Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a process that causes the game window to minimize


  • This topic is locked This topic is locked
32 replies to this topic

#1 polxx

polxx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 29 June 2012 - 08:52 PM

Hey

My pc is generally running well but recently I discovered a problem. Normally I don't play games but I installed pro evolution soccer 2012, whenever I play it it happens. Simply after 3 or 4 minutes the game window minimizes, and returns to windows. I can then select the game from apps tab and the window maximizes again and it's allright.
Also when I type this post every couple of minutes some system process runs and then rapidly closes, I can't notice what it is, but it causes the system to switch to another app for just a fraction of sec, and sometimes it causes me to loose letters that I write.

I assume it's some kind of malmware or something, that initialises every fixed period of time, causing the game window to minimize and switch to this weird software's window, which then closes instantly and I can return to whatever I was doing before.

I hope you can help me to track and remove it.
Thank!

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:11 AM, on 6/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Users\pol\AppData\Local\Akamai\netsession_win.exe
C:\Users\pol\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Tlen.pl\tlen.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\pol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pol\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED385AD-A23C-4150-9373-027909B04686}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2B8857-B993-4719-A360-B375B17C48C8}: NameServer = 89.108.195.21 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3E8B023-3C06-4179-BAC5-4D6841C0722E}: NameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC86D486-ECAF-4966-9F5F-D6EBCACFC92C}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: M4-Service - Unknown owner - C:\Users\pol\AppData\Roaming\Mikogo 4\M4-Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - D:\max2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - D:\max2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLAY ONLINE. OUC (PLAY ONLINE. RunOuc) - Unknown owner - C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12489 bytes

BC AdBot (Login to Remove)

 


#2 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 02 July 2012 - 08:46 AM

an update: Combofix deals with it but it comes back after a day:(

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 AM

Posted 04 July 2012 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Pease run ComboFix again and post a fresh log.

Let me know if the problem persists.

#4 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 July 2012 - 06:38 PM

log after tdsskiller (1 item found, skip suggested), no reboot was required

01:36:04.0631 4808 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
01:36:04.0732 4808 ============================================================
01:36:04.0733 4808 Current date / time: 2012/07/05 01:36:04.0732
01:36:04.0733 4808 SystemInfo:
01:36:04.0733 4808
01:36:04.0733 4808 OS Version: 6.1.7601 ServicePack: 1.0
01:36:04.0733 4808 Product type: Workstation
01:36:04.0733 4808 ComputerName: POL-KOMPUTER
01:36:04.0733 4808 UserName: pol
01:36:04.0733 4808 Windows directory: C:\Windows
01:36:04.0733 4808 System windows directory: C:\Windows
01:36:04.0733 4808 Running under WOW64
01:36:04.0733 4808 Processor architecture: Intel x64
01:36:04.0733 4808 Number of processors: 4
01:36:04.0733 4808 Page size: 0x1000
01:36:04.0733 4808 Boot type: Normal boot
01:36:04.0733 4808 ============================================================
01:36:05.0666 4808 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:36:05.0681 4808 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:36:05.0688 4808 ============================================================
01:36:05.0688 4808 \Device\Harddisk0\DR0:
01:36:05.0688 4808 MBR partitions:
01:36:05.0688 4808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
01:36:05.0702 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x249F16E6
01:36:05.0719 4808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36EE8396, BlocksNum 0x206590AA
01:36:05.0719 4808 \Device\Harddisk1\DR1:
01:36:05.0723 4808 MBR partitions:
01:36:05.0723 4808 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
01:36:05.0739 4808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0xB03C1F0
01:36:05.0755 4808 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x19A9CBB0, BlocksNum 0xB98CC50
01:36:05.0756 4808 ============================================================
01:36:05.0787 4808 C: <-> \Device\Harddisk0\DR0\Partition0
01:36:05.0819 4808 G: <-> \Device\Harddisk1\DR1\Partition1
01:36:05.0846 4808 H: <-> \Device\Harddisk1\DR1\Partition2
01:36:05.0880 4808 D: <-> \Device\Harddisk0\DR0\Partition1
01:36:05.0895 4808 E: <-> \Device\Harddisk0\DR0\Partition2
01:36:05.0915 4808 F: <-> \Device\Harddisk1\DR1\Partition0
01:36:05.0915 4808 ============================================================
01:36:05.0915 4808 Initialize success
01:36:05.0915 4808 ============================================================
01:36:07.0665 2388 ============================================================
01:36:07.0665 2388 Scan started
01:36:07.0665 2388 Mode: Manual;
01:36:07.0665 2388 ============================================================
01:36:08.0455 2388 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:36:08.0465 2388 1394ohci - ok
01:36:08.0495 2388 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:36:08.0495 2388 ACPI - ok
01:36:08.0515 2388 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:36:08.0515 2388 AcpiPmi - ok
01:36:08.0615 2388 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:36:08.0625 2388 AdobeFlashPlayerUpdateSvc - ok
01:36:08.0685 2388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:36:08.0685 2388 adp94xx - ok
01:36:08.0715 2388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:36:08.0725 2388 adpahci - ok
01:36:08.0745 2388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:36:08.0745 2388 adpu320 - ok
01:36:08.0845 2388 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:36:08.0845 2388 AeLookupSvc - ok
01:36:08.0895 2388 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
01:36:08.0905 2388 AFD - ok
01:36:08.0925 2388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:36:08.0925 2388 agp440 - ok
01:36:08.0945 2388 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:36:08.0945 2388 ALG - ok
01:36:08.0975 2388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:36:08.0975 2388 aliide - ok
01:36:08.0985 2388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:36:08.0985 2388 amdide - ok
01:36:09.0005 2388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:36:09.0005 2388 AmdK8 - ok
01:36:09.0015 2388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:36:09.0015 2388 AmdPPM - ok
01:36:09.0035 2388 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:36:09.0035 2388 amdsata - ok
01:36:09.0055 2388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:36:09.0055 2388 amdsbs - ok
01:36:09.0065 2388 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:36:09.0075 2388 amdxata - ok
01:36:09.0105 2388 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:36:09.0105 2388 AppID - ok
01:36:09.0125 2388 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:36:09.0125 2388 AppIDSvc - ok
01:36:09.0155 2388 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:36:09.0155 2388 Appinfo - ok
01:36:09.0195 2388 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:36:09.0195 2388 AppMgmt - ok
01:36:09.0215 2388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:36:09.0215 2388 arc - ok
01:36:09.0235 2388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:36:09.0235 2388 arcsas - ok
01:36:09.0345 2388 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:36:09.0355 2388 aspnet_state - ok
01:36:09.0375 2388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:36:09.0375 2388 AsyncMac - ok
01:36:09.0385 2388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:36:09.0385 2388 atapi - ok
01:36:09.0445 2388 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:36:09.0455 2388 AudioEndpointBuilder - ok
01:36:09.0465 2388 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:36:09.0465 2388 AudioSrv - ok
01:36:09.0555 2388 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
01:36:09.0555 2388 Autodesk Licensing Service - ok
01:36:09.0585 2388 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:36:09.0585 2388 AxInstSV - ok
01:36:09.0625 2388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:36:09.0625 2388 b06bdrv - ok
01:36:09.0645 2388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:36:09.0655 2388 b57nd60a - ok
01:36:09.0675 2388 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:36:09.0675 2388 BDESVC - ok
01:36:09.0685 2388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:36:09.0685 2388 Beep - ok
01:36:09.0755 2388 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:36:09.0765 2388 BFE - ok
01:36:09.0805 2388 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:36:09.0825 2388 BITS - ok
01:36:09.0845 2388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:36:09.0845 2388 blbdrive - ok
01:36:09.0915 2388 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:36:09.0925 2388 Bonjour Service - ok
01:36:09.0945 2388 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
01:36:09.0945 2388 bowser - ok
01:36:09.0945 2388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:36:09.0945 2388 BrFiltLo - ok
01:36:09.0955 2388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:36:09.0955 2388 BrFiltUp - ok
01:36:09.0995 2388 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:36:09.0995 2388 BridgeMP - ok
01:36:10.0045 2388 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:36:10.0045 2388 Browser - ok
01:36:10.0085 2388 BrPar (91eb9c1fc4a4221ca3ccbd864f815c30) C:\Windows\System32\drivers\BrPar64a.sys
01:36:10.0085 2388 BrPar - ok
01:36:10.0105 2388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:36:10.0115 2388 Brserid - ok
01:36:10.0125 2388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:36:10.0125 2388 BrSerWdm - ok
01:36:10.0125 2388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:36:10.0125 2388 BrUsbMdm - ok
01:36:10.0135 2388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:36:10.0135 2388 BrUsbSer - ok
01:36:10.0145 2388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:36:10.0145 2388 BTHMODEM - ok
01:36:10.0165 2388 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:36:10.0165 2388 bthserv - ok
01:36:10.0275 2388 catchme - ok
01:36:10.0295 2388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:36:10.0295 2388 cdfs - ok
01:36:10.0325 2388 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:36:10.0335 2388 cdrom - ok
01:36:10.0355 2388 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:36:10.0365 2388 CertPropSvc - ok
01:36:10.0375 2388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:36:10.0375 2388 circlass - ok
01:36:10.0415 2388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:36:10.0415 2388 CLFS - ok
01:36:10.0465 2388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:36:10.0465 2388 clr_optimization_v2.0.50727_32 - ok
01:36:10.0515 2388 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:36:10.0515 2388 clr_optimization_v2.0.50727_64 - ok
01:36:10.0595 2388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:36:10.0605 2388 clr_optimization_v4.0.30319_32 - ok
01:36:10.0625 2388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:36:10.0625 2388 clr_optimization_v4.0.30319_64 - ok
01:36:10.0635 2388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:36:10.0635 2388 CmBatt - ok
01:36:10.0665 2388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:36:10.0665 2388 cmdide - ok
01:36:10.0715 2388 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
01:36:10.0725 2388 CNG - ok
01:36:10.0735 2388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:36:10.0735 2388 Compbatt - ok
01:36:10.0775 2388 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:36:10.0775 2388 CompositeBus - ok
01:36:10.0775 2388 COMSysApp - ok
01:36:10.0795 2388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:36:10.0795 2388 crcdisk - ok
01:36:10.0835 2388 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:36:10.0845 2388 CryptSvc - ok
01:36:10.0885 2388 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:36:10.0885 2388 CSC - ok
01:36:10.0935 2388 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:36:10.0935 2388 CscService - ok
01:36:10.0975 2388 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:36:10.0985 2388 DcomLaunch - ok
01:36:11.0015 2388 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:36:11.0025 2388 defragsvc - ok
01:36:11.0075 2388 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:36:11.0075 2388 DfsC - ok
01:36:11.0095 2388 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:36:11.0105 2388 Dhcp - ok
01:36:11.0115 2388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:36:11.0115 2388 discache - ok
01:36:11.0165 2388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:36:11.0165 2388 Disk - ok
01:36:11.0185 2388 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
01:36:11.0185 2388 Dnscache - ok
01:36:11.0225 2388 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:36:11.0225 2388 dot3svc - ok
01:36:11.0265 2388 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:36:11.0265 2388 DPS - ok
01:36:11.0285 2388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:36:11.0285 2388 drmkaud - ok
01:36:11.0345 2388 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
01:36:11.0345 2388 dtsoftbus01 - ok
01:36:11.0405 2388 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:36:11.0425 2388 DXGKrnl - ok
01:36:11.0445 2388 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:36:11.0445 2388 EapHost - ok
01:36:11.0615 2388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:36:11.0655 2388 ebdrv - ok
01:36:11.0745 2388 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
01:36:11.0745 2388 EFS - ok
01:36:11.0805 2388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:36:11.0815 2388 elxstor - ok
01:36:11.0845 2388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:36:11.0845 2388 ErrDev - ok
01:36:11.0885 2388 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:36:11.0895 2388 EventSystem - ok
01:36:11.0955 2388 ewusbmbb (334c907536e815e56cd13108a6d5fb9d) C:\Windows\system32\DRIVERS\ewusbwwan.sys
01:36:11.0965 2388 ewusbmbb - ok
01:36:11.0995 2388 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
01:36:11.0995 2388 ew_hwusbdev - ok
01:36:12.0005 2388 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
01:36:12.0005 2388 ew_usbenumfilter - ok
01:36:12.0015 2388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:36:12.0025 2388 exfat - ok
01:36:12.0045 2388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:36:12.0045 2388 fastfat - ok
01:36:12.0115 2388 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:36:12.0125 2388 Fax - ok
01:36:12.0125 2388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:36:12.0135 2388 fdc - ok
01:36:12.0135 2388 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:36:12.0135 2388 fdPHost - ok
01:36:12.0145 2388 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:36:12.0145 2388 FDResPub - ok
01:36:12.0155 2388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:36:12.0155 2388 FileInfo - ok
01:36:12.0175 2388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:36:12.0175 2388 Filetrace - ok
01:36:12.0255 2388 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:36:12.0265 2388 FLEXnet Licensing Service - ok
01:36:12.0385 2388 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
01:36:12.0395 2388 FLEXnet Licensing Service 64 - ok
01:36:12.0485 2388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:36:12.0485 2388 flpydisk - ok
01:36:12.0525 2388 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:36:12.0525 2388 FltMgr - ok
01:36:12.0615 2388 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
01:36:12.0625 2388 FontCache - ok
01:36:12.0675 2388 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:36:12.0685 2388 FontCache3.0.0.0 - ok
01:36:12.0705 2388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:36:12.0705 2388 FsDepends - ok
01:36:12.0715 2388 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:36:12.0715 2388 Fs_Rec - ok
01:36:12.0765 2388 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:36:12.0775 2388 fvevol - ok
01:36:12.0795 2388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:36:12.0795 2388 gagp30kx - ok
01:36:12.0825 2388 giveio - ok
01:36:12.0875 2388 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:36:12.0885 2388 gpsvc - ok
01:36:12.0895 2388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:36:12.0895 2388 hcw85cir - ok
01:36:12.0955 2388 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:36:12.0965 2388 HdAudAddService - ok
01:36:12.0985 2388 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:36:12.0985 2388 HDAudBus - ok
01:36:12.0985 2388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:36:12.0985 2388 HidBatt - ok
01:36:13.0005 2388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:36:13.0005 2388 HidBth - ok
01:36:13.0015 2388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:36:13.0015 2388 HidIr - ok
01:36:13.0035 2388 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:36:13.0035 2388 hidserv - ok
01:36:13.0065 2388 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:36:13.0065 2388 HidUsb - ok
01:36:13.0105 2388 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:36:13.0105 2388 hkmsvc - ok
01:36:13.0135 2388 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:36:13.0135 2388 HomeGroupListener - ok
01:36:13.0175 2388 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:36:13.0175 2388 HomeGroupProvider - ok
01:36:13.0205 2388 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:36:13.0205 2388 HpSAMD - ok
01:36:13.0275 2388 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:36:13.0285 2388 HTTP - ok
01:36:13.0335 2388 huawei_enumerator (1642c62f1fd5e1ff44608283994a7bb8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
01:36:13.0335 2388 huawei_enumerator - ok
01:36:13.0375 2388 hwdatacard (04d1de1e8ace40ca396502c90524e945) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:36:13.0375 2388 hwdatacard - ok
01:36:13.0415 2388 HWDeviceService64.exe - ok
01:36:13.0445 2388 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:36:13.0445 2388 hwpolicy - ok
01:36:13.0475 2388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:36:13.0475 2388 i8042prt - ok
01:36:13.0515 2388 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:36:13.0515 2388 iaStorV - ok
01:36:13.0635 2388 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:36:13.0655 2388 idsvc - ok
01:36:13.0675 2388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:36:13.0685 2388 iirsp - ok
01:36:13.0735 2388 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:36:13.0745 2388 IKEEXT - ok
01:36:13.0755 2388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:36:13.0755 2388 intelide - ok
01:36:13.0785 2388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:36:13.0785 2388 intelppm - ok
01:36:13.0805 2388 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:36:13.0805 2388 IPBusEnum - ok
01:36:13.0825 2388 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:36:13.0825 2388 IpFilterDriver - ok
01:36:14.0075 2388 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:36:14.0085 2388 iphlpsvc - ok
01:36:14.0095 2388 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:36:14.0095 2388 IPMIDRV - ok
01:36:14.0115 2388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:36:14.0115 2388 IPNAT - ok
01:36:14.0135 2388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:36:14.0135 2388 IRENUM - ok
01:36:14.0145 2388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:36:14.0145 2388 isapnp - ok
01:36:14.0165 2388 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:36:14.0175 2388 iScsiPrt - ok
01:36:14.0195 2388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:36:14.0205 2388 kbdclass - ok
01:36:14.0225 2388 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:36:14.0225 2388 kbdhid - ok
01:36:14.0255 2388 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
01:36:14.0255 2388 KeyIso - ok
01:36:14.0275 2388 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
01:36:14.0275 2388 KSecDD - ok
01:36:14.0305 2388 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
01:36:14.0315 2388 KSecPkg - ok
01:36:14.0325 2388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:36:14.0325 2388 ksthunk - ok
01:36:14.0355 2388 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:36:14.0365 2388 KtmRm - ok
01:36:14.0395 2388 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:36:14.0405 2388 LanmanServer - ok
01:36:14.0415 2388 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:36:14.0425 2388 LanmanWorkstation - ok
01:36:14.0445 2388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:36:14.0445 2388 lltdio - ok
01:36:14.0485 2388 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:36:14.0485 2388 lltdsvc - ok
01:36:14.0505 2388 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:36:14.0505 2388 lmhosts - ok
01:36:14.0535 2388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:36:14.0535 2388 LSI_FC - ok
01:36:14.0545 2388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:36:14.0555 2388 LSI_SAS - ok
01:36:14.0565 2388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:36:14.0565 2388 LSI_SAS2 - ok
01:36:14.0585 2388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:36:14.0585 2388 LSI_SCSI - ok
01:36:14.0605 2388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:36:14.0605 2388 luafv - ok
01:36:14.0745 2388 M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\pol\AppData\Roaming\Mikogo 4\M4-Service.exe
01:36:14.0755 2388 M4-Service - ok
01:36:14.0785 2388 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
01:36:14.0785 2388 MBAMProtector - ok
01:36:14.0875 2388 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:36:14.0875 2388 MBAMService - ok
01:36:14.0895 2388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:36:14.0895 2388 megasas - ok
01:36:14.0925 2388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:36:14.0925 2388 MegaSR - ok
01:36:14.0975 2388 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\3EC0.tmp
01:36:14.0975 2388 MEMSWEEP2 - ok
01:36:15.0055 2388 mi-raysat_3dsMax2009_64 (0af89452a8ce3928168f4e5b2208c68b) D:\max2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
01:36:15.0065 2388 mi-raysat_3dsMax2009_64 - ok
01:36:15.0155 2388 mi-raysat_3dsmax2011_64 (0af89452a8ce3928168f4e5b2208c68b) D:\max2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
01:36:15.0155 2388 mi-raysat_3dsmax2011_64 - ok
01:36:15.0215 2388 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:36:15.0215 2388 Microsoft Office Groove Audit Service - ok
01:36:15.0245 2388 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:36:15.0255 2388 MMCSS - ok
01:36:15.0265 2388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:36:15.0265 2388 Modem - ok
01:36:15.0295 2388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:36:15.0295 2388 monitor - ok
01:36:15.0325 2388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:36:15.0325 2388 mouclass - ok
01:36:15.0335 2388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:36:15.0345 2388 mouhid - ok
01:36:15.0375 2388 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:36:15.0375 2388 mountmgr - ok
01:36:15.0415 2388 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:36:15.0415 2388 MozillaMaintenance - ok
01:36:15.0435 2388 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:36:15.0435 2388 mpio - ok
01:36:15.0455 2388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:36:15.0455 2388 mpsdrv - ok
01:36:15.0525 2388 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:36:15.0535 2388 MpsSvc - ok
01:36:15.0575 2388 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:36:15.0575 2388 MRxDAV - ok
01:36:15.0625 2388 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:36:15.0625 2388 mrxsmb - ok
01:36:15.0655 2388 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:36:15.0665 2388 mrxsmb10 - ok
01:36:15.0675 2388 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:36:15.0675 2388 mrxsmb20 - ok
01:36:15.0705 2388 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:36:15.0705 2388 msahci - ok
01:36:15.0735 2388 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:36:15.0745 2388 msdsm - ok
01:36:15.0765 2388 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:36:15.0765 2388 MSDTC - ok
01:36:15.0795 2388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:36:15.0805 2388 Msfs - ok
01:36:15.0815 2388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:36:15.0815 2388 mshidkmdf - ok
01:36:15.0825 2388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:36:15.0825 2388 msisadrv - ok
01:36:15.0865 2388 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:36:15.0875 2388 MSiSCSI - ok
01:36:15.0875 2388 msiserver - ok
01:36:15.0895 2388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:36:15.0895 2388 MSKSSRV - ok
01:36:15.0895 2388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:36:15.0905 2388 MSPCLOCK - ok
01:36:15.0905 2388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:36:15.0905 2388 MSPQM - ok
01:36:15.0955 2388 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:36:15.0965 2388 MsRPC - ok
01:36:15.0975 2388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:36:15.0975 2388 mssmbios - ok
01:36:15.0975 2388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:36:15.0985 2388 MSTEE - ok
01:36:15.0985 2388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:36:15.0985 2388 MTConfig - ok
01:36:16.0005 2388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:36:16.0005 2388 Mup - ok
01:36:16.0035 2388 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:36:16.0045 2388 napagent - ok
01:36:16.0085 2388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:36:16.0085 2388 NativeWifiP - ok
01:36:16.0145 2388 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:36:16.0155 2388 NDIS - ok
01:36:16.0175 2388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:36:16.0175 2388 NdisCap - ok
01:36:16.0195 2388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:36:16.0195 2388 NdisTapi - ok
01:36:16.0235 2388 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:36:16.0245 2388 Ndisuio - ok
01:36:16.0275 2388 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:36:16.0275 2388 NdisWan - ok
01:36:16.0315 2388 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:36:16.0315 2388 NDProxy - ok
01:36:16.0335 2388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:36:16.0335 2388 NetBIOS - ok
01:36:16.0355 2388 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:36:16.0365 2388 NetBT - ok
01:36:16.0395 2388 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
01:36:16.0395 2388 Netlogon - ok
01:36:16.0445 2388 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:36:16.0445 2388 Netman - ok
01:36:16.0585 2388 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:16.0585 2388 NetMsmqActivator - ok
01:36:16.0585 2388 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:16.0585 2388 NetPipeActivator - ok
01:36:16.0625 2388 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:36:16.0635 2388 netprofm - ok
01:36:16.0635 2388 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:16.0635 2388 NetTcpActivator - ok
01:36:16.0645 2388 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:16.0645 2388 NetTcpPortSharing - ok
01:36:16.0675 2388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:36:16.0685 2388 nfrd960 - ok
01:36:16.0705 2388 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:36:16.0705 2388 NlaSvc - ok
01:36:16.0725 2388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:36:16.0725 2388 Npfs - ok
01:36:16.0755 2388 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:36:16.0755 2388 nsi - ok
01:36:16.0755 2388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:36:16.0755 2388 nsiproxy - ok
01:36:16.0855 2388 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:36:16.0875 2388 Ntfs - ok
01:36:16.0935 2388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:36:16.0935 2388 Null - ok
01:36:17.0655 2388 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:36:17.0815 2388 nvlddmkm - ok
01:36:17.0925 2388 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:36:17.0935 2388 nvraid - ok
01:36:17.0945 2388 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:36:17.0945 2388 nvstor - ok
01:36:17.0995 2388 nvsvc (522845124da947b2372c6f606cd105a8) C:\Windows\system32\nvvsvc.exe
01:36:17.0995 2388 nvsvc - ok
01:36:18.0025 2388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:36:18.0025 2388 nv_agp - ok
01:36:18.0095 2388 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:36:18.0105 2388 odserv - ok
01:36:18.0125 2388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:36:18.0125 2388 ohci1394 - ok
01:36:18.0155 2388 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:36:18.0155 2388 ose - ok
01:36:18.0215 2388 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:36:18.0215 2388 p2pimsvc - ok
01:36:18.0255 2388 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:36:18.0255 2388 p2psvc - ok
01:36:18.0305 2388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:36:18.0315 2388 Parport - ok
01:36:18.0345 2388 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:36:18.0345 2388 partmgr - ok
01:36:18.0365 2388 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:36:18.0365 2388 PcaSvc - ok
01:36:18.0375 2388 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:36:18.0385 2388 pci - ok
01:36:18.0395 2388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:36:18.0395 2388 pciide - ok
01:36:18.0415 2388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:36:18.0415 2388 pcmcia - ok
01:36:18.0425 2388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:36:18.0425 2388 pcw - ok
01:36:18.0465 2388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:36:18.0475 2388 PEAUTH - ok
01:36:18.0555 2388 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:36:18.0585 2388 PeerDistSvc - ok
01:36:18.0655 2388 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:36:18.0655 2388 PerfHost - ok
01:36:18.0805 2388 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:36:18.0825 2388 pla - ok
01:36:18.0885 2388 PLAY ONLINE. RunOuc (38106c7bd34eae89d2769ac0ba2e846b) C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe
01:36:18.0885 2388 PLAY ONLINE. RunOuc - ok
01:36:18.0985 2388 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
01:36:18.0985 2388 PlugPlay - ok
01:36:19.0015 2388 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:36:19.0015 2388 PNRPAutoReg - ok
01:36:19.0045 2388 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:36:19.0055 2388 PNRPsvc - ok
01:36:19.0095 2388 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:36:19.0095 2388 PolicyAgent - ok
01:36:19.0155 2388 postgresql-8.4 - ok
01:36:19.0185 2388 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:36:19.0195 2388 Power - ok
01:36:19.0245 2388 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:36:19.0245 2388 PptpMiniport - ok
01:36:19.0265 2388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:36:19.0275 2388 Processor - ok
01:36:19.0315 2388 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:36:19.0325 2388 ProfSvc - ok
01:36:19.0355 2388 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
01:36:19.0355 2388 ProtectedStorage - ok
01:36:19.0395 2388 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:36:19.0395 2388 Psched - ok
01:36:19.0485 2388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:36:19.0505 2388 ql2300 - ok
01:36:19.0575 2388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:36:19.0585 2388 ql40xx - ok
01:36:19.0615 2388 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:36:19.0615 2388 QWAVE - ok
01:36:19.0635 2388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:36:19.0635 2388 QWAVEdrv - ok
01:36:19.0645 2388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:36:19.0645 2388 RasAcd - ok
01:36:19.0665 2388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:36:19.0665 2388 RasAgileVpn - ok
01:36:19.0685 2388 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:36:19.0685 2388 RasAuto - ok
01:36:19.0695 2388 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:36:19.0695 2388 Rasl2tp - ok
01:36:19.0725 2388 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:36:19.0735 2388 RasMan - ok
01:36:19.0785 2388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:36:19.0785 2388 RasPppoe - ok
01:36:19.0805 2388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:36:19.0805 2388 RasSstp - ok
01:36:19.0855 2388 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:36:19.0855 2388 rdbss - ok
01:36:19.0865 2388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:36:19.0865 2388 rdpbus - ok
01:36:19.0875 2388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:36:19.0875 2388 RDPCDD - ok
01:36:19.0905 2388 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:36:19.0915 2388 RDPDR - ok
01:36:19.0935 2388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:36:19.0935 2388 RDPENCDD - ok
01:36:19.0945 2388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:36:19.0945 2388 RDPREFMP - ok
01:36:19.0995 2388 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:36:19.0995 2388 RdpVideoMiniport - ok
01:36:20.0035 2388 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:36:20.0035 2388 RDPWD - ok
01:36:20.0055 2388 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:36:20.0065 2388 rdyboost - ok
01:36:20.0085 2388 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:36:20.0085 2388 RemoteAccess - ok
01:36:20.0105 2388 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:36:20.0105 2388 RemoteRegistry - ok
01:36:20.0135 2388 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:36:20.0135 2388 RpcEptMapper - ok
01:36:20.0155 2388 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:36:20.0155 2388 RpcLocator - ok
01:36:20.0195 2388 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:36:20.0195 2388 RpcSs - ok
01:36:20.0215 2388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:36:20.0215 2388 rspndr - ok
01:36:20.0255 2388 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:36:20.0265 2388 RTL8167 - ok
01:36:20.0285 2388 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:36:20.0285 2388 s3cap - ok
01:36:20.0315 2388 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
01:36:20.0315 2388 SamSs - ok
01:36:20.0345 2388 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:36:20.0345 2388 sbp2port - ok
01:36:20.0375 2388 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:36:20.0385 2388 SCardSvr - ok
01:36:20.0415 2388 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:36:20.0415 2388 scfilter - ok
01:36:20.0505 2388 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:36:20.0515 2388 Schedule - ok
01:36:20.0545 2388 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:36:20.0555 2388 SCPolicySvc - ok
01:36:20.0595 2388 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:36:20.0595 2388 SDRSVC - ok
01:36:20.0625 2388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:36:20.0625 2388 secdrv - ok
01:36:20.0655 2388 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:36:20.0655 2388 seclogon - ok
01:36:20.0675 2388 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:36:20.0685 2388 SENS - ok
01:36:20.0695 2388 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:36:20.0695 2388 SensrSvc - ok
01:36:20.0715 2388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:36:20.0715 2388 Serenum - ok
01:36:20.0735 2388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:36:20.0735 2388 Serial - ok
01:36:20.0745 2388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:36:20.0745 2388 sermouse - ok
01:36:20.0795 2388 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:36:20.0795 2388 SessionEnv - ok
01:36:20.0815 2388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:36:20.0815 2388 sffdisk - ok
01:36:20.0825 2388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:36:20.0825 2388 sffp_mmc - ok
01:36:20.0835 2388 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:36:20.0835 2388 sffp_sd - ok
01:36:20.0845 2388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:36:20.0845 2388 sfloppy - ok
01:36:20.0915 2388 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:36:20.0915 2388 SharedAccess - ok
01:36:20.0975 2388 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:36:20.0975 2388 ShellHWDetection - ok
01:36:21.0005 2388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:36:21.0005 2388 SiSRaid2 - ok
01:36:21.0025 2388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:36:21.0025 2388 SiSRaid4 - ok
01:36:21.0115 2388 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:36:21.0115 2388 SkypeUpdate - ok
01:36:21.0125 2388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:36:21.0135 2388 Smb - ok
01:36:21.0165 2388 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:36:21.0165 2388 SNMPTRAP - ok
01:36:21.0175 2388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:36:21.0175 2388 spldr - ok
01:36:21.0225 2388 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:36:21.0235 2388 Spooler - ok
01:36:21.0425 2388 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:36:21.0465 2388 sppsvc - ok
01:36:21.0535 2388 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:36:21.0535 2388 sppuinotify - ok
01:36:21.0625 2388 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
01:36:21.0625 2388 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
01:36:21.0635 2388 sptd ( LockedFile.Multi.Generic ) - warning
01:36:21.0635 2388 sptd - detected LockedFile.Multi.Generic (1)
01:36:21.0665 2388 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
01:36:21.0675 2388 srv - ok
01:36:21.0705 2388 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
01:36:21.0705 2388 srv2 - ok
01:36:21.0745 2388 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
01:36:21.0745 2388 srvnet - ok
01:36:21.0785 2388 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:36:21.0785 2388 SSDPSRV - ok
01:36:21.0805 2388 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:36:21.0805 2388 SstpSvc - ok
01:36:21.0915 2388 Stereo Service (9d6de9a470eeb47207f413c58980f5fa) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:36:21.0925 2388 Stereo Service - ok
01:36:21.0945 2388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:36:21.0955 2388 stexstor - ok
01:36:22.0015 2388 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:36:22.0025 2388 stisvc - ok
01:36:22.0055 2388 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:36:22.0055 2388 storflt - ok
01:36:22.0075 2388 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:36:22.0075 2388 storvsc - ok
01:36:22.0085 2388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:36:22.0085 2388 swenum - ok
01:36:22.0115 2388 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:36:22.0125 2388 swprv - ok
01:36:22.0145 2388 Synth3dVsc - ok
01:36:22.0255 2388 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:36:22.0275 2388 SysMain - ok
01:36:22.0345 2388 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:36:22.0355 2388 TabletInputService - ok
01:36:22.0395 2388 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:36:22.0405 2388 TapiSrv - ok
01:36:22.0415 2388 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:36:22.0415 2388 TBS - ok
01:36:22.0545 2388 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
01:36:22.0565 2388 Tcpip - ok
01:36:22.0685 2388 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
01:36:22.0705 2388 TCPIP6 - ok
01:36:22.0765 2388 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:36:22.0765 2388 tcpipreg - ok
01:36:22.0785 2388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:36:22.0795 2388 TDPIPE - ok
01:36:22.0795 2388 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:36:22.0795 2388 TDTCP - ok
01:36:22.0855 2388 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:36:22.0855 2388 tdx - ok
01:36:23.0085 2388 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:36:23.0115 2388 TeamViewer7 - ok
01:36:23.0185 2388 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:36:23.0185 2388 TermDD - ok
01:36:23.0245 2388 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:36:23.0255 2388 TermService - ok
01:36:23.0285 2388 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:36:23.0285 2388 Themes - ok
01:36:23.0305 2388 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:36:23.0315 2388 THREADORDER - ok
01:36:23.0325 2388 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:36:23.0335 2388 TrkWks - ok
01:36:23.0385 2388 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:36:23.0385 2388 TrustedInstaller - ok
01:36:23.0425 2388 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:36:23.0425 2388 tssecsrv - ok
01:36:23.0435 2388 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:36:23.0445 2388 TsUsbFlt - ok
01:36:23.0455 2388 tsusbhub - ok
01:36:23.0495 2388 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:36:23.0495 2388 tunnel - ok
01:36:23.0515 2388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:36:23.0515 2388 uagp35 - ok
01:36:23.0555 2388 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:36:23.0565 2388 udfs - ok
01:36:23.0585 2388 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:36:23.0585 2388 UI0Detect - ok
01:36:23.0615 2388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:36:23.0615 2388 uliagpkx - ok
01:36:23.0635 2388 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:36:23.0635 2388 umbus - ok
01:36:23.0655 2388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:36:23.0655 2388 UmPass - ok
01:36:23.0675 2388 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:36:23.0685 2388 UmRdpService - ok
01:36:23.0715 2388 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:36:23.0715 2388 upnphost - ok
01:36:23.0735 2388 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
01:36:23.0735 2388 usbccgp - ok
01:36:23.0765 2388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:36:23.0765 2388 usbcir - ok
01:36:23.0785 2388 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
01:36:23.0785 2388 usbehci - ok
01:36:23.0805 2388 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
01:36:23.0815 2388 usbhub - ok
01:36:23.0845 2388 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
01:36:23.0845 2388 usbohci - ok
01:36:23.0855 2388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:36:23.0855 2388 usbprint - ok
01:36:23.0875 2388 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:36:23.0885 2388 USBSTOR - ok
01:36:23.0895 2388 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
01:36:23.0895 2388 usbuhci - ok
01:36:23.0915 2388 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:36:23.0915 2388 UxSms - ok
01:36:23.0955 2388 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
01:36:23.0955 2388 VaultSvc - ok
01:36:23.0965 2388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:36:23.0965 2388 vdrvroot - ok
01:36:24.0025 2388 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:36:24.0035 2388 vds - ok
01:36:24.0065 2388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:36:24.0065 2388 vga - ok
01:36:24.0075 2388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:36:24.0075 2388 VgaSave - ok
01:36:24.0085 2388 VGPU - ok
01:36:24.0125 2388 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:36:24.0125 2388 vhdmp - ok
01:36:24.0145 2388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:36:24.0145 2388 viaide - ok
01:36:24.0165 2388 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:36:24.0165 2388 vmbus - ok
01:36:24.0185 2388 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:36:24.0185 2388 VMBusHID - ok
01:36:24.0205 2388 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:36:24.0205 2388 volmgr - ok
01:36:24.0255 2388 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:36:24.0255 2388 volmgrx - ok
01:36:24.0285 2388 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:36:24.0285 2388 volsnap - ok
01:36:24.0315 2388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:36:24.0325 2388 vsmraid - ok
01:36:24.0415 2388 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:36:24.0435 2388 VSS - ok
01:36:24.0515 2388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:36:24.0515 2388 vwifibus - ok
01:36:24.0555 2388 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:36:24.0565 2388 W32Time - ok
01:36:24.0585 2388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:36:24.0585 2388 WacomPen - ok
01:36:24.0605 2388 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:36:24.0615 2388 WANARP - ok
01:36:24.0615 2388 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:36:24.0615 2388 Wanarpv6 - ok
01:36:24.0695 2388 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:36:24.0715 2388 WatAdminSvc - ok
01:36:24.0805 2388 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:36:24.0835 2388 wbengine - ok
01:36:24.0885 2388 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:36:24.0885 2388 WbioSrvc - ok
01:36:24.0915 2388 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:36:24.0925 2388 wcncsvc - ok
01:36:24.0935 2388 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:36:24.0945 2388 WcsPlugInService - ok
01:36:24.0965 2388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:36:24.0965 2388 Wd - ok
01:36:25.0005 2388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:36:25.0015 2388 Wdf01000 - ok
01:36:25.0025 2388 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:36:25.0035 2388 WdiServiceHost - ok
01:36:25.0035 2388 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:36:25.0035 2388 WdiSystemHost - ok
01:36:25.0085 2388 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:36:25.0095 2388 WebClient - ok
01:36:25.0105 2388 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:36:25.0115 2388 Wecsvc - ok
01:36:25.0135 2388 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:36:25.0135 2388 wercplsupport - ok
01:36:25.0165 2388 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:36:25.0165 2388 WerSvc - ok
01:36:25.0195 2388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:36:25.0205 2388 WfpLwf - ok
01:36:25.0215 2388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:36:25.0215 2388 WIMMount - ok
01:36:25.0235 2388 WinDefend - ok
01:36:25.0255 2388 WinHttpAutoProxySvc - ok
01:36:25.0305 2388 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:36:25.0315 2388 Winmgmt - ok
01:36:25.0435 2388 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:36:25.0465 2388 WinRM - ok
01:36:25.0565 2388 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:36:25.0565 2388 WinUsb - ok
01:36:25.0625 2388 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:36:25.0645 2388 Wlansvc - ok
01:36:25.0655 2388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:36:25.0655 2388 WmiAcpi - ok
01:36:25.0685 2388 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:36:25.0685 2388 wmiApSrv - ok
01:36:25.0695 2388 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:36:25.0695 2388 WPCSvc - ok
01:36:25.0735 2388 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:36:25.0735 2388 WPDBusEnum - ok
01:36:25.0755 2388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:36:25.0755 2388 ws2ifsl - ok
01:36:25.0785 2388 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:36:25.0785 2388 wscsvc - ok
01:36:25.0795 2388 WSearch - ok
01:36:25.0945 2388 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:36:25.0975 2388 wuauserv - ok
01:36:26.0045 2388 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:36:26.0055 2388 WudfPf - ok
01:36:26.0085 2388 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:36:26.0085 2388 WUDFRd - ok
01:36:26.0105 2388 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:36:26.0105 2388 wudfsvc - ok
01:36:26.0125 2388 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:36:26.0125 2388 WwanSvc - ok
01:36:26.0205 2388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:36:26.0675 2388 \Device\Harddisk0\DR0 - ok
01:36:26.0695 2388 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk1\DR1
01:36:26.0965 2388 \Device\Harddisk1\DR1 - ok
01:36:26.0965 2388 Boot (0x1200) (d263c8880274fd9e5488556470dd7f7d) \Device\Harddisk0\DR0\Partition0
01:36:26.0975 2388 \Device\Harddisk0\DR0\Partition0 - ok
01:36:26.0985 2388 Boot (0x1200) (e5820b871b6fed8ec1bdcaf501e8c8ef) \Device\Harddisk0\DR0\Partition1
01:36:26.0985 2388 \Device\Harddisk0\DR0\Partition1 - ok
01:36:27.0005 2388 Boot (0x1200) (cf83dba784bfd8d48eb3e4f688ab47bf) \Device\Harddisk0\DR0\Partition2
01:36:27.0005 2388 \Device\Harddisk0\DR0\Partition2 - ok
01:36:27.0005 2388 Boot (0x1200) (44cc5f1fdb79f148f9376b835ee4a321) \Device\Harddisk1\DR1\Partition0
01:36:27.0015 2388 \Device\Harddisk1\DR1\Partition0 - ok
01:36:27.0025 2388 Boot (0x1200) (ce4404699a9929729e7287aa28127a8d) \Device\Harddisk1\DR1\Partition1
01:36:27.0025 2388 \Device\Harddisk1\DR1\Partition1 - ok
01:36:27.0045 2388 Boot (0x1200) (a061dad3a661a8aaaa1e0df81ec174f6) \Device\Harddisk1\DR1\Partition2
01:36:27.0045 2388 \Device\Harddisk1\DR1\Partition2 - ok
01:36:27.0045 2388 ============================================================
01:36:27.0045 2388 Scan finished
01:36:27.0045 2388 ============================================================
01:36:27.0055 5252 Detected object count: 1
01:36:27.0055 5252 Actual detected object count: 1
01:36:33.0265 5252 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:36:33.0265 5252 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#5 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 July 2012 - 06:40 PM

aswMBR text file

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 01:39:21
-----------------------------
01:39:21.358 OS Version: Windows x64 6.1.7601 Service Pack 1
01:39:21.358 Number of processors: 4 586 0xF0B
01:39:21.358 ComputerName: POL-KOMPUTER UserName: pol
01:39:21.828 Initialize success
01:39:27.818 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:39:27.818 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715403MB BusType: 3
01:39:27.818 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
01:39:27.818 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
01:39:27.828 Disk 0 MBR read successfully
01:39:27.828 Disk 0 MBR scan
01:39:27.828 Disk 0 Windows 7 default MBR code
01:39:27.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
01:39:27.838 Disk 0 Partition - 00 0F Extended LBA 565397 MB offset 307194930
01:39:27.848 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 300002 MB offset 307194993
01:39:27.858 Disk 0 Partition - 00 05 Extended 265394 MB offset 921600855
01:39:27.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 265394 MB offset 921600918
01:39:27.908 Disk 0 scanning C:\Windows\system32\drivers
01:39:32.568 Service scanning
01:39:40.128 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:39:42.798 Modules scanning
01:39:42.798 Disk 0 trace - called modules:
01:39:42.818 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a92c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:39:42.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a76060]
01:39:42.828 3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> [0xfffffa80047fb520]
01:39:42.838 5 ACPI.sys[fffff88000ede7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80047f5060]
01:39:42.848 \Driver\atapi[0xfffffa80047b85b0] -> IRP_MJ_CREATE -> 0xfffffa80039a92c0
01:39:42.858 Scan finished successfully
01:39:51.332 Disk 0 MBR has been saved successfully to "C:\Users\pol\Desktop\MBR.dat"
01:39:51.332 The log file has been saved successfully to "C:\Users\pol\Desktop\aswMBR.txt"

Edited by polxx, 04 July 2012 - 06:42 PM.


#6 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 July 2012 - 07:17 PM

hijackthis log and mbr.dat attached

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:16:08 AM, on 7/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pol\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED385AD-A23C-4150-9373-027909B04686}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2B8857-B993-4719-A360-B375B17C48C8}: NameServer = 89.108.195.21 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3E8B023-3C06-4179-BAC5-4D6841C0722E}: NameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC86D486-ECAF-4966-9F5F-D6EBCACFC92C}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: M4-Service - Unknown owner - C:\Users\pol\AppData\Roaming\Mikogo 4\M4-Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - D:\max2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - D:\max2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLAY ONLINE. OUC (PLAY ONLINE. RunOuc) - Unknown owner - C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11515 bytes

#7 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 04 July 2012 - 07:19 PM

i can't attach file:
"Error You aren't permitted to upload this kind of file"

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 AM

Posted 05 July 2012 - 08:00 AM

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


===

Please run the aswMBR tool again and post a fresh log.
===

Run ComboFix one more time and post the log. You may be asked to update the program please do.

p.s.
The mbr.dat file must be zipped then you can attach it.
It's a copy of your Master Boor Record. Will be needed if we ever have to make a change to it.

#9 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 July 2012 - 08:17 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 01:39:21
-----------------------------
01:39:21.358 OS Version: Windows x64 6.1.7601 Service Pack 1
01:39:21.358 Number of processors: 4 586 0xF0B
01:39:21.358 ComputerName: POL-KOMPUTER UserName: pol
01:39:21.828 Initialize success
01:39:27.818 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:39:27.818 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715403MB BusType: 3
01:39:27.818 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
01:39:27.818 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
01:39:27.828 Disk 0 MBR read successfully
01:39:27.828 Disk 0 MBR scan
01:39:27.828 Disk 0 Windows 7 default MBR code
01:39:27.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
01:39:27.838 Disk 0 Partition - 00 0F Extended LBA 565397 MB offset 307194930
01:39:27.848 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 300002 MB offset 307194993
01:39:27.858 Disk 0 Partition - 00 05 Extended 265394 MB offset 921600855
01:39:27.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 265394 MB offset 921600918
01:39:27.908 Disk 0 scanning C:\Windows\system32\drivers
01:39:32.568 Service scanning
01:39:40.128 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:39:42.798 Modules scanning
01:39:42.798 Disk 0 trace - called modules:
01:39:42.818 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a92c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:39:42.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a76060]
01:39:42.828 3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> [0xfffffa80047fb520]
01:39:42.838 5 ACPI.sys[fffff88000ede7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80047f5060]
01:39:42.848 \Driver\atapi[0xfffffa80047b85b0] -> IRP_MJ_CREATE -> 0xfffffa80039a92c0
01:39:42.858 Scan finished successfully
01:39:51.332 Disk 0 MBR has been saved successfully to "C:\Users\pol\Desktop\MBR.dat"
01:39:51.332 The log file has been saved successfully to "C:\Users\pol\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 15:16:25
-----------------------------
15:16:25.459 OS Version: Windows x64 6.1.7601 Service Pack 1
15:16:25.459 Number of processors: 4 586 0xF0B
15:16:25.459 ComputerName: POL-KOMPUTER UserName: pol
15:16:25.865 Initialize success
15:16:30.739 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:16:30.739 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715403MB BusType: 3
15:16:30.739 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
15:16:30.755 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
15:16:30.755 Disk 0 MBR read successfully
15:16:30.770 Disk 0 MBR scan
15:16:30.770 Disk 0 Windows 7 default MBR code
15:16:30.770 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
15:16:30.770 Disk 0 Partition - 00 0F Extended LBA 565397 MB offset 307194930
15:16:30.786 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 300002 MB offset 307194993
15:16:30.786 Disk 0 Partition - 00 05 Extended 265394 MB offset 921600855
15:16:30.817 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 265394 MB offset 921600918
15:16:30.833 Disk 0 scanning C:\Windows\system32\drivers
15:16:35.403 Service scanning
15:16:47.806 Modules scanning
15:16:47.806 Disk 0 trace - called modules:
15:16:47.821 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
15:16:47.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a49060]
15:16:47.837 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80047e7580]
15:16:47.852 5 ACPI.sys[fffff88000efb7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047e9060]
15:16:47.852 Scan finished successfully
15:17:13.202 Disk 0 MBR has been saved successfully to "C:\Users\pol\Desktop\MBR.dat"
15:17:13.234 The log file has been saved successfully to "C:\Users\pol\Desktop\aswMBR.txt"

#10 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 July 2012 - 08:32 AM

hijackthis log after running combofix, and mbr.dat attached

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:22 PM, on 7/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=dc6a8193-dab1-4224-a64c-896c829e043e&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pol\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-910475282-1000278632-3309982957-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED385AD-A23C-4150-9373-027909B04686}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2B8857-B993-4719-A360-B375B17C48C8}: NameServer = 89.108.195.21 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3E8B023-3C06-4179-BAC5-4D6841C0722E}: NameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC86D486-ECAF-4966-9F5F-D6EBCACFC92C}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CB078FC-D271-4CAB-A7CC-CE805272478F}: NameServer = 89.108.195.20 217.17.34.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: M4-Service - Unknown owner - C:\Users\pol\AppData\Roaming\Mikogo 4\M4-Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - D:\max2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - D:\max2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLAY ONLINE. OUC (PLAY ONLINE. RunOuc) - Unknown owner - C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11250 bytes

Attached Files

  • Attached File  MBR.zip   560bytes   0 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 AM

Posted 05 July 2012 - 08:33 AM

Good the logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#12 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 July 2012 - 09:25 AM

i don't have c:/combofix.txt, I have only c:/combofix/combofix.txt and it says:

ComboFix 12-07-05.02 - pol 07/05/2012 16:15:25.14.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2795 [GMT 2:00]
Uruchomiony z: C:\Users\pol\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 AM

Posted 05 July 2012 - 10:24 AM

Please run ComboFix one more time and see if you can get a complete log.

As requested make sure you Security programs are disable.


Post the Security Check log as well.

#14 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 July 2012 - 04:13 PM

sorry, no c:/combofix.txt file again

here is the securitycheck log:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware wersja 1.61.0.1400
Java™ 6 Update 20
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#15 polxx

polxx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 05 July 2012 - 04:42 PM

i just installed vcd again (sorry, wanted to play some lol) and the problem still persists...shall i repeat it all over again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users