 4380 FsDepends - ok
21:46:15.0812 4380 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:46:15.0827 4380 Fs_Rec - ok
21:46:15.0874 4380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:46:15.0874 4380 fvevol - ok
21:46:15.0905 4380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:46:15.0905 4380 gagp30kx - ok
21:46:15.0952 4380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:46:15.0952 4380 GEARAspiWDM - ok
21:46:16.0061 4380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:46:16.0061 4380 gpsvc - ok
21:46:16.0092 4380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:46:16.0092 4380 hcw85cir - ok
21:46:16.0139 4380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:46:16.0155 4380 HdAudAddService - ok
21:46:16.0186 4380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:46:16.0186 4380 HDAudBus - ok
21:46:16.0186 4380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:46:16.0186 4380 HidBatt - ok
21:46:16.0202 4380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:46:16.0202 4380 HidBth - ok
21:46:16.0217 4380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:46:16.0217 4380 HidIr - ok
21:46:16.0248 4380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:46:16.0248 4380 hidserv - ok
21:46:16.0280 4380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:46:16.0280 4380 HidUsb - ok
21:46:16.0311 4380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:46:16.0311 4380 hkmsvc - ok
21:46:16.0373 4380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:46:16.0389 4380 HomeGroupListener - ok
21:46:16.0436 4380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:46:16.0451 4380 HomeGroupProvider - ok
21:46:16.0498 4380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:46:16.0498 4380 HpSAMD - ok
21:46:16.0607 4380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:46:16.0623 4380 HTTP - ok
21:46:16.0638 4380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:46:16.0654 4380 hwpolicy - ok
21:46:16.0670 4380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:46:16.0670 4380 i8042prt - ok
21:46:16.0732 4380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:46:16.0748 4380 iaStorV - ok
21:46:16.0904 4380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:46:16.0919 4380 idsvc - ok
21:46:16.0950 4380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:46:16.0950 4380 iirsp - ok
21:46:17.0044 4380 IJPLMSVC (c5b04409186a27409bd069580208a6d3) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:46:17.0060 4380 IJPLMSVC - ok
21:46:17.0169 4380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:46:17.0200 4380 IKEEXT - ok
21:46:17.0247 4380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:46:17.0247 4380 intelide - ok
21:46:17.0262 4380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:46:17.0262 4380 intelppm - ok
21:46:17.0309 4380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:46:17.0309 4380 IPBusEnum - ok
21:46:17.0356 4380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:17.0356 4380 IpFilterDriver - ok
21:46:17.0434 4380 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:46:17.0465 4380 iphlpsvc - ok
21:46:17.0512 4380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:46:17.0512 4380 IPMIDRV - ok
21:46:17.0543 4380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:46:17.0543 4380 IPNAT - ok
21:46:17.0699 4380 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:46:17.0715 4380 iPod Service - ok
21:46:17.0730 4380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:46:17.0730 4380 IRENUM - ok
21:46:17.0762 4380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:46:17.0762 4380 isapnp - ok
21:46:17.0808 4380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:46:17.0824 4380 iScsiPrt - ok
21:46:17.0871 4380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:46:17.0871 4380 kbdclass - ok
21:46:17.0902 4380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:46:17.0902 4380 kbdhid - ok
21:46:17.0933 4380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:46:17.0933 4380 KeyIso - ok
21:46:17.0964 4380 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:46:17.0964 4380 KSecDD - ok
21:46:17.0996 4380 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:46:17.0996 4380 KSecPkg - ok
21:46:18.0027 4380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:46:18.0027 4380 ksthunk - ok
21:46:18.0105 4380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:46:18.0120 4380 KtmRm - ok
21:46:18.0183 4380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:46:18.0198 4380 LanmanServer - ok
21:46:18.0245 4380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:46:18.0261 4380 LanmanWorkstation - ok
21:46:18.0292 4380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:46:18.0292 4380 lltdio - ok
21:46:18.0339 4380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:46:18.0354 4380 lltdsvc - ok
21:46:18.0386 4380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:46:18.0386 4380 lmhosts - ok
21:46:18.0432 4380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:46:18.0448 4380 LSI_FC - ok
21:46:18.0479 4380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:46:18.0510 4380 LSI_SAS - ok
21:46:18.0526 4380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:46:18.0526 4380 LSI_SAS2 - ok
21:46:18.0542 4380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:46:18.0542 4380 LSI_SCSI - ok
21:46:18.0573 4380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:46:18.0573 4380 luafv - ok
21:46:18.0604 4380 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:46:18.0604 4380 MBAMProtector - ok
21:46:18.0963 4380 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:46:18.0978 4380 MBAMService - ok
21:46:19.0010 4380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:46:19.0025 4380 Mcx2Svc - ok
21:46:19.0041 4380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:46:19.0041 4380 megasas - ok
21:46:19.0072 4380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:46:19.0088 4380 MegaSR - ok
21:46:19.0119 4380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:46:19.0119 4380 MMCSS - ok
21:46:19.0134 4380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:46:19.0134 4380 Modem - ok
21:46:19.0150 4380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:46:19.0150 4380 monitor - ok
21:46:19.0166 4380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:46:19.0166 4380 mouclass - ok
21:46:19.0181 4380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:46:19.0181 4380 mouhid - ok
21:46:19.0212 4380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:46:19.0212 4380 mountmgr - ok
21:46:19.0259 4380 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:46:19.0259 4380 MpFilter - ok
21:46:19.0306 4380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:46:19.0306 4380 mpio - ok
21:46:19.0337 4380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:46:19.0337 4380 mpsdrv - ok
21:46:19.0478 4380 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:46:19.0493 4380 MpsSvc - ok
21:46:19.0540 4380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:46:19.0556 4380 MRxDAV - ok
21:46:19.0587 4380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:19.0587 4380 mrxsmb - ok
21:46:19.0649 4380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:19.0649 4380 mrxsmb10 - ok
21:46:19.0712 4380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:19.0712 4380 mrxsmb20 - ok
21:46:19.0743 4380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:46:19.0743 4380 msahci - ok
21:46:19.0790 4380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:46:19.0805 4380 msdsm - ok
21:46:19.0852 4380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:46:19.0868 4380 MSDTC - ok
21:46:19.0899 4380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:46:19.0899 4380 Msfs - ok
21:46:19.0914 4380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:46:19.0914 4380 mshidkmdf - ok
21:46:19.0930 4380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:46:19.0946 4380 msisadrv - ok
21:46:19.0992 4380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:46:19.0992 4380 MSiSCSI - ok
21:46:20.0008 4380 msiserver - ok
21:46:20.0024 4380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:46:20.0024 4380 MSKSSRV - ok
21:46:20.0024 4380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:20.0024 4380 MSPCLOCK - ok
21:46:20.0039 4380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:46:20.0039 4380 MSPQM - ok
21:46:20.0086 4380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:46:20.0086 4380 MsRPC - ok
21:46:20.0117 4380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:46:20.0117 4380 mssmbios - ok
21:46:20.0117 4380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:46:20.0117 4380 MSTEE - ok
21:46:20.0117 4380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:46:20.0133 4380 MTConfig - ok
21:46:20.0148 4380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:46:20.0148 4380 Mup - ok
21:46:20.0211 4380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:46:20.0226 4380 napagent - ok
21:46:20.0289 4380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:46:20.0304 4380 NativeWifiP - ok
21:46:20.0414 4380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:46:20.0429 4380 NDIS - ok
21:46:20.0445 4380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:20.0445 4380 NdisCap - ok
21:46:20.0460 4380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:20.0476 4380 NdisTapi - ok
21:46:20.0507 4380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:20.0507 4380 Ndisuio - ok
21:46:20.0570 4380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:20.0570 4380 NdisWan - ok
21:46:20.0601 4380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:46:20.0601 4380 NDProxy - ok
21:46:20.0632 4380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:46:20.0632 4380 NetBIOS - ok
21:46:20.0694 4380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:46:20.0710 4380 NetBT - ok
21:46:20.0741 4380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:46:20.0741 4380 Netlogon - ok
21:46:20.0819 4380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:46:20.0835 4380 Netman - ok
21:46:20.0882 4380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:46:20.0882 4380 netprofm - ok
21:46:20.0975 4380 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:46:20.0975 4380 NetTcpPortSharing - ok
21:46:21.0022 4380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:46:21.0022 4380 nfrd960 - ok
21:46:21.0069 4380 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:46:21.0100 4380 NisDrv - ok
21:46:21.0178 4380 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:46:21.0194 4380 NisSrv - ok
21:46:21.0256 4380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:46:21.0272 4380 NlaSvc - ok
21:46:21.0303 4380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:46:21.0303 4380 Npfs - ok
21:46:21.0334 4380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:46:21.0350 4380 nsi - ok
21:46:21.0365 4380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:46:21.0365 4380 nsiproxy - ok
21:46:21.0568 4380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:46:21.0630 4380 Ntfs - ok
21:46:21.0771 4380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:46:21.0771 4380 Null - ok
21:46:21.0833 4380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:46:21.0833 4380 nvraid - ok
21:46:21.0880 4380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:46:21.0896 4380 nvstor - ok
21:46:21.0942 4380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:46:21.0974 4380 nv_agp - ok
21:46:22.0098 4380 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:46:22.0114 4380 odserv - ok
21:46:22.0145 4380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:46:22.0145 4380 ohci1394 - ok
21:46:22.0208 4380 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:46:22.0208 4380 ose - ok
21:46:22.0270 4380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:46:22.0286 4380 p2pimsvc - ok
21:46:22.0348 4380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:46:22.0364 4380 p2psvc - ok
21:46:22.0410 4380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:46:22.0410 4380 Parport - ok
21:46:22.0457 4380 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:46:22.0457 4380 partmgr - ok
21:46:22.0473 4380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:46:22.0488 4380 PcaSvc - ok
21:46:22.0520 4380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:46:22.0520 4380 pci - ok
21:46:22.0551 4380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:46:22.0551 4380 pciide - ok
21:46:22.0582 4380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:46:22.0582 4380 pcmcia - ok
21:46:22.0598 4380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:46:22.0598 4380 pcw - ok
21:46:22.0676 4380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:46:22.0676 4380 PEAUTH - ok
21:46:22.0816 4380 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:46:22.0847 4380 PeerDistSvc - ok
21:46:22.0941 4380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:46:22.0941 4380 PerfHost - ok
21:46:23.0222 4380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:46:23.0253 4380 pla - ok
21:46:23.0315 4380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:46:23.0315 4380 PlugPlay - ok
21:46:23.0346 4380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:46:23.0346 4380 PNRPAutoReg - ok
21:46:23.0393 4380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:46:23.0393 4380 PNRPsvc - ok
21:46:23.0456 4380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:46:23.0471 4380 PolicyAgent - ok
21:46:23.0534 4380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:46:23.0565 4380 Power - ok
21:46:23.0627 4380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:46:23.0658 4380 PptpMiniport - ok
21:46:23.0690 4380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:46:23.0690 4380 Processor - ok
21:46:23.0736 4380 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:46:23.0752 4380 ProfSvc - ok
21:46:23.0799 4380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:46:23.0799 4380 ProtectedStorage - ok
21:46:23.0861 4380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:46:23.0861 4380 Psched - ok
21:46:24.0033 4380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:46:24.0064 4380 ql2300 - ok
21:46:24.0204 4380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:46:24.0236 4380 ql40xx - ok
21:46:24.0282 4380 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:46:24.0298 4380 QWAVE - ok
21:46:24.0329 4380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:46:24.0329 4380 QWAVEdrv - ok
21:46:24.0345 4380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:46:24.0345 4380 RasAcd - ok
21:46:24.0376 4380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:24.0376 4380 RasAgileVpn - ok
21:46:24.0407 4380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:46:24.0407 4380 RasAuto - ok
21:46:24.0454 4380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:24.0470 4380 Rasl2tp - ok
21:46:24.0548 4380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:46:24.0563 4380 RasMan - ok
21:46:24.0594 4380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:24.0594 4380 RasPppoe - ok
21:46:24.0610 4380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:46:24.0610 4380 RasSstp - ok
21:46:24.0672 4380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:46:24.0672 4380 rdbss - ok
21:46:24.0688 4380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:24.0688 4380 rdpbus - ok
21:46:24.0704 4380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:24.0704 4380 RDPCDD - ok
21:46:24.0750 4380 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:46:24.0750 4380 RDPDR - ok
21:46:24.0782 4380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:46:24.0782 4380 RDPENCDD - ok
21:46:24.0782 4380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:46:24.0782 4380 RDPREFMP - ok
21:46:24.0828 4380 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:46:24.0828 4380 RDPWD - ok
21:46:24.0906 4380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:46:24.0906 4380 rdyboost - ok
21:46:24.0984 4380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:46:25.0000 4380 RemoteAccess - ok
21:46:25.0062 4380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:46:25.0062 4380 RemoteRegistry - ok
21:46:25.0078 4380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:46:25.0094 4380 RpcEptMapper - ok
21:46:25.0109 4380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:46:25.0125 4380 RpcLocator - ok
21:46:25.0203 4380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:46:25.0218 4380 RpcSs - ok
21:46:25.0250 4380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:46:25.0250 4380 rspndr - ok
21:46:25.0312 4380 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:46:25.0312 4380 RTL8167 - ok
21:46:25.0343 4380 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:46:25.0359 4380 s3cap - ok
21:46:25.0390 4380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:46:25.0406 4380 SamSs - ok
21:46:25.0452 4380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:46:25.0468 4380 sbp2port - ok
21:46:25.0515 4380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:46:25.0530 4380 SCardSvr - ok
21:46:25.0562 4380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:46:25.0562 4380 scfilter - ok
21:46:25.0702 4380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:46:25.0718 4380 Schedule - ok
21:46:25.0764 4380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:46:25.0764 4380 SCPolicySvc - ok
21:46:25.0827 4380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:46:25.0842 4380 SDRSVC - ok
21:46:25.0920 4380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:46:25.0920 4380 secdrv - ok
21:46:25.0952 4380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:46:25.0952 4380 seclogon - ok
21:46:25.0983 4380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:46:25.0983 4380 SENS - ok
21:46:25.0998 4380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:46:26.0014 4380 SensrSvc - ok
21:46:26.0030 4380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:46:26.0030 4380 Serenum - ok
21:46:26.0061 4380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:46:26.0061 4380 Serial - ok
21:46:26.0092 4380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:46:26.0092 4380 sermouse - ok
21:46:26.0139 4380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:46:26.0170 4380 SessionEnv - ok
21:46:26.0201 4380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:46:26.0201 4380 sffdisk - ok
21:46:26.0217 4380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:46:26.0217 4380 sffp_mmc - ok
21:46:26.0232 4380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:46:26.0232 4380 sffp_sd - ok
21:46:26.0232 4380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:46:26.0232 4380 sfloppy - ok
21:46:26.0342 4380 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:46:26.0357 4380 SharedAccess - ok
21:46:26.0435 4380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:46:26.0451 4380 ShellHWDetection - ok
21:46:26.0466 4380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:46:26.0466 4380 SiSRaid2 - ok
21:46:26.0498 4380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:46:26.0498 4380 SiSRaid4 - ok
21:46:26.0513 4380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:46:26.0513 4380 Smb - ok
21:46:26.0560 4380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:46:26.0560 4380 SNMPTRAP - ok
21:46:26.0560 4380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:46:26.0560 4380 spldr - ok
21:46:26.0638 4380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:46:26.0654 4380 Spooler - ok
21:46:26.0934 4380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:46:27.0012 4380 sppsvc - ok
21:46:27.0153 4380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:46:27.0153 4380 sppuinotify - ok
21:46:27.0278 4380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:46:27.0293 4380 srv - ok
21:46:27.0340 4380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:46:27.0340 4380 srv2 - ok
21:46:27.0371 4380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:46:27.0387 4380 srvnet - ok
21:46:27.0418 4380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:46:27.0434 4380 SSDPSRV - ok
21:46:27.0449 4380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:46:27.0449 4380 SstpSvc - ok
21:46:27.0558 4380 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
21:46:27.0558 4380 STacSV - ok
21:46:27.0590 4380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:46:27.0590 4380 stexstor - ok
21:46:27.0668 4380 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:46:27.0683 4380 STHDA - ok
21:46:27.0777 4380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:46:27.0792 4380 stisvc - ok
21:46:27.0824 4380 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:46:27.0839 4380 storflt - ok
21:46:27.0870 4380 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:46:27.0870 4380 StorSvc - ok
21:46:27.0902 4380 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:46:27.0902 4380 storvsc - ok
21:46:27.0917 4380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:46:27.0933 4380 swenum - ok
21:46:28.0011 4380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:46:28.0026 4380 swprv - ok
21:46:28.0104 4380 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
21:46:28.0120 4380 SynTP - ok
21:46:28.0323 4380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:46:28.0370 4380 SysMain - ok
21:46:28.0510 4380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:46:28.0541 4380 TabletInputService - ok
21:46:28.0604 4380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:46:28.0619 4380 TapiSrv - ok
21:46:28.0650 4380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:46:28.0650 4380 TBS - ok
21:46:28.0884 4380 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:46:28.0931 4380 Tcpip - ok
21:46:29.0228 4380 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:46:29.0259 4380 TCPIP6 - ok
21:46:29.0352 4380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:46:29.0368 4380 tcpipreg - ok
21:46:29.0399 4380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:46:29.0399 4380 TDPIPE - ok
21:46:29.0430 4380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:46:29.0430 4380 TDTCP - ok
21:46:29.0462 4380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:46:29.0493 4380 tdx - ok
21:46:29.0524 4380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:46:29.0524 4380 TermDD - ok
21:46:29.0602 4380 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:46:29.0633 4380 TermService - ok
21:46:29.0664 4380 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:46:29.0664 4380 Themes - ok
21:46:29.0696 4380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:46:29.0696 4380 THREADORDER - ok
21:46:29.0742 4380 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
21:46:29.0742 4380 tmactmon - ok
21:46:29.0789 4380 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
21:46:29.0805 4380 tmcomm - ok
21:46:29.0836 4380 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:46:29.0836 4380 tmevtmgr - ok
21:46:29.0867 4380 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
21:46:29.0883 4380 tmtdi - ok
21:46:29.0930 4380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:46:29.0961 4380 TrkWks - ok
21:46:30.0070 4380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:46:30.0070 4380 TrustedInstaller - ok
21:46:30.0101 4380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:30.0101 4380 tssecsrv - ok
21:46:30.0148 4380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:46:30.0148 4380 TsUsbFlt - ok
21:46:30.0195 4380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:46:30.0195 4380 tunnel - ok
21:46:30.0242 4380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:46:30.0242 4380 uagp35 - ok
21:46:30.0304 4380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:46:30.0320 4380 udfs - ok
21:46:30.0351 4380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:46:30.0351 4380 UI0Detect - ok
21:46:30.0398 4380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:46:30.0398 4380 uliagpkx - ok
21:46:30.0444 4380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:46:30.0444 4380 umbus - ok
21:46:30.0460 4380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:46:30.0460 4380 UmPass - ok
21:46:30.0507 4380 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:46:30.0522 4380 UmRdpService - ok
21:46:30.0585 4380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:46:30.0600 4380 upnphost - ok
21:46:30.0632 4380 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:46:30.0632 4380 USBAAPL64 - ok
21:46:30.0663 4380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:30.0663 4380 usbccgp - ok
21:46:30.0694 4380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:46:30.0710 4380 usbcir - ok
21:46:30.0741 4380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:46:30.0741 4380 usbehci - ok
21:46:30.0772 4380 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
21:46:30.0772 4380 usbfilter - ok
21:46:30.0819 4380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:46:30.0834 4380 usbhub - ok
21:46:30.0866 4380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:46:30.0866 4380 usbohci - ok
21:46:30.0897 4380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:46:30.0897 4380 usbprint - ok
21:46:30.0944 4380 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:46:30.0944 4380 usbscan - ok
21:46:30.0990 4380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:30.0990 4380 USBSTOR - ok
21:46:31.0022 4380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:46:31.0022 4380 usbuhci - ok
21:46:31.0068 4380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:46:31.0084 4380 usbvideo - ok
21:46:31.0115 4380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:46:31.0131 4380 UxSms - ok
21:46:31.0162 4380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:46:31.0162 4380 VaultSvc - ok
21:46:31.0193 4380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:46:31.0209 4380 vdrvroot - ok
21:46:31.0302 4380 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:46:31.0318 4380 vds - ok
21:46:31.0349 4380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:31.0349 4380 vga - ok
21:46:31.0365 4380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:46:31.0365 4380 VgaSave - ok
21:46:31.0427 4380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:46:31.0443 4380 vhdmp - ok
21:46:31.0474 4380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:46:31.0474 4380 viaide - ok
21:46:31.0505 4380 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:46:31.0521 4380 vmbus - ok
21:46:31.0536 4380 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:46:31.0536 4380 VMBusHID - ok
21:46:31.0583 4380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:46:31.0583 4380 volmgr - ok
21:46:31.0661 4380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:46:31.0661 4380 volmgrx - ok
21:46:31.0724 4380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:46:31.0724 4380 volsnap - ok
21:46:31.0770 4380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:46:31.0786 4380 vsmraid - ok
21:46:31.0958 4380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:46:32.0004 4380 VSS - ok
21:46:32.0129 4380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:46:32.0129 4380 vwifibus - ok
21:46:32.0160 4380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:46:32.0160 4380 vwififlt - ok
21:46:32.0223 4380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:46:32.0238 4380 W32Time - ok
21:46:32.0254 4380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:46:32.0254 4380 WacomPen - ok
21:46:32.0301 4380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:32.0301 4380 WANARP - ok
21:46:32.0301 4380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:32.0301 4380 Wanarpv6 - ok
21:46:32.0441 4380 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:46:32.0457 4380 WatAdminSvc - ok
21:46:32.0628 4380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:46:32.0675 4380 wbengine - ok
21:46:32.0831 4380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:46:32.0847 4380 WbioSrvc - ok
21:46:32.0925 4380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:46:32.0940 4380 wcncsvc - ok
21:46:32.0956 4380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:46:32.0972 4380 WcsPlugInService - ok
21:46:33.0018 4380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:46:33.0018 4380 Wd - ok
21:46:33.0096 4380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:46:33.0112 4380 Wdf01000 - ok
21:46:33.0143 4380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:33.0143 4380 WdiServiceHost - ok
21:46:33.0143 4380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:33.0143 4380 WdiSystemHost - ok
21:46:33.0206 4380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:46:33.0221 4380 WebClient - ok
21:46:33.0252 4380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:46:33.0268 4380 Wecsvc - ok
21:46:33.0284 4380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:46:33.0284 4380 wercplsupport - ok
21:46:33.0315 4380 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:46:33.0315 4380 WerSvc - ok
21:46:33.0330 4380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:46:33.0330 4380 WfpLwf - ok
21:46:33.0362 4380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:46:33.0362 4380 WIMMount - ok
21:46:33.0377 4380 WinDefend - ok
21:46:33.0393 4380 WinHttpAutoProxySvc - ok
21:46:33.0486 4380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:46:33.0486 4380 Winmgmt - ok
21:46:33.0720 4380 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:46:33.0783 4380 WinRM - ok
21:46:33.0923 4380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:46:33.0939 4380 WinUsb - ok
21:46:34.0048 4380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:46:34.0064 4380 Wlansvc - ok
21:46:34.0126 4380 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
21:46:34.0142 4380 wltrysvc - ok
21:46:34.0157 4380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:46:34.0157 4380 WmiAcpi - ok
21:46:34.0251 4380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:46:34.0266 4380 wmiApSrv - ok
21:46:34.0298 4380 WMPNetworkSvc - ok
21:46:34.0329 4380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:46:34.0344 4380 WPCSvc - ok
21:46:34.0407 4380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:46:34.0422 4380 WPDBusEnum - ok
21:46:34.0454 4380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:46:34.0454 4380 ws2ifsl - ok
21:46:34.0469 4380 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:46:34.0500 4380 wscsvc - ok
21:46:34.0500 4380 WSearch - ok
21:46:34.0797 4380 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:46:34.0859 4380 wuauserv - ok
21:46:35.0015 4380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:46:35.0031 4380 WudfPf - ok
21:46:35.0078 4380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:35.0093 4380 WUDFRd - ok
21:46:35.0140 4380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:46:35.0140 4380 wudfsvc - ok
21:46:35.0187 4380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:46:35.0218 4380 WwanSvc - ok
21:46:35.0249 4380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:46:35.0592 4380 \Device\Harddisk0\DR0 - ok
21:46:35.0592 4380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:46:38.0322 4380 \Device\Harddisk1\DR1 - ok
21:46:38.0322 4380 Boot (0x1200) (3c746602694f212dcd5b0871a1557c6f) \Device\Harddisk0\DR0\Partition0
21:46:38.0322 4380 \Device\Harddisk0\DR0\Partition0 - ok
21:46:38.0354 4380 Boot (0x1200) (76df8ad0c07809c55b9353167bf65970) \Device\Harddisk0\DR0\Partition1
21:46:38.0354 4380 \Device\Harddisk0\DR0\Partition1 - ok
21:46:38.0354 4380 Boot (0x1200) (b4d332de3fbd2ae1f0b84964dc8e7ba8) \Device\Harddisk1\DR1\Partition0
21:46:38.0354 4380 \Device\Harddisk1\DR1\Partition0 - ok
21:46:38.0354 4380 ============================================================
21:46:38.0354 4380 Scan finished
21:46:38.0354 4380 ============================================================
21:46:38.0369 2928 Detected object count: 0
21:46:38.0369 2928 Actual detected object count: 0











aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 21:48:56
-----------------------------
21:48:56.055 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:56.055 Number of processors: 3 586 0x503
21:48:56.055 ComputerName: KAREN-PC UserName: Karen
21:48:59.269 Initialize success
21:49:53.898 AVAST engine defs: 12062201
21:51:21.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:51:21.508 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 11
21:51:21.555 Disk 0 MBR read successfully
21:51:21.555 Disk 0 MBR scan
21:51:21.570 Disk 0 Windows 7 default MBR code
21:51:21.570 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:51:21.586 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:51:21.617 Disk 0 scanning C:\Windows\system32\drivers
21:51:32.943 Service scanning
21:51:56.842 Modules scanning
21:51:56.858 Disk 0 trace - called modules:
21:51:56.905 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:51:56.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487c060]
21:51:56.936 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047ea060]
21:51:59.759 AVAST engine scan C:\Windows
21:52:03.737 AVAST engine scan C:\Windows\system32
21:53:54.076 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:53:56.432 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:54:53.731 AVAST engine scan C:\Windows\system32\drivers
21:55:08.504 AVAST engine scan C:\Users\Karen
21:59:39.790 AVAST engine scan C:\ProgramData
22:00:59.039 Scan finished successfully
22:05:28.685 Disk 0 MBR has been saved successfully to "E:\Karen\MBR.dat"
22:05:28.701 The log file has been saved successfully to "E:\Karen\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 23 June 2012 - 07:50 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 23 June 2012 - 11:24 PM

Computer seems to be doing much better.

Combofix had to update before it ran, so I assumed that was alright.

Here is the log.






ComboFix 12-06-23.06 - Karen 06/23/2012 23:59:15.2.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3836.2635 [GMT -4:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 04:09 . 2012-06-24 04:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 00:36 . 2012-06-21 00:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-21 00:33 . 2012-06-21 00:33 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 00:32 . 2012-06-21 00:32 -------- d-----w- c:\programdata\McAfee
2012-06-18 21:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 21:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 21:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 21:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 21:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 21:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 21:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 21:46 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 21:46 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:56 . 2012-06-14 02:56 -------- d-----w- c:\program files (x86)\ESET
2012-06-14 02:46 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:46 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:46 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 02:46 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 02:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 16:42 . 2012-06-09 16:42 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-09 16:42 . 2012-06-09 16:42 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-09 16:41 . 2012-06-09 16:41 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-09 16:41 . 2012-06-09 16:41 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-09 16:39 . 2012-06-09 16:39 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-09 16:38 . 2012-06-09 16:38 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-09 16:38 . 2012-06-09 16:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-09 16:38 . 2012-06-09 16:38 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-09 16:38 . 2012-06-09 16:38 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-09 16:38 . 2012-06-09 16:38 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-09 16:37 . 2012-06-09 16:37 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-09 16:37 . 2012-06-09 16:37 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-09 16:37 . 2012-06-09 16:37 2871808 ----a-w- c:\windows\explorer.exe
2012-06-09 16:37 . 2012-06-09 16:37 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-06-09 16:36 . 2012-06-09 16:36 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-06-09 16:36 . 2012-06-09 16:36 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-06-09 16:36 . 2012-06-09 16:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-09 16:36 . 2012-06-09 16:36 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-09 16:36 . 2012-06-09 16:36 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-09 16:34 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\programdata\IObit
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\Karen\AppData\Roaming\IObit
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\program files (x86)\IObit
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\users\Karen\AppData\Roaming\Malwarebytes
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 13:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 13:15 . 2012-06-09 13:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-31 12:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE7350F0-F1FD-4117-B112-E0493AEC0603}\mpengine.dll
2012-05-29 18:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 00:33 . 2011-11-16 13:13 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 16:37 . 2012-06-09 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-06-09 16:37 . 2012-06-09 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-03-30 11:35 . 2012-05-09 18:49 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_01.30.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 21:14 . 2012-06-23 01:24 39734 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 03:49 44174 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-25 16:27 . 2012-06-24 03:49 11246 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1778739511-2529545003-881932040-1000_UserData.bin
+ 2011-08-30 21:38 . 2012-06-22 01:45 7090 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-24 04:10 . 2012-06-24 04:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 01:29 . 2012-06-22 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 04:10 . 2012-06-24 04:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-22 01:29 . 2012-06-22 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-25 13:19 . 2012-06-23 04:51 275496 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-14 02:41 640284 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 01:46 640284 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 01:46 112206 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-14 02:41 112206 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-22 01:29 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-24 04:09 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-25 23:50 . 2012-06-19 02:38 2316592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1778739511-2529545003-881932040-1000-8192.dat
+ 2011-08-25 23:50 . 2012-06-24 04:09 2316592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1778739511-2529545003-881932040-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files (x86)\Road_Runner\prxtbRoad.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Road_Runner\prxtbRoad.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e4878b45-e2c0-4307-b6e8-734922f92f5b}"= "c:\program files (x86)\Road_Runner\prxtbRoad.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e4878b45-e2c0-4307-b6e8-734922f92f5b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778739511-2529545003-881932040-1000Core.job
- c:\users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 18:30]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778739511-2529545003-881932040-1000UA.job
- c:\users\Karen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 18:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E4878B45-E2C0-4307-B6E8-734922F92F5B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
.
**************************************************************************
.
Completion time: 2012-06-24 00:15:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 04:15
ComboFix2.txt 2012-06-22 01:36
.
Pre-Run: 454,455,648,256 bytes free
Post-Run: 454,513,389,568 bytes free
.
- - End Of File - - 6DB24A6E007B7E6F7241514E954CF127

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 23 June 2012 - 11:37 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 23 June 2012 - 11:50 PM

I only see Java 6 Update 33, not Update 29. I will assume that I am to remove that one.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 23 June 2012 - 11:55 PM

yes that will work


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 24 June 2012 - 12:08 AM

Computer still appears to be functioning correctly. Here are the logs.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

Protection: Enabled

6/24/2012 1:02:24 AM
mbam-log-2012-06-24 (01-02-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206323
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:26 AM, on 6/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\Users\Karen\Desktop\Karen\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8250 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 24 June 2012 - 12:36 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 24 June 2012 - 09:38 PM

There was no log that appeared. It said that there were no threats found and I couldn't find anywhere to save a log. Sounds pretty good! :-)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:08 AM

Posted 24 June 2012 - 10:06 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 24 June 2012 - 10:14 PM

thanks ever so much! You have been a tremendous help!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users