Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Small.FI TR/ATRAPS.Gen2


  • This topic is locked This topic is locked
14 replies to this topic

#1 vergro

vergro

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 28 June 2012 - 06:58 PM

greetings, i am new here and hoping to get some help.
i have some viruses or trojans that are being detected on my machine that i have been unable to remove. avira attempts to quarantine them, but after a reboot they are still there. malwarebytes sees them, and tries to delete them but they come back after reboot. i can run combofix but it doesn't generate a logfile.

Posted Image

am i in serious trouble here?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 30 June 2012 - 12:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vergro

vergro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 July 2012 - 12:28 AM

thank you for the response mr gringo,

1. i ran defogger

2. security check results:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.2)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

3. DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by clay at 22:11:38 on 2012-06-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8052.6571 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe
C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\vVX6000.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\program files (x86)\avira\antivir desktop\ipmGui.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = proxy-tem.asml.com:8080
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [googletalk] C:\Users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\clay\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\clay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\clay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GIDLEE~1.LNK - C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF}\1453D4C4D275C604E4 : DhcpNameServer = 146.106.162.134 146.106.228.102 146.106.192.134
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF}\36C6169747F6E633 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF}\65562796A7F6E6024425F49444850243930353 : DhcpNameServer = 192.168.42.1
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{5C937C33-44B1-4EDD-BA04-67C19A49B9BF}\F6074796D657D677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\guaz2wnz.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.http - proxy-tem.asml.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\clay\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\clay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
.
=============== Created Last 30 ================
.
2012-06-30 01:31:46 -------- d-----w- C:\Users\clay\AppData\Roaming\Avira
2012-06-30 01:30:40 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-30 01:30:40 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-30 01:30:39 -------- d-----w- C:\ProgramData\Avira
2012-06-30 01:30:39 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-30 01:03:24 328704 ----a-w- C:\Windows\System32\services.exe.1D982EBDF631AEE9
2012-06-30 01:00:35 328704 ----a-w- C:\Windows\System32\services.exe.C4BA9582E4D8894D
2012-06-30 00:51:20 328704 ----a-w- C:\Windows\System32\services.exe.01CFCE3210739A0E
2012-06-29 19:56:59 328704 ----a-w- C:\Windows\System32\services.exe.9D6B6CC421C2991A
2012-06-29 19:44:55 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A8E6C17-AD03-420B-841C-D802A39CDB1A}\mpengine.dll
2012-06-29 14:25:12 9013136 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-06-29 05:06:29 -------- d-----w- C:\Users\clay\AppData\Roaming\Stellarium
2012-06-29 05:06:05 -------- d-----w- C:\Program Files (x86)\Stellarium
2012-06-28 23:15:04 -------- d-----w- C:\ComboFix
2012-06-28 19:51:58 -------- d-----w- C:\Users\clay\AppData\Roaming\Malwarebytes
2012-06-28 19:51:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-28 19:51:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-28 19:51:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 19:35:23 328704 ----a-w- C:\Windows\System32\services.exe.AB74C8DB9A92839D
2012-06-28 19:29:22 328704 ----a-w- C:\Windows\System32\services.exe.FC3192417BDDD05A
2012-06-28 02:45:36 -------- d-----w- C:\Users\clay\AppData\Local\fontconfig
2012-06-28 02:45:35 -------- d-----w- C:\Users\clay\.gimp-2.8
2012-06-28 02:45:34 -------- d-----w- C:\Users\clay\AppData\Local\gegl-0.2
2012-06-28 02:44:46 -------- d-----w- C:\Program Files\GIMP 2
2012-06-22 18:25:07 2213120 ------w- C:\Windows\wweb32.dll
2012-06-22 18:25:07 -------- d-----w- C:\Program Files (x86)\WordWeb
2012-06-21 22:40:38 -------- d-----w- C:\Users\clay\AppData\Local\Module
2012-06-21 05:23:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 05:23:00 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 05:22:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 05:22:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 00:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 14:03:51 -------- d-----w- C:\Program Files\CONEXANT
2012-06-19 14:03:26 682624 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys
2012-06-19 14:03:26 426040 ----a-w- C:\Windows\System32\UCI64A52.dll
2012-06-19 14:03:26 1830016 ----a-w- C:\Windows\System32\CX64AQ17.dll
2012-06-19 14:01:40 -------- d-----w- C:\Program Files (x86)\Lenovo
2012-06-18 01:57:49 -------- d-----w- C:\Users\clay\AppData\Local\Nero
2012-06-18 01:52:02 -------- d-----w- C:\ProgramData\Nero
2012-06-18 00:52:32 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 00:52:32 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 21:35:06 134122 ----a-w- C:\Windows\ColorPic Uninstaller.exe
2012-06-17 21:35:06 -------- d-----w- C:\Program Files (x86)\ColorPic 4.1
2012-06-16 11:50:45 -------- d-----w- C:\Users\clay\AppData\Local\WBFSManager
2012-06-16 11:47:23 -------- d-----w- C:\Program Files\WBFS
2012-06-14 11:40:59 754808 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-06-14 08:08:16 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 08:08:16 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 08:08:16 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 08:08:08 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 08:08:06 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 08:08:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 08:08:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:08:00 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 08:07:59 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 08:07:59 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-14 08:07:54 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 08:07:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 08:07:47 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 08:07:46 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 08:07:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 08:07:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 08:07:46 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 08:07:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-09 22:12:28 -------- d-----w- C:\Users\clay\AppData\Local\Macromedia
2012-06-05 12:17:51 -------- d-----w- C:\ProgramData\ALM
2012-06-05 12:15:57 -------- d-----w- C:\Windows\SysWow64\spool
2012-06-05 12:12:54 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
.
==================== Find3M ====================
.
2012-06-30 00:57:42 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-09 22:11:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 22:11:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-28 08:13:31 1824256 ----a-w- C:\Windows\SysWow64\mprdin.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 23:59:13 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 09:58:25 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-27 09:58:25 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-27 09:58:25 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-04-11 11:12:18 2884096 ----a-w- C:\Windows\System32\python32.dll
2012-04-11 03:31:54 2303488 ----a-w- C:\Windows\SysWow64\python27.dll
.
============= FINISH: 22:16:19.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2011 2:44:29 AM
System Uptime: 6/30/2012 10:09:19 PM (0 hours ago)
.
Motherboard: LENOVO | | 2537Y1U
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | None | 2256/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 182.459 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Illustrator CS5
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Angry Birds Space 1.0.0
Audacity 2.0
AutoHotkey 1.1.05.04
Avira Free Antivirus
BovadaPoker
calibre
CoffeeCup Free HTML Editor
ColorPic
Connect
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FileZilla Client 3.5.3
FL Studio 10
foobar2000 v1.1.10
Google Chrome
Google Talk (remove only)
GPL Ghostscript
High-Definition Video Playback
IL Download Manager
kuler
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
LG USB Modem driver
lightshot-2.5.0.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Corporation
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Cliparts
Nero 11 Collection 1
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Video 11
Nero Video 11 Help (CHM)
nero.prerequisites.msi
Orbit Downloader
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Python 2.7 setuptools-0.6c11
Python 2.7.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shuangs Audio Joiner 2.5
Skype Click to Call
Skype™ 5.9
SpeedFan (remove only)
StarCraft II
Stellarium 0.11.3
Suite Shared Configuration CS4
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
uTorrentControl2 Toolbar
VLC media player 2.0.1
VNC Free Edition 4.1.3
WBFS Manager 3.0
WordWeb
.
==== Event Viewer Messages From Past Week ========
.
6/30/2012 9:06:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/30/2012 2:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/30/2012 2:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/30/2012 2:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/30/2012 10:26:51 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
6/30/2012 10:10:53 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/30/2012 10:10:10 PM, Error: Service Control Manager [7023] -
6/30/2012 10:05:54 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
6/30/2012 10:04:39 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/29/2012 7:25:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.129.688.0).
6/25/2012 12:02:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff880033ff680, 0x0000000000000002, 0x0000000000000000, 0xfffff880080d7e75). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062512-40263-01.
6/23/2012 8:28:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user clay-laptop\clay SID (S-1-5-21-4242964392-474035767-3661120704-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/23/2012 8:28:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user clay-laptop\clay SID (S-1-5-21-4242964392-474035767-3661120704-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 01 July 2012 - 12:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vergro

vergro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 July 2012 - 02:16 PM

combo fix definitely fixed some issues, since windows firewall is working again! however i am still getting some popups from something that is attempting to access the internet... progress has been made though!
Posted Image


ComboFix 12-07-01.03 - clay 07/01/2012 10:10:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8052.6475 [GMT -7:00]
Running from: c:\users\clay\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\clay\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B93AA7B-D127-467C-A537-E2118D7D8196}.xps
c:\windows\Installer\{48555f7f-ae12-4f0e-dcf0-bd7c29522f9b}\@
c:\windows\Installer\{48555f7f-ae12-4f0e-dcf0-bd7c29522f9b}\U\00000001.@
c:\windows\Installer\{48555f7f-ae12-4f0e-dcf0-bd7c29522f9b}\U\80000000.@
c:\windows\Installer\{48555f7f-ae12-4f0e-dcf0-bd7c29522f9b}\U\800000cb.@
c:\windows\SysWow64\settings.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 17:16 . 2012-07-01 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 04:49 . 2012-07-01 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-01 04:49 . 2012-07-01 04:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-30 01:31 . 2012-06-30 01:31 -------- d-----w- c:\users\clay\AppData\Roaming\Avira
2012-06-30 01:30 . 2012-05-02 22:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-30 01:30 . 2012-04-27 17:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-30 01:30 . 2012-04-25 07:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-30 01:30 . 2012-06-30 01:30 -------- d-----w- c:\programdata\Avira
2012-06-30 01:30 . 2012-06-30 01:30 -------- d-----w- c:\program files (x86)\Avira
2012-06-30 01:03 . 2012-06-30 01:03 328704 ----a-w- c:\windows\system32\services.exe.1D982EBDF631AEE9
2012-06-30 01:00 . 2012-06-30 01:00 328704 ----a-w- c:\windows\system32\services.exe.C4BA9582E4D8894D
2012-06-30 00:51 . 2012-06-30 00:51 328704 ----a-w- c:\windows\system32\services.exe.01CFCE3210739A0E
2012-06-29 19:56 . 2012-06-29 19:56 328704 ----a-w- c:\windows\system32\services.exe.9D6B6CC421C2991A
2012-06-29 19:44 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A8E6C17-AD03-420B-841C-D802A39CDB1A}\mpengine.dll
2012-06-29 05:06 . 2012-06-29 05:06 -------- d-----w- c:\users\clay\AppData\Roaming\Stellarium
2012-06-29 05:06 . 2012-06-29 05:06 -------- d-----w- c:\program files (x86)\Stellarium
2012-06-28 19:51 . 2012-06-28 19:51 -------- d-----w- c:\users\clay\AppData\Roaming\Malwarebytes
2012-06-28 19:51 . 2012-06-28 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 19:51 . 2012-06-28 19:51 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 19:51 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 19:35 . 2012-06-28 19:35 328704 ----a-w- c:\windows\system32\services.exe.AB74C8DB9A92839D
2012-06-28 19:29 . 2012-06-28 19:29 328704 ----a-w- c:\windows\system32\services.exe.FC3192417BDDD05A
2012-06-28 02:45 . 2012-06-28 02:45 -------- d-----w- c:\users\clay\AppData\Local\fontconfig
2012-06-28 02:45 . 2012-06-28 18:58 -------- d-----w- c:\users\clay\.gimp-2.8
2012-06-28 02:45 . 2012-06-28 02:45 -------- d-----w- c:\users\clay\AppData\Local\gegl-0.2
2012-06-28 02:44 . 2012-06-28 02:45 -------- d-----w- c:\program files\GIMP 2
2012-06-22 18:25 . 2012-06-22 18:25 -------- d-----w- c:\program files (x86)\WordWeb
2012-06-22 18:25 . 2012-04-21 18:30 2213120 ------w- c:\windows\wweb32.dll
2012-06-21 22:40 . 2012-06-21 22:40 -------- d-----w- c:\users\clay\AppData\Local\Module
2012-06-21 05:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 05:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 05:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 05:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 05:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 05:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:22 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 05:22 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 00:35 . 2012-06-20 00:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 14:03 . 2012-06-19 14:04 -------- d-----w- c:\program files\CONEXANT
2012-06-19 14:03 . 2010-10-20 05:52 1830016 ----a-w- c:\windows\system32\CX64AQ17.dll
2012-06-19 14:03 . 2010-08-25 14:46 682624 ----a-w- c:\windows\system32\drivers\CHDRT64.sys
2012-06-19 14:03 . 2010-01-19 02:33 426040 ----a-w- c:\windows\system32\UCI64A52.dll
2012-06-19 14:01 . 2012-06-19 14:01 -------- d-----w- c:\program files (x86)\Lenovo
2012-06-18 01:57 . 2012-06-18 01:57 -------- d-----w- c:\users\clay\AppData\Local\Nero
2012-06-18 01:57 . 2012-06-18 03:07 -------- d-----w- c:\users\clay\AppData\Roaming\Nero
2012-06-18 01:52 . 2012-06-18 01:53 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-18 01:52 . 2012-06-18 01:52 -------- d-----w- c:\programdata\Nero
2012-06-18 00:52 . 2012-06-18 00:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 00:52 . 2012-06-18 00:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 21:35 . 2012-06-17 21:35 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2012-06-17 21:35 . 2012-06-17 21:35 -------- d-----w- c:\program files (x86)\ColorPic 4.1
2012-06-16 11:50 . 2012-06-16 11:50 -------- d-----w- c:\users\clay\AppData\Local\WBFSManager
2012-06-16 11:47 . 2012-06-16 11:47 -------- d-----w- c:\program files\WBFS
2012-06-14 11:40 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-06-14 08:08 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 08:08 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 08:08 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 08:08 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 08:08 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 08:08 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 08:08 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:08 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:07 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-14 08:07 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 08:07 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 08:07 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 08:07 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 08:07 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 08:07 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 08:07 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 08:07 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 08:07 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-09 22:12 . 2012-06-09 22:12 -------- d-----w- c:\users\clay\AppData\Local\Macromedia
2012-06-06 11:47 . 2012-06-06 11:47 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-05 12:22 . 2012-06-05 12:22 -------- d-----w- c:\programdata\FLEXnet
2012-06-05 12:17 . 2012-06-05 12:17 -------- d-----w- c:\programdata\ALM
2012-06-05 12:15 . 2012-06-05 12:15 -------- d-----w- c:\windows\SysWow64\spool
2012-06-05 12:15 . 2012-06-10 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-05 12:12 . 2012-06-05 12:12 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 22:11 . 2012-04-05 22:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 22:11 . 2011-12-16 04:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 08:13 . 2012-05-28 08:13 1824256 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-04 23:59 . 2012-04-21 03:59 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 09:58 . 2012-04-27 09:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-27 09:58 . 2012-04-27 09:58 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-27 09:58 . 2012-04-27 09:58 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-04-11 11:12 . 2012-04-11 11:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-11 03:31 . 2012-04-11 03:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\users\clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
gidle.exe - Shortcut.lnk - c:\users\clay\AppData\Roaming\Google\Google Talk\gidle.exe [2008-1-7 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 qdhwtjeq;qdhwtjeq;c:\windows\system32\drivers\qdhwtjeq.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2143600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-22 279616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 sfs2x-service;sfs2x-service;c:\program files\SmartFoxServer2X\SFS2X\sfs2x-service.exe [2012-02-14 108032]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84584]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242964392-474035767-3661120704-1000Core.job
- c:\users\clay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 09:57]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242964392-474035767-3661120704-1000UA.job
- c:\users\clay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 09:57]
.
2012-07-01 c:\windows\Tasks\update-S-1-5-21-4242964392-474035767-3661120704-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-03-02 03:09]
.
2012-07-01 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-03-02 03:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\clay\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 16414312]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy-tem.asml.com:8080
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\guaz2wnz.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.http - proxy-tem.asml.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,37,e7,49,72,3e,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
.
**************************************************************************
.
Completion time: 2012-07-01 10:24:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 17:24
.
Pre-Run: 200,271,777,792 bytes free
Post-Run: 208,403,120,128 bytes free
.
- - End Of File - - E78D59764941AE9BE35809EE0B7FE712

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 01 July 2012 - 04:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vergro

vergro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 July 2012 - 07:03 PM

i didn't apply the fixes on either, but here are the logs from both.


16:26:51.0366 3228 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
16:26:51.0785 3228 ============================================================
16:26:51.0785 3228 Current date / time: 2012/07/01 16:26:51.0785
16:26:51.0785 3228 SystemInfo:
16:26:51.0785 3228
16:26:51.0785 3228 OS Version: 6.1.7601 ServicePack: 1.0
16:26:51.0786 3228 Product type: Workstation
16:26:51.0786 3228 ComputerName: CLAY-LAPTOP
16:26:51.0786 3228 UserName: clay
16:26:51.0786 3228 Windows directory: C:\Windows
16:26:51.0786 3228 System windows directory: C:\Windows
16:26:51.0786 3228 Running under WOW64
16:26:51.0786 3228 Processor architecture: Intel x64
16:26:51.0786 3228 Number of processors: 4
16:26:51.0786 3228 Page size: 0x1000
16:26:51.0786 3228 Boot type: Normal boot
16:26:51.0786 3228 ============================================================
16:26:52.0699 3228 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:26:52.0714 3228 ============================================================
16:26:52.0714 3228 \Device\Harddisk0\DR0:
16:26:52.0714 3228 MBR partitions:
16:26:52.0715 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:26:52.0715 3228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:26:52.0715 3228 ============================================================
16:26:52.0742 3228 C: <-> \Device\Harddisk0\DR0\Partition1
16:26:52.0743 3228 ============================================================
16:26:52.0743 3228 Initialize success
16:26:52.0743 3228 ============================================================
16:27:30.0408 3228 ============================================================
16:27:30.0408 3228 Scan started
16:27:30.0408 3228 Mode: Manual; SigCheck; TDLFS;
16:27:30.0408 3228 ============================================================
16:27:31.0342 3228 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:27:31.0487 3228 1394ohci - ok
16:27:31.0544 3228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:27:31.0569 3228 ACPI - ok
16:27:31.0612 3228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:27:31.0699 3228 AcpiPmi - ok
16:27:31.0834 3228 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:27:31.0850 3228 AdobeARMservice - ok
16:27:31.0912 3228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:27:31.0957 3228 adp94xx - ok
16:27:32.0035 3228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:27:32.0060 3228 adpahci - ok
16:27:32.0097 3228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:27:32.0134 3228 adpu320 - ok
16:27:32.0165 3228 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:27:32.0305 3228 AeLookupSvc - ok
16:27:32.0382 3228 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:27:32.0453 3228 AFD - ok
16:27:32.0507 3228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:27:32.0536 3228 agp440 - ok
16:27:32.0555 3228 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:27:32.0633 3228 ALG - ok
16:27:32.0655 3228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:27:32.0671 3228 aliide - ok
16:27:32.0682 3228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:27:32.0696 3228 amdide - ok
16:27:32.0728 3228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:27:32.0778 3228 AmdK8 - ok
16:27:32.0790 3228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:27:32.0823 3228 AmdPPM - ok
16:27:32.0847 3228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:27:32.0867 3228 amdsata - ok
16:27:32.0897 3228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:27:32.0939 3228 amdsbs - ok
16:27:32.0957 3228 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:27:32.0975 3228 amdxata - ok
16:27:33.0020 3228 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
16:27:33.0052 3228 androidusb - ok
16:27:33.0267 3228 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:27:33.0279 3228 AntiVirSchedulerService - ok
16:27:33.0337 3228 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:27:33.0354 3228 AntiVirService - ok
16:27:33.0403 3228 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:27:33.0592 3228 AppID - ok
16:27:33.0621 3228 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:27:33.0682 3228 AppIDSvc - ok
16:27:33.0708 3228 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:27:33.0754 3228 Appinfo - ok
16:27:33.0800 3228 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:27:33.0835 3228 AppMgmt - ok
16:27:33.0881 3228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:27:33.0901 3228 arc - ok
16:27:33.0920 3228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:27:33.0937 3228 arcsas - ok
16:27:33.0962 3228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:34.0015 3228 AsyncMac - ok
16:27:34.0047 3228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:27:34.0056 3228 atapi - ok
16:27:34.0136 3228 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:27:34.0212 3228 AudioEndpointBuilder - ok
16:27:34.0218 3228 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:27:34.0257 3228 AudioSrv - ok
16:27:34.0310 3228 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:27:34.0380 3228 avgntflt - ok
16:27:34.0451 3228 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:27:34.0477 3228 avipbb - ok
16:27:34.0533 3228 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:27:34.0549 3228 avkmgr - ok
16:27:34.0614 3228 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:27:34.0710 3228 AxInstSV - ok
16:27:34.0767 3228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:27:34.0827 3228 b06bdrv - ok
16:27:34.0869 3228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:27:34.0915 3228 b57nd60a - ok
16:27:34.0951 3228 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:27:34.0986 3228 BDESVC - ok
16:27:34.0997 3228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:27:35.0053 3228 Beep - ok
16:27:35.0154 3228 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:27:35.0227 3228 BFE - ok
16:27:35.0310 3228 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:27:35.0383 3228 BITS - ok
16:27:35.0423 3228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:27:35.0452 3228 blbdrive - ok
16:27:35.0488 3228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:27:35.0519 3228 bowser - ok
16:27:35.0537 3228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:27:35.0595 3228 BrFiltLo - ok
16:27:35.0611 3228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:27:35.0644 3228 BrFiltUp - ok
16:27:35.0681 3228 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:27:35.0754 3228 BridgeMP - ok
16:27:35.0809 3228 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:27:35.0871 3228 Browser - ok
16:27:35.0902 3228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:27:35.0969 3228 Brserid - ok
16:27:35.0983 3228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:27:36.0016 3228 BrSerWdm - ok
16:27:36.0027 3228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:27:36.0060 3228 BrUsbMdm - ok
16:27:36.0081 3228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:27:36.0147 3228 BrUsbSer - ok
16:27:36.0227 3228 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
16:27:36.0273 3228 BthEnum - ok
16:27:36.0297 3228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:27:36.0316 3228 BTHMODEM - ok
16:27:36.0344 3228 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:27:36.0373 3228 BthPan - ok
16:27:36.0406 3228 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
16:27:36.0452 3228 BTHPORT - ok
16:27:36.0490 3228 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:27:36.0538 3228 bthserv - ok
16:27:36.0556 3228 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
16:27:36.0583 3228 BTHUSB - ok
16:27:36.0758 3228 catchme - ok
16:27:36.0800 3228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:27:36.0857 3228 cdfs - ok
16:27:36.0904 3228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:27:36.0931 3228 cdrom - ok
16:27:36.0985 3228 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:27:37.0059 3228 CertPropSvc - ok
16:27:37.0080 3228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:27:37.0111 3228 circlass - ok
16:27:37.0156 3228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:27:37.0192 3228 CLFS - ok
16:27:37.0248 3228 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:37.0261 3228 clr_optimization_v2.0.50727_32 - ok
16:27:37.0293 3228 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:27:37.0307 3228 clr_optimization_v2.0.50727_64 - ok
16:27:37.0375 3228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:37.0394 3228 clr_optimization_v4.0.30319_32 - ok
16:27:37.0441 3228 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:27:37.0453 3228 clr_optimization_v4.0.30319_64 - ok
16:27:37.0472 3228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:27:37.0506 3228 CmBatt - ok
16:27:37.0540 3228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:27:37.0558 3228 cmdide - ok
16:27:37.0611 3228 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:27:37.0678 3228 CNG - ok
16:27:37.0770 3228 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
16:27:37.0877 3228 CnxtHdAudService - ok
16:27:37.0889 3228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:27:37.0904 3228 Compbatt - ok
16:27:37.0948 3228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:27:37.0978 3228 CompositeBus - ok
16:27:37.0986 3228 COMSysApp - ok
16:27:38.0003 3228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:27:38.0018 3228 crcdisk - ok
16:27:38.0083 3228 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:27:38.0110 3228 CryptSvc - ok
16:27:38.0168 3228 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:27:38.0236 3228 CSC - ok
16:27:38.0309 3228 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:27:38.0357 3228 CscService - ok
16:27:38.0410 3228 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:27:38.0488 3228 DcomLaunch - ok
16:27:38.0524 3228 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:27:38.0602 3228 defragsvc - ok
16:27:38.0662 3228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:27:38.0724 3228 DfsC - ok
16:27:38.0783 3228 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:27:38.0851 3228 Dhcp - ok
16:27:38.0875 3228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:27:38.0932 3228 discache - ok
16:27:38.0977 3228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:27:38.0994 3228 Disk - ok
16:27:39.0029 3228 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:27:39.0064 3228 Dnscache - ok
16:27:39.0108 3228 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:27:39.0183 3228 dot3svc - ok
16:27:39.0230 3228 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:27:39.0274 3228 DPS - ok
16:27:39.0310 3228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:27:39.0339 3228 drmkaud - ok
16:27:39.0388 3228 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:27:39.0411 3228 dtsoftbus01 - ok
16:27:39.0500 3228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:27:39.0584 3228 DXGKrnl - ok
16:27:39.0648 3228 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
16:27:39.0671 3228 e1kexpress - ok
16:27:39.0698 3228 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:27:39.0746 3228 EapHost - ok
16:27:39.0953 3228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:27:40.0084 3228 ebdrv - ok
16:27:40.0184 3228 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:27:40.0236 3228 EFS - ok
16:27:40.0352 3228 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:27:40.0424 3228 ehRecvr - ok
16:27:40.0452 3228 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:27:40.0474 3228 ehSched - ok
16:27:40.0550 3228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:27:40.0604 3228 elxstor - ok
16:27:40.0660 3228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:27:40.0707 3228 ErrDev - ok
16:27:40.0768 3228 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:27:40.0823 3228 EventSystem - ok
16:27:40.0963 3228 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:27:41.0018 3228 EvtEng - ok
16:27:41.0133 3228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:27:41.0199 3228 exfat - ok
16:27:41.0228 3228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:27:41.0293 3228 fastfat - ok
16:27:41.0383 3228 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:27:41.0449 3228 Fax - ok
16:27:41.0467 3228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:27:41.0506 3228 fdc - ok
16:27:41.0537 3228 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:27:41.0587 3228 fdPHost - ok
16:27:41.0604 3228 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:27:41.0651 3228 FDResPub - ok
16:27:41.0680 3228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:27:41.0696 3228 FileInfo - ok
16:27:41.0705 3228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:27:41.0752 3228 Filetrace - ok
16:27:42.0077 3228 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:27:42.0108 3228 FLEXnet Licensing Service - ok
16:27:42.0123 3228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:42.0140 3228 flpydisk - ok
16:27:42.0185 3228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:27:42.0223 3228 FltMgr - ok
16:27:42.0317 3228 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:27:42.0378 3228 FontCache - ok
16:27:42.0461 3228 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:27:42.0475 3228 FontCache3.0.0.0 - ok
16:27:42.0517 3228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:27:42.0542 3228 FsDepends - ok
16:27:42.0584 3228 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:27:42.0611 3228 Fs_Rec - ok
16:27:42.0656 3228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:27:42.0697 3228 fvevol - ok
16:27:42.0719 3228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:27:42.0735 3228 gagp30kx - ok
16:27:42.0812 3228 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:27:42.0882 3228 gpsvc - ok
16:27:42.0900 3228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:27:42.0936 3228 hcw85cir - ok
16:27:42.0988 3228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:27:43.0027 3228 HdAudAddService - ok
16:27:43.0071 3228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:27:43.0101 3228 HDAudBus - ok
16:27:43.0123 3228 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:27:43.0140 3228 HECIx64 - ok
16:27:43.0153 3228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:27:43.0175 3228 HidBatt - ok
16:27:43.0197 3228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:27:43.0225 3228 HidBth - ok
16:27:43.0247 3228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:27:43.0269 3228 HidIr - ok
16:27:43.0295 3228 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:27:43.0367 3228 hidserv - ok
16:27:43.0472 3228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:27:43.0527 3228 HidUsb - ok
16:27:43.0567 3228 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:27:43.0620 3228 hkmsvc - ok
16:27:43.0674 3228 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:27:43.0728 3228 HomeGroupListener - ok
16:27:43.0773 3228 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:27:43.0809 3228 HomeGroupProvider - ok
16:27:43.0861 3228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:27:43.0882 3228 HpSAMD - ok
16:27:43.0974 3228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:27:44.0069 3228 HTTP - ok
16:27:44.0096 3228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:27:44.0111 3228 hwpolicy - ok
16:27:44.0131 3228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:27:44.0150 3228 i8042prt - ok
16:27:44.0186 3228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:27:44.0225 3228 iaStorV - ok
16:27:44.0267 3228 IBMPMDRV (16a43abb5a334c7842f4a60cf9ff8041) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:27:44.0282 3228 IBMPMDRV - ok
16:27:44.0295 3228 IBMPMSVC (32b778ccf1f3b1458edda98fb8431eac) C:\Windows\system32\ibmpmsvc.exe
16:27:44.0307 3228 IBMPMSVC - ok
16:27:44.0416 3228 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:27:44.0458 3228 idsvc - ok
16:27:44.0487 3228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:27:44.0502 3228 iirsp - ok
16:27:44.0589 3228 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:27:44.0689 3228 IKEEXT - ok
16:27:44.0725 3228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:27:44.0739 3228 intelide - ok
16:27:44.0760 3228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:27:44.0780 3228 intelppm - ok
16:27:44.0825 3228 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:27:44.0877 3228 IPBusEnum - ok
16:27:44.0911 3228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:44.0966 3228 IpFilterDriver - ok
16:27:45.0052 3228 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:27:45.0128 3228 iphlpsvc - ok
16:27:45.0171 3228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:27:45.0217 3228 IPMIDRV - ok
16:27:45.0263 3228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:27:45.0331 3228 IPNAT - ok
16:27:45.0353 3228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:27:45.0423 3228 IRENUM - ok
16:27:45.0442 3228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:27:45.0457 3228 isapnp - ok
16:27:45.0484 3228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:27:45.0523 3228 iScsiPrt - ok
16:27:45.0554 3228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:27:45.0571 3228 kbdclass - ok
16:27:45.0598 3228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:27:45.0623 3228 kbdhid - ok
16:27:45.0646 3228 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:45.0660 3228 KeyIso - ok
16:27:45.0674 3228 KMService - ok
16:27:45.0689 3228 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:27:45.0708 3228 KSecDD - ok
16:27:45.0727 3228 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:27:45.0745 3228 KSecPkg - ok
16:27:45.0766 3228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:27:45.0815 3228 ksthunk - ok
16:27:45.0861 3228 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:27:45.0948 3228 KtmRm - ok
16:27:46.0002 3228 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:27:46.0069 3228 LanmanServer - ok
16:27:46.0112 3228 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:27:46.0157 3228 LanmanWorkstation - ok
16:27:46.0667 3228 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
16:27:46.0829 3228 LeapFrog Connect Device Service - ok
16:27:46.0965 3228 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
16:27:47.0009 3228 Leapfrog-USBLAN - ok
16:27:47.0118 3228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:47.0203 3228 lltdio - ok
16:27:47.0252 3228 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:27:47.0335 3228 lltdsvc - ok
16:27:47.0353 3228 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:27:47.0391 3228 lmhosts - ok
16:27:47.0426 3228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:27:47.0443 3228 LSI_FC - ok
16:27:47.0456 3228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:27:47.0473 3228 LSI_SAS - ok
16:27:47.0482 3228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:27:47.0497 3228 LSI_SAS2 - ok
16:27:47.0517 3228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:27:47.0533 3228 LSI_SCSI - ok
16:27:47.0557 3228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:27:47.0607 3228 luafv - ok
16:27:47.0669 3228 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:27:47.0696 3228 MBAMProtector - ok
16:27:47.0848 3228 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:27:47.0873 3228 MBAMService - ok
16:27:47.0931 3228 Mcx2Svc - ok
16:27:47.0956 3228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:27:47.0976 3228 megasas - ok
16:27:48.0007 3228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:27:48.0037 3228 MegaSR - ok
16:27:48.0113 3228 Microsoft SharePoint Workspace Audit Service - ok
16:27:48.0147 3228 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:27:48.0184 3228 MMCSS - ok
16:27:48.0200 3228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:27:48.0248 3228 Modem - ok
16:27:48.0262 3228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:27:48.0284 3228 monitor - ok
16:27:48.0312 3228 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
16:27:48.0349 3228 motandroidusb - ok
16:27:48.0407 3228 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:27:48.0420 3228 MotoHelper - ok
16:27:48.0476 3228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:48.0493 3228 mouclass - ok
16:27:48.0519 3228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:48.0545 3228 mouhid - ok
16:27:48.0586 3228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:27:48.0606 3228 mountmgr - ok
16:27:48.0678 3228 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:27:48.0701 3228 MozillaMaintenance - ok
16:27:48.0727 3228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:27:48.0765 3228 mpio - ok
16:27:48.0783 3228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:27:48.0822 3228 mpsdrv - ok
16:27:48.0923 3228 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:27:48.0988 3228 MpsSvc - ok
16:27:49.0034 3228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:27:49.0073 3228 MRxDAV - ok
16:27:49.0114 3228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:49.0162 3228 mrxsmb - ok
16:27:49.0207 3228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:49.0249 3228 mrxsmb10 - ok
16:27:49.0271 3228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:49.0290 3228 mrxsmb20 - ok
16:27:49.0327 3228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:27:49.0345 3228 msahci - ok
16:27:49.0432 3228 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
16:27:49.0453 3228 MSCamSvc - ok
16:27:49.0507 3228 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:27:49.0528 3228 msdsm - ok
16:27:49.0561 3228 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:27:49.0610 3228 MSDTC - ok
16:27:49.0686 3228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:27:49.0734 3228 Msfs - ok
16:27:49.0743 3228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:27:49.0787 3228 mshidkmdf - ok
16:27:49.0800 3228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:27:49.0814 3228 msisadrv - ok
16:27:49.0845 3228 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:27:49.0882 3228 MSiSCSI - ok
16:27:49.0885 3228 msiserver - ok
16:27:49.0905 3228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:49.0955 3228 MSKSSRV - ok
16:27:49.0969 3228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:50.0015 3228 MSPCLOCK - ok
16:27:50.0031 3228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:27:50.0078 3228 MSPQM - ok
16:27:50.0131 3228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:27:50.0177 3228 MsRPC - ok
16:27:50.0189 3228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:27:50.0201 3228 mssmbios - ok
16:27:50.0217 3228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:27:50.0264 3228 MSTEE - ok
16:27:50.0275 3228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:27:50.0289 3228 MTConfig - ok
16:27:50.0309 3228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:27:50.0325 3228 Mup - ok
16:27:50.0358 3228 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:27:50.0423 3228 napagent - ok
16:27:50.0465 3228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:50.0513 3228 NativeWifiP - ok
16:27:50.0594 3228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:27:50.0656 3228 NDIS - ok
16:27:50.0676 3228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:27:50.0715 3228 NdisCap - ok
16:27:50.0733 3228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:50.0771 3228 NdisTapi - ok
16:27:50.0805 3228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:50.0865 3228 Ndisuio - ok
16:27:50.0903 3228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:50.0963 3228 NdisWan - ok
16:27:51.0004 3228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:27:51.0041 3228 NDProxy - ok
16:27:51.0059 3228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:27:51.0102 3228 NetBIOS - ok
16:27:51.0147 3228 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:27:51.0218 3228 NetBT - ok
16:27:51.0240 3228 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:51.0250 3228 Netlogon - ok
16:27:51.0294 3228 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:27:51.0351 3228 Netman - ok
16:27:51.0391 3228 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:27:51.0453 3228 netprofm - ok
16:27:51.0515 3228 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:51.0531 3228 NetTcpPortSharing - ok
16:27:51.0930 3228 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:27:52.0213 3228 NETw5s64 - ok
16:27:52.0369 3228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:27:52.0385 3228 nfrd960 - ok
16:27:52.0448 3228 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:27:52.0507 3228 NlaSvc - ok
16:27:52.0526 3228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:27:52.0564 3228 Npfs - ok
16:27:52.0592 3228 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:27:52.0638 3228 nsi - ok
16:27:52.0678 3228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:27:52.0730 3228 nsiproxy - ok
16:27:52.0838 3228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:27:52.0965 3228 Ntfs - ok
16:27:53.0062 3228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:27:53.0099 3228 Null - ok
16:27:53.0137 3228 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
16:27:53.0152 3228 NVHDA - ok
16:27:53.0796 3228 nvlddmkm (04625e1d4821e66c2beab2c7e64ae416) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:54.0173 3228 nvlddmkm - ok
16:27:54.0310 3228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:27:54.0345 3228 nvraid - ok
16:27:54.0369 3228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:27:54.0396 3228 nvstor - ok
16:27:54.0443 3228 nvsvc (86f74594f4994ec42cc55712a4713835) C:\Windows\system32\nvvsvc.exe
16:27:54.0479 3228 nvsvc - ok
16:27:54.0510 3228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:27:54.0531 3228 nv_agp - ok
16:27:54.0544 3228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:27:54.0575 3228 ohci1394 - ok
16:27:54.0663 3228 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:54.0680 3228 ose - ok
16:27:55.0019 3228 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:27:55.0177 3228 osppsvc - ok
16:27:55.0294 3228 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:27:55.0350 3228 p2pimsvc - ok
16:27:55.0404 3228 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:27:55.0436 3228 p2psvc - ok
16:27:55.0472 3228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:27:55.0494 3228 Parport - ok
16:27:55.0534 3228 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:27:55.0551 3228 partmgr - ok
16:27:55.0569 3228 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:27:55.0599 3228 PcaSvc - ok
16:27:55.0647 3228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:27:55.0689 3228 pci - ok
16:27:55.0707 3228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:27:55.0721 3228 pciide - ok
16:27:55.0743 3228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:27:55.0780 3228 pcmcia - ok
16:27:55.0797 3228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:27:55.0812 3228 pcw - ok
16:27:55.0859 3228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:27:55.0948 3228 PEAUTH - ok
16:27:56.0048 3228 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:27:56.0139 3228 PeerDistSvc - ok
16:27:56.0212 3228 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:27:56.0241 3228 PerfHost - ok
16:27:56.0716 3228 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:27:56.0805 3228 pla - ok
16:27:56.0855 3228 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:27:56.0914 3228 PlugPlay - ok
16:27:56.0942 3228 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:27:56.0970 3228 PNRPAutoReg - ok
16:27:57.0001 3228 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:27:57.0020 3228 PNRPsvc - ok
16:27:57.0116 3228 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:27:57.0139 3228 Point64 - ok
16:27:57.0201 3228 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:27:57.0274 3228 PolicyAgent - ok
16:27:57.0301 3228 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:27:57.0350 3228 Power - ok
16:27:57.0395 3228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:57.0448 3228 PptpMiniport - ok
16:27:57.0595 3228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:27:57.0630 3228 Processor - ok
16:27:57.0677 3228 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:27:57.0714 3228 ProfSvc - ok
16:27:57.0741 3228 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:57.0756 3228 ProtectedStorage - ok
16:27:57.0814 3228 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:27:57.0877 3228 Psched - ok
16:27:57.0910 3228 qdhwtjeq - ok
16:27:58.0041 3228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:27:58.0133 3228 ql2300 - ok
16:27:58.0239 3228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:27:58.0297 3228 ql40xx - ok
16:27:58.0504 3228 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:27:58.0556 3228 QWAVE - ok
16:27:58.0783 3228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:27:58.0808 3228 QWAVEdrv - ok
16:27:58.0825 3228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:58.0862 3228 RasAcd - ok
16:27:58.0903 3228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:27:58.0947 3228 RasAgileVpn - ok
16:27:58.0973 3228 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:27:59.0023 3228 RasAuto - ok
16:27:59.0065 3228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:59.0132 3228 Rasl2tp - ok
16:27:59.0167 3228 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:27:59.0233 3228 RasMan - ok
16:27:59.0251 3228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:59.0304 3228 RasPppoe - ok
16:27:59.0322 3228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:59.0368 3228 RasSstp - ok
16:27:59.0415 3228 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:59.0485 3228 rdbss - ok
16:27:59.0508 3228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:27:59.0525 3228 rdpbus - ok
16:27:59.0547 3228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:59.0589 3228 RDPCDD - ok
16:27:59.0638 3228 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:27:59.0686 3228 RDPDR - ok
16:27:59.0697 3228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:27:59.0759 3228 RDPENCDD - ok
16:27:59.0775 3228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:27:59.0812 3228 RDPREFMP - ok
16:27:59.0866 3228 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:27:59.0919 3228 RdpVideoMiniport - ok
16:27:59.0970 3228 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:28:00.0037 3228 RDPWD - ok
16:28:00.0093 3228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:28:00.0137 3228 rdyboost - ok
16:28:00.0250 3228 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:28:00.0291 3228 RegSrvc - ok
16:28:00.0345 3228 RemoteAccess - ok
16:28:00.0441 3228 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:28:00.0492 3228 RemoteRegistry - ok
16:28:00.0544 3228 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:00.0590 3228 RFCOMM - ok
16:28:00.0609 3228 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
16:28:00.0637 3228 rimspci - ok
16:28:00.0652 3228 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:28:00.0711 3228 RpcEptMapper - ok
16:28:00.0733 3228 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:28:00.0748 3228 RpcLocator - ok
16:28:00.0809 3228 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:28:00.0853 3228 RpcSs - ok
16:28:00.0880 3228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:28:00.0924 3228 rspndr - ok
16:28:00.0953 3228 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:28:00.0985 3228 s3cap - ok
16:28:01.0008 3228 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:01.0022 3228 SamSs - ok
16:28:01.0044 3228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:28:01.0061 3228 sbp2port - ok
16:28:01.0086 3228 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:28:01.0160 3228 SCardSvr - ok
16:28:01.0195 3228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:28:01.0236 3228 scfilter - ok
16:28:01.0336 3228 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:28:01.0425 3228 Schedule - ok
16:28:01.0464 3228 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:28:01.0512 3228 SCPolicySvc - ok
16:28:01.0564 3228 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:28:01.0603 3228 sdbus - ok
16:28:01.0623 3228 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:28:01.0712 3228 SDRSVC - ok
16:28:01.0729 3228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:28:01.0768 3228 secdrv - ok
16:28:01.0781 3228 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:28:01.0826 3228 seclogon - ok
16:28:01.0850 3228 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:28:01.0889 3228 SENS - ok
16:28:01.0904 3228 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:28:01.0923 3228 SensrSvc - ok
16:28:01.0940 3228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:28:01.0965 3228 Serenum - ok
16:28:01.0985 3228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:28:02.0002 3228 Serial - ok
16:28:02.0045 3228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:28:02.0070 3228 sermouse - ok
16:28:02.0116 3228 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:28:02.0180 3228 SessionEnv - ok
16:28:02.0215 3228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:28:02.0240 3228 sffdisk - ok
16:28:02.0257 3228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:28:02.0275 3228 sffp_mmc - ok
16:28:02.0292 3228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:28:02.0316 3228 sffp_sd - ok
16:28:02.0333 3228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:02.0357 3228 sfloppy - ok
16:28:02.0499 3228 sfs2x-service (94d15618ceaa49ecc1705a0c015e3b59) C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe
16:28:02.0517 3228 sfs2x-service ( UnsignedFile.Multi.Generic ) - warning
16:28:02.0517 3228 sfs2x-service - detected UnsignedFile.Multi.Generic (1)
16:28:02.0588 3228 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:28:02.0696 3228 SharedAccess - ok
16:28:02.0754 3228 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:28:02.0810 3228 ShellHWDetection - ok
16:28:02.0833 3228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:02.0849 3228 SiSRaid2 - ok
16:28:02.0868 3228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:02.0884 3228 SiSRaid4 - ok
16:28:03.0135 3228 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:28:03.0230 3228 Skype C2C Service - ok
16:28:03.0299 3228 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:28:03.0401 3228 SkypeUpdate - ok
16:28:03.0506 3228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:28:03.0559 3228 Smb - ok
16:28:03.0594 3228 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:28:03.0620 3228 SNMPTRAP - ok
16:28:03.0729 3228 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
16:28:03.0744 3228 speedfan - ok
16:28:03.0759 3228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:28:03.0773 3228 spldr - ok
16:28:03.0839 3228 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:28:03.0905 3228 Spooler - ok
16:28:04.0130 3228 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:28:04.0254 3228 sppsvc - ok
16:28:04.0362 3228 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:28:04.0439 3228 sppuinotify - ok
16:28:04.0501 3228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:28:04.0565 3228 srv - ok
16:28:04.0601 3228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:28:04.0664 3228 srv2 - ok
16:28:04.0702 3228 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:28:04.0742 3228 SrvHsfHDA - ok
16:28:04.0865 3228 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:28:04.0960 3228 SrvHsfV92 - ok
16:28:05.0102 3228 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:28:05.0178 3228 SrvHsfWinac - ok
16:28:05.0210 3228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:28:05.0251 3228 srvnet - ok
16:28:05.0297 3228 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:28:05.0369 3228 SSDPSRV - ok
16:28:05.0390 3228 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:28:05.0428 3228 SstpSvc - ok
16:28:05.0452 3228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:28:05.0467 3228 stexstor - ok
16:28:05.0547 3228 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:28:05.0622 3228 stisvc - ok
16:28:05.0658 3228 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:28:05.0687 3228 storflt - ok
16:28:05.0701 3228 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:28:05.0716 3228 storvsc - ok
16:28:05.0732 3228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:28:05.0746 3228 swenum - ok
16:28:05.0908 3228 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:28:05.0954 3228 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:28:05.0954 3228 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:28:06.0015 3228 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:28:06.0092 3228 swprv - ok
16:28:06.0099 3228 Synth3dVsc - ok
16:28:06.0231 3228 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:28:06.0309 3228 SysMain - ok
16:28:06.0412 3228 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:28:06.0446 3228 TabletInputService - ok
16:28:06.0509 3228 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:28:06.0591 3228 TapiSrv - ok
16:28:06.0608 3228 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:28:06.0647 3228 TBS - ok
16:28:06.0794 3228 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:28:06.0902 3228 Tcpip - ok
16:28:07.0085 3228 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:28:07.0126 3228 TCPIP6 - ok
16:28:07.0224 3228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:28:07.0290 3228 tcpipreg - ok
16:28:07.0320 3228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:28:07.0364 3228 TDPIPE - ok
16:28:07.0397 3228 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:28:07.0432 3228 TDTCP - ok
16:28:07.0468 3228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:28:07.0527 3228 tdx - ok
16:28:07.0567 3228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:28:07.0583 3228 TermDD - ok
16:28:07.0638 3228 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:28:07.0717 3228 TermService - ok
16:28:07.0746 3228 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:28:07.0777 3228 Themes - ok
16:28:07.0799 3228 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:28:07.0834 3228 THREADORDER - ok
16:28:07.0854 3228 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:28:07.0876 3228 TPM - ok
16:28:07.0892 3228 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:28:07.0937 3228 TrkWks - ok
16:28:07.0996 3228 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:28:08.0045 3228 TrustedInstaller - ok
16:28:08.0080 3228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:08.0123 3228 tssecsrv - ok
16:28:08.0159 3228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:28:08.0183 3228 TsUsbFlt - ok
16:28:08.0186 3228 tsusbhub - ok
16:28:08.0241 3228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:28:08.0310 3228 tunnel - ok
16:28:08.0334 3228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:28:08.0349 3228 uagp35 - ok
16:28:08.0400 3228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:28:08.0463 3228 udfs - ok
16:28:08.0498 3228 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:28:08.0516 3228 UI0Detect - ok
16:28:08.0569 3228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:28:08.0598 3228 uliagpkx - ok
16:28:08.0617 3228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:28:08.0642 3228 umbus - ok
16:28:08.0657 3228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:28:08.0686 3228 UmPass - ok
16:28:08.0731 3228 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:28:08.0760 3228 UmRdpService - ok
16:28:08.0796 3228 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:28:08.0874 3228 upnphost - ok
16:28:08.0940 3228 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:28:08.0975 3228 usbaudio - ok
16:28:09.0025 3228 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
16:28:09.0064 3228 usbbus - ok
16:28:09.0107 3228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:09.0140 3228 usbccgp - ok
16:28:09.0181 3228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:28:09.0211 3228 usbcir - ok
16:28:09.0248 3228 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
16:28:09.0262 3228 UsbDiag - ok
16:28:09.0283 3228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:28:09.0315 3228 usbehci - ok
16:28:09.0359 3228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:28:09.0407 3228 usbhub - ok
16:28:09.0422 3228 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
16:28:09.0439 3228 USBModem - ok
16:28:09.0449 3228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:28:09.0477 3228 usbohci - ok
16:28:09.0510 3228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:28:09.0545 3228 usbprint - ok
16:28:09.0577 3228 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:28:09.0612 3228 usbscan - ok
16:28:09.0643 3228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:09.0674 3228 USBSTOR - ok
16:28:09.0686 3228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:28:09.0710 3228 usbuhci - ok
16:28:09.0732 3228 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:28:09.0783 3228 UxSms - ok
16:28:09.0804 3228 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:09.0815 3228 VaultSvc - ok
16:28:09.0837 3228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:28:09.0852 3228 vdrvroot - ok
16:28:09.0931 3228 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:28:09.0994 3228 vds - ok
16:28:10.0015 3228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:10.0033 3228 vga - ok
16:28:10.0060 3228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:28:10.0109 3228 VgaSave - ok
16:28:10.0116 3228 VGPU - ok
16:28:10.0166 3228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:28:10.0218 3228 vhdmp - ok
16:28:10.0234 3228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:28:10.0248 3228 viaide - ok
16:28:10.0271 3228 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:28:10.0297 3228 vmbus - ok
16:28:10.0312 3228 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:28:10.0341 3228 VMBusHID - ok
16:28:10.0356 3228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:28:10.0372 3228 volmgr - ok
16:28:10.0424 3228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:28:10.0455 3228 volmgrx - ok
16:28:10.0488 3228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:28:10.0522 3228 volsnap - ok
16:28:10.0573 3228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:10.0596 3228 vsmraid - ok
16:28:10.0757 3228 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:28:10.0832 3228 VSS - ok
16:28:10.0922 3228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:28:10.0960 3228 vwifibus - ok
16:28:10.0986 3228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:11.0016 3228 vwififlt - ok
16:28:11.0026 3228 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:11.0043 3228 vwifimp - ok
16:28:11.0197 3228 VX6000 (07e6731ff9399a3b72d64150d4c5f71a) C:\Windows\system32\DRIVERS\VX6000Xp.sys
16:28:11.0312 3228 VX6000 - ok
16:28:11.0417 3228 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:28:11.0484 3228 W32Time - ok
16:28:11.0507 3228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:28:11.0538 3228 WacomPen - ok
16:28:11.0578 3228 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:11.0633 3228 WANARP - ok
16:28:11.0636 3228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:11.0668 3228 Wanarpv6 - ok
16:28:11.0777 3228 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:28:11.0874 3228 WatAdminSvc - ok
16:28:12.0001 3228 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:28:12.0082 3228 wbengine - ok
16:28:12.0185 3228 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:28:12.0226 3228 WbioSrvc - ok
16:28:12.0278 3228 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:28:12.0314 3228 wcncsvc - ok
16:28:12.0330 3228 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:28:12.0350 3228 WcsPlugInService - ok
16:28:12.0380 3228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:28:12.0395 3228 Wd - ok
16:28:12.0450 3228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:28:12.0511 3228 Wdf01000 - ok
16:28:12.0525 3228 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:28:12.0638 3228 WdiServiceHost - ok
16:28:12.0646 3228 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:28:12.0664 3228 WdiSystemHost - ok
16:28:12.0714 3228 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:28:12.0758 3228 WebClient - ok
16:28:12.0787 3228 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:28:12.0845 3228 Wecsvc - ok
16:28:12.0863 3228 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:28:12.0908 3228 wercplsupport - ok
16:28:12.0932 3228 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:28:12.0977 3228 WerSvc - ok
16:28:13.0017 3228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:13.0063 3228 WfpLwf - ok
16:28:13.0074 3228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:28:13.0088 3228 WIMMount - ok
16:28:13.0133 3228 WinDefend - ok
16:28:13.0142 3228 WinHttpAutoProxySvc - ok
16:28:13.0206 3228 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:28:13.0265 3228 Winmgmt - ok
16:28:13.0417 3228 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:28:13.0502 3228 WinRM - ok
16:28:13.0651 3228 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:28:13.0685 3228 WinUsb - ok
16:28:13.0764 3228 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:28:13.0826 3228 Wlansvc - ok
16:28:13.0866 3228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:28:13.0888 3228 WmiAcpi - ok
16:28:13.0936 3228 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:28:13.0976 3228 wmiApSrv - ok
16:28:14.0000 3228 WMPNetworkSvc - ok
16:28:14.0016 3228 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:28:14.0044 3228 WPCSvc - ok
16:28:14.0085 3228 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:28:14.0121 3228 WPDBusEnum - ok
16:28:14.0138 3228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:28:14.0189 3228 ws2ifsl - ok
16:28:14.0234 3228 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:28:14.0266 3228 wscsvc - ok
16:28:14.0311 3228 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:28:14.0343 3228 WSDPrintDevice - ok
16:28:14.0346 3228 WSearch - ok
16:28:14.0518 3228 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:28:14.0593 3228 wuauserv - ok
16:28:14.0736 3228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:28:14.0803 3228 WudfPf - ok
16:28:14.0831 3228 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:14.0897 3228 WUDFRd - ok
16:28:14.0931 3228 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:28:14.0965 3228 wudfsvc - ok
16:28:14.0999 3228 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:28:15.0044 3228 WwanSvc - ok
16:28:15.0100 3228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:28:15.0674 3228 \Device\Harddisk0\DR0 - ok
16:28:15.0709 3228 Boot (0x1200) (8541d581845d342912a3d79afba6fcaf) \Device\Harddisk0\DR0\Partition0
16:28:15.0712 3228 \Device\Harddisk0\DR0\Partition0 - ok
16:28:15.0721 3228 Boot (0x1200) (0d9885591f0466ff2a2d940ea24a820b) \Device\Harddisk0\DR0\Partition1
16:28:15.0723 3228 \Device\Harddisk0\DR0\Partition1 - ok
16:28:15.0724 3228 ============================================================
16:28:15.0724 3228 Scan finished
16:28:15.0724 3228 ============================================================
16:28:15.0739 3724 Detected object count: 2
16:28:15.0739 3724 Actual detected object count: 2
16:30:17.0789 3724 sfs2x-service ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:17.0790 3724 sfs2x-service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:17.0791 3724 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:17.0792 3724 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 16:34:14
-----------------------------
16:34:14.655 OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:14.655 Number of processors: 4 586 0x2502
16:34:14.656 ComputerName: CLAY-LAPTOP UserName: clay
16:34:16.369 Initialize success
16:36:06.066 AVAST engine defs: 12070101
16:36:58.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:58.918 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11
16:36:58.925 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
16:36:58.929 Disk 1 Vendor: ( Size: 7384MB BusType: 12
16:36:58.976 Disk 0 MBR read successfully
16:36:58.981 Disk 0 MBR scan
16:36:58.990 Disk 0 Windows 7 default MBR code
16:36:59.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:36:59.020 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
16:36:59.048 Disk 0 scanning C:\Windows\system32\drivers
16:37:12.477 Service scanning
16:37:30.039 Service RemoteAccess C:\Windows\SysWOW64\mprdin.dll **INFECTED** Win32:Sirefef-YG [Trj]
16:37:38.530 Modules scanning
16:37:38.531 Disk 0 trace - called modules:
16:37:38.571 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:37:38.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d30060]
16:37:38.571 3 CLASSPNP.SYS[fffff88001b9843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a46060]
16:37:40.953 AVAST engine scan C:\Windows
16:37:44.932 AVAST engine scan C:\Windows\system32
16:42:40.414 AVAST engine scan C:\Windows\system32\drivers
16:43:14.601 AVAST engine scan C:\Users\clay
16:47:07.668 File: C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe **INFECTED** Win32:Malware-gen
16:52:32.604 AVAST engine scan C:\ProgramData
16:55:50.002 Scan finished successfully
17:00:56.274 Disk 0 MBR has been saved successfully to "C:\Users\clay\Desktop\MBR.dat"
17:00:56.290 The log file has been saved successfully to "C:\Users\clay\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 01 July 2012 - 09:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2

File::
C:\Windows\SysWOW64\mprdin.dll 
C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe

Driver::
qdhwtjeq

FireFox::
FF - ProfilePath - c:\users\clay\AppData\Roaming\Mozilla\Firefox\Profiles\guaz2wnz.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vergro

vergro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 02 July 2012 - 11:07 AM

i had the "Illegal operation attempted on a registery key that has been marked for deletion." and i rebooted, but i forgot to save the log first...
so i ran it again.

my point of reference so far as to whether or not the virus is there has been avira, it has shown an infection every time so far except after this latest one. i ran a full system scan and it showed zero infections!!! is there secondary way to be more sure i am rid of the virus? what exactly was the purpose of this virus, like what should i be careful of, should i change all my passwords? THANK YOU SO MUCH for all your assistance with this, you really have been an incredible help, how can pay you back, or pass it forward?

~clay

last combofix log was too big to paste in

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 02 July 2012 - 04:34 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
uTorrentControl2 Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vergro

vergro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 02 July 2012 - 07:49 PM

i'm even more sure that the issue has been resolved now, i had been unable to install MSE before. whenever i tried my computer would get an error and say it was going to shutdown after minute, then do just that. now i have successfully installed the MSE and all looks clean with it. i agree 100% with the assessment that the virus came from a p2p program, i'm not even sure which one, but i've uninstalled utorrent it's not worth the headache i've had these last few days. thank you so much for all your help, i've made a very small donation ($20) i know it's not much! any thing else?

thanks again!


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
clay :: CLAY-LAPTOP [administrator]

Protection: Enabled

7/2/2012 5:26:23 PM
mbam-log-2012-07-02 (17-26-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209481
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:36:33 PM, on 7/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\vVX6000.exe
C:\Users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\clay\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-tem.asml.com:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: Dropbox.lnk = C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: gidle.exe - Shortcut.lnk = C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: sfs2x-service - GOTOANDPLAY snc - C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10311 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 02 July 2012 - 08:38 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [googletalk] C:\Users\clay\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - Startup: Dropbox.lnk = C:\Users\clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: gidle.exe - Shortcut.lnk = C:\Users\clay\AppData\Roaming\Google\Google Talk\gidle.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 05 July 2012 - 08:19 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 07 July 2012 - 11:30 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 11 July 2012 - 12:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users