Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE keeps shutting down after 1 minute


  • This topic is locked This topic is locked
15 replies to this topic

#1 xbattlestation

xbattlestation

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 08 July 2012 - 04:36 AM

Sometimes my browser (IE9) gets hijacked & sent to websites about comparing products, so I thought I'd better check my anti-virus. I noticed Microsoft Security Essentials was not running, and I couldnt start it (message about "service not found" or "unable to start" or similar), so I re-installed. Now it will shutdown the computer after about a minute or two of starting up (some message about finding something nasty & needing to restart), so I've un-installed it, and googled & found the instructions on this website:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by simon at 19:21:04 on 2012-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8105.5833 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\WinService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX3000.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\simon\AppData\Roaming\xsecva\xsecva.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Device Integrator\DI_HIDServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\WUDFHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [ASRockXTU]
uRun: [zASRockInstantBoot]
uRun: [Google Update] "C:\Users\simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [XSECVA] C:\Users\simon\AppData\Roaming\xsecva\xsecva.exe -s
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 61.9.211.1 61.9.211.33
TCP: Interfaces\{DA3E8274-B7F3-4FAA-B1F1-1429188765F2} : DhcpNameServer = 61.9.211.1 61.9.211.33
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2011-8-14 180224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-13 2656280]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SaiHFFB5;SaiHFFB5;C:\Windows\system32\DRIVERS\SaiHFFB5.sys --> C:\Windows\system32\DRIVERS\SaiHFFB5.sys [?]
S3 SaiIFFB5;Immersion's HID USB Driver (FFB5);C:\Windows\system32\DRIVERS\SaiIFFB5.sys --> C:\Windows\system32\DRIVERS\SaiIFFB5.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-4 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384]
SUnknown eluzlhfi;eluzlhfi; [x]
.
=============== Created Last 30 ================
.
2012-07-08 05:54:09 328704 ----a-w- C:\Windows\System32\services.exe.55A069161FB5E157
2012-07-08 05:51:15 328704 ----a-w- C:\Windows\System32\services.exe.97C54231A062546E
2012-07-08 05:48:27 328704 ----a-w- C:\Windows\System32\services.exe.28B5CCB47C873C34
2012-07-08 05:43:51 328704 ----a-w- C:\Windows\System32\services.exe.9157C7CE508C8606
2012-07-08 05:39:36 328704 ----a-w- C:\Windows\System32\services.exe.C494ABB02B4A2960
2012-07-08 04:50:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-08 04:39:20 -------- d-----w- C:\Users\simon\AppData\Roaming\xsecva
2012-07-08 04:26:32 -------- d-----w- C:\Users\simon\AppData\Local\APN
2012-07-08 04:26:05 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-07-08 00:27:59 49664 ----a-w- C:\Windows\System32\CamCodec.dll
2012-07-08 00:27:59 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-07-07 23:46:36 -------- d-----w- C:\Program Files (x86)\FreeStopwatch
2012-07-07 22:28:52 -------- d-----w- C:\Users\simon\AppData\Local\{E1648200-53EE-40C9-8DBE-7818EEBF6BF8}
2012-07-07 22:28:45 -------- d-----w- C:\Users\simon\AppData\Local\{0F457AD2-43E7-4062-BCC9-30B6967787FD}
2012-07-07 10:28:21 -------- d-----w- C:\Users\simon\AppData\Local\{85FA8F33-F9FD-4366-8C3D-D13BB7E7D770}
2012-07-07 10:27:59 -------- d-----w- C:\Users\simon\AppData\Local\{3AB09EF3-FE72-405F-BCE7-7769F64A3023}
2012-07-06 22:27:35 -------- d-----w- C:\Users\simon\AppData\Local\{62D81701-DC63-4FE9-8A64-A9A96EC4DC4B}
2012-07-06 22:27:22 -------- d-----w- C:\Users\simon\AppData\Local\{751C1924-7861-4F62-AD18-4DFC98ED328F}
2012-07-06 12:15:44 -------- d-----w- C:\Program Files (x86)\OpenPlsInWMP
2012-07-06 09:13:39 -------- d-----w- C:\Users\simon\AppData\Local\{BA2CA548-E7CB-4349-9C34-FF21D7B11890}
2012-07-06 09:13:16 -------- d-----w- C:\Users\simon\AppData\Local\{F84DE60B-C5B1-491F-908E-70368FC19749}
2012-07-05 21:12:52 -------- d-----w- C:\Users\simon\AppData\Local\{83C6CC78-2B1A-4658-9F46-B05B07277888}
2012-07-05 21:12:41 -------- d-----w- C:\Users\simon\AppData\Local\{16D5A413-5CF7-46B8-82AB-D10C0F04B2B8}
2012-07-05 08:29:57 -------- d-----w- C:\Users\simon\AppData\Local\{36AD3760-4FD8-40BD-AEBB-0C6E58D17A4A}
2012-07-05 08:29:45 -------- d-----w- C:\Users\simon\AppData\Local\{AF81DD8E-CFFF-44BC-B503-5945CC809FC3}
2012-07-04 08:05:11 -------- d-----w- C:\Users\simon\AppData\Local\{CD1916A7-53BF-491A-9C75-A65B4488E0E4}
2012-07-04 08:04:57 -------- d-----w- C:\Users\simon\AppData\Local\{41155859-16B0-4E5E-A545-318B1A4C15BA}
2012-07-03 10:22:18 -------- d-----w- C:\Users\simon\AppData\Local\{7FD3F421-D3FD-4235-8E1C-0879B762BF8D}
2012-07-03 10:22:07 -------- d-----w- C:\Users\simon\AppData\Local\{3719A1F3-5536-40DA-A390-2DB215E6BC46}
2012-07-02 00:46:52 -------- d-----w- C:\Users\simon\AppData\Local\{E050E640-0B6B-403E-A7CD-13F00EA5B5CA}
2012-07-02 00:46:40 -------- d-----w- C:\Users\simon\AppData\Local\{906FDC06-26CC-44F0-BA3F-B9FC4CB1E85D}
2012-07-01 00:36:57 -------- d-----w- C:\Users\simon\AppData\Local\{860A5613-7CCB-418D-8871-BC6353D8261D}
2012-07-01 00:36:46 -------- d-----w- C:\Users\simon\AppData\Local\{96854686-A0F6-4AF1-A1DC-D338FFF9677C}
2012-06-30 10:31:53 -------- d-----w- C:\Users\simon\AppData\Local\{3CEA47DC-E89C-4818-A6BE-30EEB405EA12}
2012-06-30 10:31:31 -------- d-----w- C:\Users\simon\AppData\Local\{D69C119A-A7E7-4C31-BA35-06F3B82939C1}
2012-06-29 22:31:19 -------- d-----w- C:\Users\simon\AppData\Local\{4689ADD8-30ED-46EF-94F0-7741F25C7729}
2012-06-29 22:31:07 -------- d-----w- C:\Users\simon\AppData\Local\{8901384B-4EB4-43A6-8622-1A008E654A7A}
2012-06-29 07:14:17 -------- d-----w- C:\Users\simon\AppData\Local\{7BE2F3E1-6D2B-4B68-B8F9-A04BB2690ACD}
2012-06-29 07:14:05 -------- d-----w- C:\Users\simon\AppData\Local\{0F678C9E-DB1F-4A2C-B155-509FEDF02CFD}
2012-06-28 07:43:50 -------- d-----w- C:\Users\simon\AppData\Local\{FF370A75-C8D1-4EF3-9195-E3260F21DD91}
2012-06-28 07:43:39 -------- d-----w- C:\Users\simon\AppData\Local\{728C5900-0A07-4BCD-8281-9199C412051A}
2012-06-27 08:18:23 -------- d-----w- C:\Users\simon\AppData\Local\{E82A30F1-4DCB-441F-987D-19F847DE61E9}
2012-06-27 08:18:12 -------- d-----w- C:\Users\simon\AppData\Local\{92397F7E-8755-4241-8964-4667D2BABE97}
2012-06-26 00:52:50 -------- d-----w- C:\Users\simon\AppData\Local\{7B1593CA-A80F-4B68-954A-5883D375A893}
2012-06-26 00:52:33 -------- d-----w- C:\Users\simon\AppData\Local\{05B1F95E-EB20-468D-8AD7-AB365576A2F7}
2012-06-25 04:23:54 -------- d-----w- C:\Users\simon\AppData\Local\{BA5186D2-B636-4F4D-8EE8-138EEA027E3C}
2012-06-25 04:23:43 -------- d-----w- C:\Users\simon\AppData\Local\{0BD4A01B-EA8D-43CE-9F71-0BD2E187D6FF}
2012-06-24 10:45:35 -------- d-----w- C:\Users\simon\AppData\Local\{75C0DE48-1B14-4721-8296-BD95F4AD20C9}
2012-06-24 10:45:13 -------- d-----w- C:\Users\simon\AppData\Local\{59AA4FA6-16BA-4647-9ABE-393ED6DE2C22}
2012-06-24 01:33:18 -------- d-----w- C:\Program Files (x86)\Audacity
2012-06-23 22:45:00 -------- d-----w- C:\Users\simon\AppData\Local\{2209F52B-4EFF-4931-95AC-0C24B10E9DFB}
2012-06-23 22:44:48 -------- d-----w- C:\Users\simon\AppData\Local\{D3A792C5-E8A2-41A8-BCE1-1FD570F0856F}
2012-06-23 08:18:57 -------- d-----w- C:\Users\simon\AppData\Local\{F2BF9C37-0837-4B12-A7BA-FFDE590B278F}
2012-06-23 08:18:35 -------- d-----w- C:\Users\simon\AppData\Local\{30688D25-F0EB-460C-9B85-15E54A4BF013}
2012-06-22 20:18:10 -------- d-----w- C:\Users\simon\AppData\Local\{4A03DC09-2ED0-41D9-A992-FCA882CBB76B}
2012-06-22 20:17:58 -------- d-----w- C:\Users\simon\AppData\Local\{53501ED0-F325-483E-974D-75ADA55A0E96}
2012-06-22 08:05:48 -------- d-----w- C:\Users\simon\AppData\Local\{A1FB04D5-E775-48A0-B955-745181BD4981}
2012-06-22 08:05:26 -------- d-----w- C:\Users\simon\AppData\Local\{706D6A87-3C14-4BB7-BAA6-2D3FE03FBF8F}
2012-06-21 20:05:02 -------- d-----w- C:\Users\simon\AppData\Local\{EFFC9A14-75A0-496E-907F-61D284854B30}
2012-06-21 20:04:51 -------- d-----w- C:\Users\simon\AppData\Local\{F86E23FC-8493-4F23-890C-FD5F6C0F388E}
2012-06-21 08:04:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 08:04:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 08:04:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 08:04:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 08:01:24 -------- d-----w- C:\Users\simon\AppData\Local\{5092F2C1-13CB-4CF1-A27A-F9A0ED523B1E}
2012-06-21 08:01:13 -------- d-----w- C:\Users\simon\AppData\Local\{D94B8B38-BB9C-475B-8755-A769205DC070}
2012-06-20 08:52:36 -------- d-----w- C:\Users\simon\AppData\Local\{CC7337F5-18C6-462D-A9B1-E0AFA86F6E4B}
2012-06-20 08:52:11 -------- d-----w- C:\Users\simon\AppData\Local\{DF131837-3BA4-45C5-9371-3093220A678C}
2012-06-19 20:39:01 -------- d-----w- C:\Users\simon\AppData\Local\{C8B2C437-6E61-4D05-A4D2-40932DBB0EF8}
2012-06-19 20:38:49 -------- d-----w- C:\Users\simon\AppData\Local\{EC4646C7-A373-4981-9B86-797FA251669D}
2012-06-19 08:08:04 -------- d-----w- C:\Users\simon\AppData\Local\{BDF05319-B4FE-46D8-B1F2-C17C50D05753}
2012-06-19 08:07:52 -------- d-----w- C:\Users\simon\AppData\Local\{5D8DEF7D-5FE4-4961-AA96-2C69FE2D593A}
2012-06-18 08:41:10 -------- d-----w- C:\Users\simon\AppData\Local\{1A18784F-AB60-43C6-85D2-1B16829FB863}
2012-06-17 09:48:33 -------- d-----w- C:\Users\simon\AppData\Local\{55E28ACA-AAFE-41DF-A124-327DDB7D2D3A}
2012-06-17 07:17:48 -------- d-----w- C:\Windows\System32\SPReview
2012-06-17 07:17:33 -------- d-----w- C:\Windows\System32\EventProviders
2012-06-16 21:27:49 -------- d-----w- C:\Users\simon\AppData\Local\{6E2BE168-06AA-44D6-A7B4-A2E309DBEE07}
2012-06-16 07:44:43 -------- d-----w- C:\Users\simon\AppData\Local\{097F0105-9A60-496F-A77E-6B18BC592F1A}
2012-06-15 19:44:31 -------- d-----w- C:\Users\simon\AppData\Local\{AA3286EF-AE1E-4C27-92EC-0299D78DDC90}
2012-06-15 06:30:32 -------- d-----w- C:\Users\simon\AppData\Local\{90573B75-F9FA-49A8-984C-BCBC734CBF08}
2012-06-14 08:48:34 -------- d-----w- C:\Users\simon\AppData\Local\{C4EFF74F-F69A-4AA6-8E3E-A34E5453F862}
2012-06-14 08:48:23 -------- d-----w- C:\Users\simon\AppData\Local\{CEF3033C-AAFC-4B4B-9213-4CFDAA3C9E04}
2012-06-13 20:34:58 -------- d-----w- C:\Users\simon\AppData\Local\{22C8D45B-C2C4-4DDC-8EB4-0F8E090EAC42}
2012-06-13 20:34:41 -------- d-----w- C:\Users\simon\AppData\Local\{06D69FB0-681E-4FA6-B4BB-8B02FE4A38C5}
2012-06-13 09:18:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 04:58:39 -------- d-----w- C:\Users\simon\AppData\Local\{633706B8-E3E9-4B1D-834A-F79781D431C1}
2012-06-13 04:58:28 -------- d-----w- C:\Users\simon\AppData\Local\{ECD4BA35-9ADC-41F3-9915-95A3800BD96C}
2012-06-12 08:37:03 -------- d-----w- C:\Users\simon\AppData\Local\{039BBF54-AEDE-42A9-A914-08EEAB725071}
2012-06-11 19:12:22 -------- d-----w- C:\Users\simon\AppData\Local\{B23A0C7B-5D36-494F-8293-9369F41E5E93}
2012-06-11 19:12:10 -------- d-----w- C:\Users\simon\AppData\Local\{A3CE1A16-3BFF-4CED-9C0C-F03DDA4E9D17}
2012-06-11 06:56:50 -------- d-----w- C:\Users\simon\AppData\Local\{9C42FD3B-5E53-4B66-B83D-D7C10F055C9D}
2012-06-11 06:56:28 -------- d-----w- C:\Users\simon\AppData\Local\{72D1B774-485C-4160-8F90-E44053552748}
2012-06-10 18:56:16 -------- d-----w- C:\Users\simon\AppData\Local\{CC3D2325-9B6D-4367-AE4F-F752E08F6063}
2012-06-10 18:56:05 -------- d-----w- C:\Users\simon\AppData\Local\{84D37053-FD74-46FA-8270-2F606C782235}
2012-06-09 21:53:48 -------- d-----w- C:\Users\simon\AppData\Local\{F3C97D0F-8C92-475A-BF45-35008E57CCBE}
2012-06-09 21:53:26 -------- d-----w- C:\Users\simon\AppData\Local\{23E0C47B-80EA-4474-BDF5-751992063A6D}
2012-06-09 09:53:14 -------- d-----w- C:\Users\simon\AppData\Local\{9D2FFB56-E7FC-4FE5-93C1-6F4F78B982A7}
2012-06-09 09:52:52 -------- d-----w- C:\Users\simon\AppData\Local\{5B2D1349-EEE0-4E73-88C8-3F37F201C2AF}
2012-06-08 21:52:40 -------- d-----w- C:\Users\simon\AppData\Local\{1820140A-7E72-4049-AE7C-345E871E392D}
2012-06-08 21:52:15 -------- d-----w- C:\Users\simon\AppData\Local\{5229440F-A98F-4849-AE46-06C472170071}
.
==================== Find3M ====================
.
2012-06-17 07:20:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-17 07:20:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-10 18:56:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 18:56:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 12:08:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 19:21:21.84 ===============


Thanks for any help!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 08 July 2012 - 11:57 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 09 July 2012 - 05:22 AM

Thanks Gringo. My computer seems ok right now, but obviously I still dont have any antivirus installed.

Output from Security Check:

--------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

--------------------------------------------------------------------------------

Output from combofix:

--------------------------------------------------------------------------------

ComboFix 12-07-08.01 - simon 09/07/2012 18:11:23.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8105.6773 [GMT 10:00]
Running from: e:\users\simon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\simon\AppData\Local\assembly\tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\L\00000004.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\L\1afb2d56
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\L\201d3dde
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\n
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\00000004.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\00000008.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\000000cb.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\80000000.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\80000032.@
c:\windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\80000064.@
c:\windows\SysWow64\tmp3863.tmp
c:\windows\SysWow64\tmp3874.tmp
c:\windows\SysWow64\winservice.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCM_Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-08 05:54 . 2012-07-08 05:54 328704 ----a-w- c:\windows\system32\services.exe.55A069161FB5E157
2012-07-08 05:51 . 2012-07-08 05:51 328704 ----a-w- c:\windows\system32\services.exe.97C54231A062546E
2012-07-08 05:48 . 2012-07-08 05:48 328704 ----a-w- c:\windows\system32\services.exe.28B5CCB47C873C34
2012-07-08 05:43 . 2012-07-08 05:43 328704 ----a-w- c:\windows\system32\services.exe.9157C7CE508C8606
2012-07-08 05:39 . 2012-07-08 05:39 328704 ----a-w- c:\windows\system32\services.exe.C494ABB02B4A2960
2012-07-08 04:50 . 2012-07-08 04:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 04:39 . 2012-07-08 04:46 -------- d-----w- c:\users\simon\AppData\Roaming\xsecva
2012-07-08 04:26 . 2012-07-08 04:26 -------- d-----w- c:\users\simon\AppData\Local\APN
2012-07-08 04:26 . 2012-07-08 04:28 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-07-08 00:27 . 2012-07-08 00:28 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-07-08 00:27 . 2010-10-23 14:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-07-07 23:46 . 2012-07-07 23:46 -------- d-----w- c:\program files (x86)\FreeStopwatch
2012-07-06 12:15 . 2012-07-06 12:15 -------- d-----w- c:\program files (x86)\OpenPlsInWMP
2012-06-24 01:33 . 2012-06-24 01:33 -------- d-----w- c:\program files (x86)\Audacity
2012-06-21 08:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:04 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:04 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 07:17 . 2012-06-17 07:17 -------- d-----w- c:\windows\system32\SPReview
2012-06-17 07:17 . 2012-06-17 07:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-13 09:18 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 07:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-17 07:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-10 18:56 . 2012-03-29 20:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 18:56 . 2011-08-13 23:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:08 . 2012-04-14 09:08 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-23 08:57 . 2012-04-23 08:57 403296 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.AdminPack.Client_1.0.0.0_31bf3856ad364e35\Microsoft.Web.Management.AdminPack.Client.dll
2012-04-23 08:57 . 2012-04-23 08:57 117504 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\en\Microsoft.Web.Management.Rewrite.Client.resources.dll
2012-04-23 08:57 . 2012-04-23 08:57 547584 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XSECVA"="c:\users\simon\AppData\Roaming\xsecva\xsecva.exe" [2012-07-08 185856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-08-13 4942336]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-23 245544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2011-8-14 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-10 31808]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2008-04-04 178560]
R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\DRIVERS\SaiIFFB5.sys [2008-04-04 20864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-16 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 428384]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 25312]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-08-13 15936]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-11 243200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:56]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-482699728-3184499980-1273444691-1000Core.job
- c:\users\simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 12:16]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-482699728-3184499980-1273444691-1000UA.job
- c:\users\simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 12:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"combofix"="c:\combofix\CF21768.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 61.9.211.1 61.9.211.33
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-UnityWebPlayer - c:\users\simon\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 18:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 08:16
.
Pre-Run: 41,992,544,256 bytes free
Post-Run: 45,712,769,024 bytes free
.
- - End Of File - - FA99C023DCD8F38ED0FC384FDA40CA70


--------------------------------------------------------------------------------

Edited by xbattlestation, 09 July 2012 - 05:27 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 09 July 2012 - 07:08 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 July 2012 - 03:14 AM

Ok, TDS Killer log:

-----------------------------------------------------

17:57:37.0607 5596 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:57:38.0517 5596 ============================================================
17:57:38.0517 5596 Current date / time: 2012/07/10 17:57:38.0517
17:57:38.0517 5596 SystemInfo:
17:57:38.0517 5596
17:57:38.0517 5596 OS Version: 6.1.7601 ServicePack: 1.0
17:57:38.0517 5596 Product type: Workstation
17:57:38.0517 5596 ComputerName: TURRICAN2
17:57:38.0517 5596 UserName: simon
17:57:38.0517 5596 Windows directory: C:\Windows
17:57:38.0517 5596 System windows directory: C:\Windows
17:57:38.0517 5596 Running under WOW64
17:57:38.0517 5596 Processor architecture: Intel x64
17:57:38.0517 5596 Number of processors: 4
17:57:38.0517 5596 Page size: 0x1000
17:57:38.0517 5596 Boot type: Normal boot
17:57:38.0517 5596 ============================================================
17:57:39.0067 5596 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:39.0547 5596 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:39.0547 5596 ============================================================
17:57:39.0547 5596 \Device\Harddisk0\DR0:
17:57:39.0547 5596 MBR partitions:
17:57:39.0547 5596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:57:39.0547 5596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
17:57:39.0547 5596 \Device\Harddisk1\DR1:
17:57:39.0547 5596 MBR partitions:
17:57:39.0547 5596 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x17BFF000
17:57:39.0547 5596 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x17BFF800, BlocksNum 0x22785800
17:57:39.0547 5596 ============================================================
17:57:39.0547 5596 C: <-> \Device\Harddisk0\DR0\Partition1
17:57:39.0577 5596 E: <-> \Device\Harddisk1\DR1\Partition1
17:57:39.0577 5596 ============================================================
17:57:39.0577 5596 Initialize success
17:57:39.0577 5596 ============================================================
17:57:50.0717 5552 ============================================================
17:57:50.0717 5552 Scan started
17:57:50.0717 5552 Mode: Manual;
17:57:50.0717 5552 ============================================================
17:57:50.0927 5552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:57:50.0947 5552 1394ohci - ok
17:57:50.0957 5552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:57:50.0957 5552 ACPI - ok
17:57:50.0957 5552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:57:50.0967 5552 AcpiPmi - ok
17:57:50.0987 5552 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:57:50.0997 5552 AdobeFlashPlayerUpdateSvc - ok
17:57:51.0007 5552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:57:51.0027 5552 adp94xx - ok
17:57:51.0037 5552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:57:51.0047 5552 adpahci - ok
17:57:51.0057 5552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:57:51.0067 5552 adpu320 - ok
17:57:51.0077 5552 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:57:51.0077 5552 AeLookupSvc - ok
17:57:51.0087 5552 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:57:51.0097 5552 AFD - ok
17:57:51.0097 5552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:57:51.0107 5552 agp440 - ok
17:57:51.0117 5552 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:57:51.0117 5552 ALG - ok
17:57:51.0117 5552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:57:51.0127 5552 aliide - ok
17:57:51.0127 5552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:57:51.0137 5552 amdide - ok
17:57:51.0137 5552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:57:51.0147 5552 AmdK8 - ok
17:57:51.0147 5552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:57:51.0157 5552 AmdPPM - ok
17:57:51.0167 5552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:57:51.0177 5552 amdsata - ok
17:57:51.0177 5552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:57:51.0197 5552 amdsbs - ok
17:57:51.0197 5552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:57:51.0197 5552 amdxata - ok
17:57:51.0207 5552 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
17:57:51.0217 5552 AppHostSvc - ok
17:57:51.0217 5552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:57:51.0227 5552 AppID - ok
17:57:51.0247 5552 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:57:51.0257 5552 AppIDSvc - ok
17:57:51.0267 5552 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:57:51.0267 5552 Appinfo - ok
17:57:51.0277 5552 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:57:51.0287 5552 AppMgmt - ok
17:57:51.0287 5552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:57:51.0297 5552 arc - ok
17:57:51.0297 5552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:57:51.0307 5552 arcsas - ok
17:57:51.0327 5552 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:57:51.0327 5552 aspnet_state - ok
17:57:51.0327 5552 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
17:57:51.0347 5552 AsrAppCharger - ok
17:57:51.0347 5552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:51.0347 5552 AsyncMac - ok
17:57:51.0357 5552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:57:51.0357 5552 atapi - ok
17:57:51.0367 5552 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:57:51.0377 5552 AudioEndpointBuilder - ok
17:57:51.0387 5552 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:57:51.0387 5552 AudioSrv - ok
17:57:51.0387 5552 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:57:51.0397 5552 AxInstSV - ok
17:57:51.0407 5552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:57:51.0417 5552 b06bdrv - ok
17:57:51.0427 5552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:57:51.0437 5552 b57nd60a - ok
17:57:51.0437 5552 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:57:51.0437 5552 BDESVC - ok
17:57:51.0447 5552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:57:51.0447 5552 Beep - ok
17:57:51.0467 5552 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:57:51.0477 5552 BFE - ok
17:57:51.0497 5552 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:57:51.0507 5552 BITS - ok
17:57:51.0517 5552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:57:51.0517 5552 blbdrive - ok
17:57:51.0527 5552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:57:51.0537 5552 bowser - ok
17:57:51.0537 5552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:57:51.0547 5552 BrFiltLo - ok
17:57:51.0547 5552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:57:51.0557 5552 BrFiltUp - ok
17:57:51.0557 5552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:57:51.0567 5552 BridgeMP - ok
17:57:51.0577 5552 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:57:51.0577 5552 Browser - ok
17:57:51.0587 5552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:57:51.0597 5552 Brserid - ok
17:57:51.0597 5552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:57:51.0607 5552 BrSerWdm - ok
17:57:51.0607 5552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:57:51.0617 5552 BrUsbMdm - ok
17:57:51.0617 5552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:57:51.0617 5552 BrUsbSer - ok
17:57:51.0627 5552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:57:51.0637 5552 BTHMODEM - ok
17:57:51.0647 5552 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:57:51.0647 5552 bthserv - ok
17:57:51.0647 5552 catchme - ok
17:57:51.0647 5552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:57:51.0657 5552 cdfs - ok
17:57:51.0667 5552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:57:51.0677 5552 cdrom - ok
17:57:51.0677 5552 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:57:51.0687 5552 CertPropSvc - ok
17:57:51.0687 5552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:57:51.0697 5552 circlass - ok
17:57:51.0707 5552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:57:51.0707 5552 CLFS - ok
17:57:51.0717 5552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:51.0737 5552 clr_optimization_v2.0.50727_32 - ok
17:57:51.0737 5552 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:57:51.0747 5552 clr_optimization_v2.0.50727_64 - ok
17:57:51.0757 5552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:57:51.0757 5552 clr_optimization_v4.0.30319_32 - ok
17:57:51.0767 5552 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:57:51.0767 5552 clr_optimization_v4.0.30319_64 - ok
17:57:51.0767 5552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:57:51.0777 5552 CmBatt - ok
17:57:51.0777 5552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:57:51.0787 5552 cmdide - ok
17:57:51.0797 5552 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:57:51.0807 5552 CNG - ok
17:57:51.0807 5552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:57:51.0817 5552 Compbatt - ok
17:57:51.0817 5552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:57:51.0827 5552 CompositeBus - ok
17:57:51.0827 5552 COMSysApp - ok
17:57:51.0827 5552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:57:51.0837 5552 crcdisk - ok
17:57:51.0847 5552 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:57:51.0847 5552 CryptSvc - ok
17:57:51.0867 5552 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:57:51.0877 5552 CSC - ok
17:57:51.0897 5552 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:57:51.0907 5552 CscService - ok
17:57:51.0907 5552 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
17:57:51.0917 5552 dc3d - ok
17:57:51.0937 5552 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:57:51.0947 5552 DcomLaunch - ok
17:57:51.0957 5552 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:57:51.0957 5552 defragsvc - ok
17:57:51.0957 5552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:57:51.0967 5552 DfsC - ok
17:57:51.0977 5552 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:57:51.0987 5552 Dhcp - ok
17:57:51.0987 5552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:57:51.0987 5552 discache - ok
17:57:51.0997 5552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:57:51.0997 5552 Disk - ok
17:57:51.0997 5552 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:57:51.0997 5552 Dnscache - ok
17:57:52.0007 5552 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:57:52.0017 5552 dot3svc - ok
17:57:52.0017 5552 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:57:52.0017 5552 DPS - ok
17:57:52.0027 5552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:57:52.0027 5552 drmkaud - ok
17:57:52.0057 5552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:57:52.0067 5552 DXGKrnl - ok
17:57:52.0067 5552 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:57:52.0067 5552 EapHost - ok
17:57:52.0157 5552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:57:52.0197 5552 ebdrv - ok
17:57:52.0217 5552 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:57:52.0217 5552 EFS - ok
17:57:52.0237 5552 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:57:52.0267 5552 ehRecvr - ok
17:57:52.0277 5552 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:57:52.0297 5552 ehSched - ok
17:57:52.0297 5552 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:57:52.0307 5552 ElbyCDIO - ok
17:57:52.0317 5552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:57:52.0337 5552 elxstor - ok
17:57:52.0337 5552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:57:52.0337 5552 ErrDev - ok
17:57:52.0347 5552 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
17:57:52.0347 5552 EtronHub3 - ok
17:57:52.0357 5552 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
17:57:52.0357 5552 EtronXHCI - ok
17:57:52.0377 5552 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:57:52.0377 5552 EventSystem - ok
17:57:52.0387 5552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:57:52.0397 5552 exfat - ok
17:57:52.0397 5552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:57:52.0407 5552 fastfat - ok
17:57:52.0427 5552 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:57:52.0437 5552 Fax - ok
17:57:52.0437 5552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:57:52.0447 5552 fdc - ok
17:57:52.0447 5552 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:57:52.0447 5552 fdPHost - ok
17:57:52.0447 5552 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:57:52.0447 5552 FDResPub - ok
17:57:52.0457 5552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:57:52.0457 5552 FileInfo - ok
17:57:52.0457 5552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:57:52.0467 5552 Filetrace - ok
17:57:52.0467 5552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:52.0477 5552 flpydisk - ok
17:57:52.0487 5552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:57:52.0487 5552 FltMgr - ok
17:57:52.0487 5552 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
17:57:52.0497 5552 FNETTBOH_305 - ok
17:57:52.0497 5552 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
17:57:52.0507 5552 FNETURPX - ok
17:57:52.0527 5552 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:57:52.0537 5552 FontCache - ok
17:57:52.0547 5552 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:57:52.0557 5552 FontCache3.0.0.0 - ok
17:57:52.0557 5552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:57:52.0567 5552 FsDepends - ok
17:57:52.0567 5552 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:57:52.0567 5552 Fs_Rec - ok
17:57:52.0577 5552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:57:52.0577 5552 fvevol - ok
17:57:52.0577 5552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:57:52.0587 5552 gagp30kx - ok
17:57:52.0607 5552 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:57:52.0617 5552 gpsvc - ok
17:57:52.0617 5552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:57:52.0627 5552 hcw85cir - ok
17:57:52.0637 5552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:57:52.0647 5552 HdAudAddService - ok
17:57:52.0657 5552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:57:52.0657 5552 HDAudBus - ok
17:57:52.0657 5552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:57:52.0667 5552 HidBatt - ok
17:57:52.0667 5552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:57:52.0677 5552 HidBth - ok
17:57:52.0677 5552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:57:52.0687 5552 HidIr - ok
17:57:52.0687 5552 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:57:52.0687 5552 hidserv - ok
17:57:52.0697 5552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:57:52.0697 5552 HidUsb - ok
17:57:52.0707 5552 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:57:52.0707 5552 hkmsvc - ok
17:57:52.0717 5552 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:57:52.0717 5552 HomeGroupListener - ok
17:57:52.0727 5552 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:57:52.0727 5552 HomeGroupProvider - ok
17:57:52.0727 5552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:57:52.0737 5552 HpSAMD - ok
17:57:52.0757 5552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:57:52.0767 5552 HTTP - ok
17:57:52.0767 5552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:57:52.0767 5552 hwpolicy - ok
17:57:52.0777 5552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:57:52.0787 5552 i8042prt - ok
17:57:52.0797 5552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:57:52.0817 5552 iaStorV - ok
17:57:52.0827 5552 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:57:52.0837 5552 IDriverT - ok
17:57:52.0867 5552 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:57:52.0887 5552 idsvc - ok
17:57:53.0197 5552 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:57:53.0317 5552 igfx - ok
17:57:53.0337 5552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:57:53.0347 5552 iirsp - ok
17:57:53.0367 5552 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:57:53.0367 5552 IKEEXT - ok
17:57:53.0437 5552 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
17:57:53.0467 5552 IntcAzAudAddService - ok
17:57:53.0497 5552 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:57:53.0517 5552 IntcDAud - ok
17:57:53.0527 5552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:57:53.0537 5552 intelide - ok
17:57:53.0537 5552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:57:53.0537 5552 intelppm - ok
17:57:53.0537 5552 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:57:53.0547 5552 IPBusEnum - ok
17:57:53.0547 5552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:53.0557 5552 IpFilterDriver - ok
17:57:53.0577 5552 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:57:53.0577 5552 iphlpsvc - ok
17:57:53.0577 5552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:57:53.0587 5552 IPMIDRV - ok
17:57:53.0597 5552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:57:53.0607 5552 IPNAT - ok
17:57:53.0607 5552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:57:53.0617 5552 IRENUM - ok
17:57:53.0617 5552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:57:53.0617 5552 isapnp - ok
17:57:53.0627 5552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:57:53.0637 5552 iScsiPrt - ok
17:57:53.0647 5552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:57:53.0657 5552 kbdclass - ok
17:57:53.0657 5552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:57:53.0667 5552 kbdhid - ok
17:57:53.0667 5552 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:53.0667 5552 KeyIso - ok
17:57:53.0677 5552 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:57:53.0677 5552 KSecDD - ok
17:57:53.0677 5552 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:57:53.0677 5552 KSecPkg - ok
17:57:53.0677 5552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:57:53.0687 5552 ksthunk - ok
17:57:53.0697 5552 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:57:53.0697 5552 KtmRm - ok
17:57:53.0707 5552 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:57:53.0727 5552 LanmanServer - ok
17:57:53.0727 5552 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:57:53.0737 5552 LanmanWorkstation - ok
17:57:53.0747 5552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:57:53.0757 5552 lltdio - ok
17:57:53.0767 5552 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:57:53.0767 5552 lltdsvc - ok
17:57:53.0767 5552 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:57:53.0767 5552 lmhosts - ok
17:57:53.0777 5552 LMS (9ad4bee2fe76d4ca39ac969b617e94fb) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:57:53.0777 5552 LMS - ok
17:57:53.0787 5552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:57:53.0797 5552 LSI_FC - ok
17:57:53.0797 5552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:57:53.0807 5552 LSI_SAS - ok
17:57:53.0807 5552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:57:53.0817 5552 LSI_SAS2 - ok
17:57:53.0827 5552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:57:53.0827 5552 LSI_SCSI - ok
17:57:53.0837 5552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:57:53.0847 5552 luafv - ok
17:57:53.0847 5552 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:57:53.0847 5552 Mcx2Svc - ok
17:57:53.0847 5552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:57:53.0857 5552 megasas - ok
17:57:53.0867 5552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:57:53.0877 5552 MegaSR - ok
17:57:53.0887 5552 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:57:53.0887 5552 MEIx64 - ok
17:57:53.0897 5552 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:57:53.0897 5552 MMCSS - ok
17:57:53.0897 5552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:57:53.0907 5552 Modem - ok
17:57:53.0907 5552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:57:53.0907 5552 monitor - ok
17:57:53.0907 5552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:57:53.0917 5552 mouclass - ok
17:57:53.0917 5552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:57:53.0927 5552 mouhid - ok
17:57:53.0937 5552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:57:53.0937 5552 mountmgr - ok
17:57:53.0937 5552 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:57:53.0937 5552 MpFilter - ok
17:57:53.0947 5552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:57:53.0957 5552 mpio - ok
17:57:53.0957 5552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:57:53.0967 5552 mpsdrv - ok
17:57:53.0987 5552 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:57:53.0987 5552 MpsSvc - ok
17:57:53.0997 5552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:57:54.0007 5552 MRxDAV - ok
17:57:54.0007 5552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:54.0017 5552 mrxsmb - ok
17:57:54.0027 5552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:54.0047 5552 mrxsmb10 - ok
17:57:54.0047 5552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:54.0057 5552 mrxsmb20 - ok
17:57:54.0057 5552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:57:54.0067 5552 msahci - ok
17:57:54.0077 5552 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:57:54.0077 5552 MSCamSvc - ok
17:57:54.0077 5552 MsDepSvc (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
17:57:54.0077 5552 MsDepSvc - ok
17:57:54.0087 5552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:57:54.0097 5552 msdsm - ok
17:57:54.0097 5552 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:57:54.0097 5552 MSDTC - ok
17:57:54.0107 5552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:57:54.0107 5552 Msfs - ok
17:57:54.0117 5552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:57:54.0117 5552 mshidkmdf - ok
17:57:54.0117 5552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:57:54.0117 5552 msisadrv - ok
17:57:54.0127 5552 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:57:54.0127 5552 MSiSCSI - ok
17:57:54.0127 5552 msiserver - ok
17:57:54.0127 5552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:57:54.0137 5552 MSKSSRV - ok
17:57:54.0137 5552 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:57:54.0137 5552 MsMpSvc - ok
17:57:54.0147 5552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:54.0147 5552 MSPCLOCK - ok
17:57:54.0147 5552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:57:54.0157 5552 MSPQM - ok
17:57:54.0167 5552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:57:54.0167 5552 MsRPC - ok
17:57:54.0167 5552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:57:54.0167 5552 mssmbios - ok
17:57:54.0177 5552 MSSQL$SQLEXPRESS - ok
17:57:54.0177 5552 MSSQLSERVER - ok
17:57:54.0187 5552 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:57:54.0187 5552 MSSQLServerADHelper100 - ok
17:57:54.0197 5552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:57:54.0197 5552 MSTEE - ok
17:57:54.0197 5552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:57:54.0207 5552 MTConfig - ok
17:57:54.0207 5552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:57:54.0207 5552 Mup - ok
17:57:54.0217 5552 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:57:54.0227 5552 napagent - ok
17:57:54.0237 5552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:57:54.0247 5552 NativeWifiP - ok
17:57:54.0277 5552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:57:54.0277 5552 NDIS - ok
17:57:54.0277 5552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:57:54.0287 5552 NdisCap - ok
17:57:54.0287 5552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:54.0297 5552 NdisTapi - ok
17:57:54.0297 5552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:54.0307 5552 Ndisuio - ok
17:57:54.0317 5552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:54.0327 5552 NdisWan - ok
17:57:54.0327 5552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:57:54.0337 5552 NDProxy - ok
17:57:54.0337 5552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:57:54.0347 5552 NetBIOS - ok
17:57:54.0357 5552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:57:54.0357 5552 NetBT - ok
17:57:54.0357 5552 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:54.0357 5552 Netlogon - ok
17:57:54.0367 5552 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:57:54.0367 5552 Netman - ok
17:57:54.0377 5552 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:57:54.0377 5552 NetMsmqActivator - ok
17:57:54.0387 5552 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:57:54.0387 5552 NetPipeActivator - ok
17:57:54.0397 5552 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:57:54.0397 5552 netprofm - ok
17:57:54.0407 5552 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:57:54.0407 5552 NetTcpActivator - ok
17:57:54.0407 5552 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:57:54.0407 5552 NetTcpPortSharing - ok
17:57:54.0417 5552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:57:54.0417 5552 nfrd960 - ok
17:57:54.0427 5552 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:57:54.0437 5552 NisDrv - ok
17:57:54.0447 5552 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:57:54.0447 5552 NisSrv - ok
17:57:54.0457 5552 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:57:54.0457 5552 NlaSvc - ok
17:57:54.0457 5552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:57:54.0467 5552 Npfs - ok
17:57:54.0467 5552 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:57:54.0477 5552 nsi - ok
17:57:54.0487 5552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:57:54.0487 5552 nsiproxy - ok
17:57:54.0527 5552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:57:54.0537 5552 Ntfs - ok
17:57:54.0547 5552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:57:54.0557 5552 Null - ok
17:57:54.0837 5552 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:57:54.0887 5552 nvlddmkm - ok
17:57:54.0907 5552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:57:54.0917 5552 nvraid - ok
17:57:54.0927 5552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:57:54.0937 5552 nvstor - ok
17:57:54.0947 5552 nvsvc (57d0d222a9f22113fe3b55488dbfd761) C:\Windows\system32\nvvsvc.exe
17:57:54.0947 5552 nvsvc - ok
17:57:54.0957 5552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:57:54.0967 5552 nv_agp - ok
17:57:54.0977 5552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:57:54.0977 5552 ohci1394 - ok
17:57:54.0997 5552 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:57:54.0997 5552 p2pimsvc - ok
17:57:55.0007 5552 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:57:55.0017 5552 p2psvc - ok
17:57:55.0017 5552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:57:55.0027 5552 Parport - ok
17:57:55.0037 5552 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:57:55.0037 5552 partmgr - ok
17:57:55.0037 5552 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:57:55.0037 5552 PcaSvc - ok
17:57:55.0047 5552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:57:55.0047 5552 pci - ok
17:57:55.0047 5552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:57:55.0047 5552 pciide - ok
17:57:55.0057 5552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:57:55.0067 5552 pcmcia - ok
17:57:55.0077 5552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:57:55.0077 5552 pcw - ok
17:57:55.0097 5552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:57:55.0097 5552 PEAUTH - ok
17:57:55.0137 5552 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:57:55.0167 5552 PeerDistSvc - ok
17:57:55.0187 5552 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:57:55.0197 5552 PerfHost - ok
17:57:55.0257 5552 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:57:55.0287 5552 pla - ok
17:57:55.0307 5552 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:57:55.0327 5552 PlugPlay - ok
17:57:55.0337 5552 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:57:55.0357 5552 PNRPAutoReg - ok
17:57:55.0367 5552 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:57:55.0367 5552 PNRPsvc - ok
17:57:55.0377 5552 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:57:55.0387 5552 Point64 - ok
17:57:55.0397 5552 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:57:55.0397 5552 PolicyAgent - ok
17:57:55.0407 5552 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:57:55.0407 5552 Power - ok
17:57:55.0417 5552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:57:55.0417 5552 PptpMiniport - ok
17:57:55.0427 5552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:57:55.0427 5552 Processor - ok
17:57:55.0437 5552 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:57:55.0457 5552 ProfSvc - ok
17:57:55.0457 5552 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:55.0457 5552 ProtectedStorage - ok
17:57:55.0457 5552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:57:55.0467 5552 Psched - ok
17:57:55.0497 5552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:57:55.0527 5552 ql2300 - ok
17:57:55.0547 5552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:57:55.0557 5552 ql40xx - ok
17:57:55.0567 5552 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:57:55.0587 5552 QWAVE - ok
17:57:55.0597 5552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:57:55.0607 5552 QWAVEdrv - ok
17:57:55.0607 5552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:57:55.0617 5552 RasAcd - ok
17:57:55.0617 5552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:57:55.0627 5552 RasAgileVpn - ok
17:57:55.0627 5552 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:57:55.0647 5552 RasAuto - ok
17:57:55.0657 5552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:55.0667 5552 Rasl2tp - ok
17:57:55.0677 5552 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:57:55.0677 5552 RasMan - ok
17:57:55.0687 5552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:55.0687 5552 RasPppoe - ok
17:57:55.0697 5552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:57:55.0697 5552 RasSstp - ok
17:57:55.0707 5552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:57:55.0727 5552 rdbss - ok
17:57:55.0727 5552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:57:55.0737 5552 rdpbus - ok
17:57:55.0737 5552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:55.0737 5552 RDPCDD - ok
17:57:55.0747 5552 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:57:55.0757 5552 RDPDR - ok
17:57:55.0757 5552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:57:55.0757 5552 RDPENCDD - ok
17:57:55.0757 5552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:57:55.0767 5552 RDPREFMP - ok
17:57:55.0767 5552 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:57:55.0777 5552 RdpVideoMiniport - ok
17:57:55.0777 5552 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:57:55.0787 5552 RDPWD - ok
17:57:55.0797 5552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:57:55.0797 5552 rdyboost - ok
17:57:55.0807 5552 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:57:55.0807 5552 RemoteAccess - ok
17:57:55.0807 5552 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:57:55.0827 5552 RemoteRegistry - ok
17:57:55.0827 5552 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:57:55.0837 5552 RpcEptMapper - ok
17:57:55.0837 5552 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:57:55.0847 5552 RpcLocator - ok
17:57:55.0857 5552 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:57:55.0857 5552 RpcSs - ok
17:57:55.0867 5552 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
17:57:55.0887 5552 RsFx0150 - ok
17:57:55.0887 5552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:57:55.0897 5552 rspndr - ok
17:57:55.0907 5552 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:57:55.0917 5552 RTL8167 - ok
17:57:55.0927 5552 RTL8187 (d5abaa870dc0df690cacfef0897e7f38) C:\Windows\system32\DRIVERS\wg111v2.sys
17:57:55.0937 5552 RTL8187 - ok
17:57:55.0947 5552 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:57:55.0947 5552 s3cap - ok
17:57:55.0957 5552 SaiHFFB5 (cf0e5155a089c7c8d7cfd9d1088afda4) C:\Windows\system32\DRIVERS\SaiHFFB5.sys
17:57:55.0967 5552 SaiHFFB5 - ok
17:57:55.0967 5552 SaiIFFB5 (c719f571586ddc062e53fb0cfa6f6043) C:\Windows\system32\DRIVERS\SaiIFFB5.sys
17:57:55.0977 5552 SaiIFFB5 - ok
17:57:55.0977 5552 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:55.0977 5552 SamSs - ok
17:57:55.0987 5552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:57:55.0997 5552 sbp2port - ok
17:57:55.0997 5552 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:57:56.0017 5552 SCardSvr - ok
17:57:56.0017 5552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:57:56.0027 5552 scfilter - ok
17:57:56.0057 5552 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:57:56.0077 5552 Schedule - ok
17:57:56.0087 5552 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
17:57:56.0087 5552 SCMNdisP - ok
17:57:56.0087 5552 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:57:56.0087 5552 SCPolicySvc - ok
17:57:56.0097 5552 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:57:56.0107 5552 SDRSVC - ok
17:57:56.0117 5552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:57:56.0117 5552 secdrv - ok
17:57:56.0117 5552 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:57:56.0117 5552 seclogon - ok
17:57:56.0127 5552 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:57:56.0127 5552 SENS - ok
17:57:56.0127 5552 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:57:56.0137 5552 SensrSvc - ok
17:57:56.0137 5552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:57:56.0147 5552 Serenum - ok
17:57:56.0147 5552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:57:56.0157 5552 Serial - ok
17:57:56.0167 5552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:57:56.0167 5552 sermouse - ok
17:57:56.0177 5552 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:57:56.0187 5552 SessionEnv - ok
17:57:56.0197 5552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:57:56.0197 5552 sffdisk - ok
17:57:56.0197 5552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:57:56.0207 5552 sffp_mmc - ok
17:57:56.0207 5552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:57:56.0217 5552 sffp_sd - ok
17:57:56.0217 5552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:57:56.0217 5552 sfloppy - ok
17:57:56.0237 5552 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:57:56.0237 5552 SharedAccess - ok
17:57:56.0247 5552 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:57:56.0257 5552 ShellHWDetection - ok
17:57:56.0267 5552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:57:56.0287 5552 SiSRaid2 - ok
17:57:56.0297 5552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:57:56.0307 5552 SiSRaid4 - ok
17:57:56.0317 5552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:57:56.0317 5552 Smb - ok
17:57:56.0327 5552 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:57:56.0327 5552 SNMPTRAP - ok
17:57:56.0327 5552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:57:56.0327 5552 spldr - ok
17:57:56.0347 5552 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:57:56.0367 5552 Spooler - ok
17:57:56.0457 5552 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:57:56.0477 5552 sppsvc - ok
17:57:56.0497 5552 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:57:56.0507 5552 sppuinotify - ok
17:57:56.0527 5552 SQLAgent$SQLEXPRESS (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:57:56.0537 5552 SQLAgent$SQLEXPRESS - ok
17:57:56.0547 5552 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:57:56.0547 5552 SQLBrowser - ok
17:57:56.0567 5552 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
17:57:56.0577 5552 SQLSERVERAGENT - ok
17:57:56.0587 5552 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:57:56.0587 5552 SQLWriter - ok
17:57:56.0617 5552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:57:56.0637 5552 srv - ok
17:57:56.0647 5552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:57:56.0657 5552 srv2 - ok
17:57:56.0667 5552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:57:56.0677 5552 srvnet - ok
17:57:56.0687 5552 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:57:56.0697 5552 SSDPSRV - ok
17:57:56.0697 5552 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:57:56.0697 5552 SstpSvc - ok
17:57:56.0707 5552 Stereo Service (f9506327bb18c51ed720cb9e83bbab66) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:57:56.0707 5552 Stereo Service - ok
17:57:56.0717 5552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:57:56.0727 5552 stexstor - ok
17:57:56.0737 5552 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:57:56.0747 5552 stisvc - ok
17:57:56.0747 5552 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:57:56.0747 5552 storflt - ok
17:57:56.0757 5552 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:57:56.0757 5552 storvsc - ok
17:57:56.0767 5552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:57:56.0767 5552 swenum - ok
17:57:56.0787 5552 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:57:56.0787 5552 swprv - ok
17:57:56.0797 5552 Synth3dVsc - ok
17:57:56.0847 5552 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:57:56.0887 5552 SysMain - ok
17:57:56.0907 5552 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:57:56.0927 5552 TabletInputService - ok
17:57:56.0937 5552 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:57:56.0947 5552 TapiSrv - ok
17:57:56.0947 5552 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:57:56.0967 5552 TBS - ok
17:57:57.0017 5552 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:57:57.0037 5552 Tcpip - ok
17:57:57.0097 5552 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:57:57.0107 5552 TCPIP6 - ok
17:57:57.0127 5552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:57:57.0127 5552 tcpipreg - ok
17:57:57.0127 5552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:57:57.0137 5552 TDPIPE - ok
17:57:57.0137 5552 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:57:57.0147 5552 TDTCP - ok
17:57:57.0147 5552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:57:57.0157 5552 tdx - ok
17:57:57.0157 5552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:57:57.0167 5552 TermDD - ok
17:57:57.0187 5552 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:57:57.0217 5552 TermService - ok
17:57:57.0217 5552 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:57:57.0227 5552 Themes - ok
17:57:57.0237 5552 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:57:57.0237 5552 THREADORDER - ok
17:57:57.0237 5552 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:57:57.0237 5552 TrkWks - ok
17:57:57.0247 5552 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:57:57.0247 5552 TrustedInstaller - ok
17:57:57.0257 5552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:57.0257 5552 tssecsrv - ok
17:57:57.0267 5552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:57:57.0267 5552 TsUsbFlt - ok
17:57:57.0267 5552 tsusbhub - ok
17:57:57.0277 5552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:57:57.0277 5552 tunnel - ok
17:57:57.0277 5552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:57:57.0287 5552 uagp35 - ok
17:57:57.0297 5552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:57:57.0307 5552 udfs - ok
17:57:57.0317 5552 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:57:57.0327 5552 UI0Detect - ok
17:57:57.0327 5552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:57:57.0337 5552 uliagpkx - ok
17:57:57.0337 5552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:57:57.0347 5552 umbus - ok
17:57:57.0347 5552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:57:57.0357 5552 UmPass - ok
17:57:57.0367 5552 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:57:57.0377 5552 UmRdpService - ok
17:57:57.0447 5552 UNS (cd114ce02a10fa79c229770788106842) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:57:57.0477 5552 UNS - ok
17:57:57.0507 5552 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:57:57.0507 5552 upnphost - ok
17:57:57.0517 5552 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:57:57.0527 5552 usbaudio - ok
17:57:57.0537 5552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:57.0547 5552 usbccgp - ok
17:57:57.0557 5552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:57:57.0557 5552 usbcir - ok
17:57:57.0567 5552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:57:57.0567 5552 usbehci - ok
17:57:57.0577 5552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:57:57.0597 5552 usbhub - ok
17:57:57.0597 5552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:57:57.0597 5552 usbohci - ok
17:57:57.0607 5552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:57:57.0607 5552 usbprint - ok
17:57:57.0617 5552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:57:57.0617 5552 usbscan - ok
17:57:57.0627 5552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:57:57.0627 5552 USBSTOR - ok
17:57:57.0637 5552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:57:57.0637 5552 usbuhci - ok
17:57:57.0637 5552 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:57:57.0657 5552 UxSms - ok
17:57:57.0657 5552 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:57:57.0657 5552 VaultSvc - ok
17:57:57.0657 5552 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
17:57:57.0667 5552 VClone - ok
17:57:57.0667 5552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:57:57.0667 5552 vdrvroot - ok
17:57:57.0687 5552 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:57:57.0697 5552 vds - ok
17:57:57.0707 5552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:57.0707 5552 vga - ok
17:57:57.0707 5552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:57:57.0717 5552 VgaSave - ok
17:57:57.0717 5552 VGPU - ok
17:57:57.0727 5552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:57:57.0737 5552 vhdmp - ok
17:57:57.0737 5552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:57:57.0747 5552 viaide - ok
17:57:57.0747 5552 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:57:57.0757 5552 vmbus - ok
17:57:57.0757 5552 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:57:57.0757 5552 VMBusHID - ok
17:57:57.0767 5552 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
17:57:57.0767 5552 vmm - ok
17:57:57.0777 5552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:57:57.0777 5552 volmgr - ok
17:57:57.0787 5552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:57:57.0787 5552 volmgrx - ok
17:57:57.0797 5552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:57:57.0797 5552 volsnap - ok
17:57:57.0807 5552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:57:57.0817 5552 vsmraid - ok
17:57:57.0817 5552 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
17:57:57.0827 5552 VSPerfDrv100 - ok
17:57:57.0867 5552 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:57:57.0887 5552 VSS - ok
17:57:57.0907 5552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:57:57.0917 5552 vwifibus - ok
17:57:57.0967 5552 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
17:57:57.0987 5552 VX3000 - ok
17:57:58.0007 5552 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:57:58.0027 5552 W32Time - ok
17:57:58.0047 5552 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:57:58.0047 5552 W3SVC - ok
17:57:58.0057 5552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:57:58.0057 5552 WacomPen - ok
17:57:58.0067 5552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:58.0077 5552 WANARP - ok
17:57:58.0077 5552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:57:58.0077 5552 Wanarpv6 - ok
17:57:58.0087 5552 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:57:58.0087 5552 WAS - ok
17:57:58.0117 5552 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:57:58.0277 5552 WatAdminSvc - ok
17:57:58.0317 5552 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:57:58.0367 5552 wbengine - ok
17:57:58.0387 5552 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:57:58.0407 5552 WbioSrvc - ok
17:57:58.0417 5552 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:57:58.0437 5552 wcncsvc - ok
17:57:58.0437 5552 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:57:58.0457 5552 WcsPlugInService - ok
17:57:58.0457 5552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:57:58.0467 5552 Wd - ok
17:57:58.0487 5552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:57:58.0487 5552 Wdf01000 - ok
17:57:58.0497 5552 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:57:58.0497 5552 WdiServiceHost - ok
17:57:58.0497 5552 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:57:58.0497 5552 WdiSystemHost - ok
17:57:58.0507 5552 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:57:58.0517 5552 WebClient - ok
17:57:58.0527 5552 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:57:58.0547 5552 Wecsvc - ok
17:57:58.0547 5552 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:57:58.0557 5552 wercplsupport - ok
17:57:58.0557 5552 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:57:58.0567 5552 WerSvc - ok
17:57:58.0577 5552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:57:58.0577 5552 WfpLwf - ok
17:57:58.0587 5552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:57:58.0587 5552 WIMMount - ok
17:57:58.0597 5552 WinDefend - ok
17:57:58.0597 5552 WinHttpAutoProxySvc - ok
17:57:58.0607 5552 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:57:58.0607 5552 Winmgmt - ok
17:57:58.0657 5552 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:57:58.0707 5552 WinRM - ok
17:57:58.0727 5552 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
17:57:58.0737 5552 winusb - ok
17:57:58.0757 5552 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:57:58.0767 5552 Wlansvc - ok
17:57:58.0827 5552 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:57:58.0857 5552 wlidsvc - ok
17:57:58.0877 5552 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
17:57:58.0887 5552 WmBEnum - ok
17:57:58.0897 5552 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
17:57:58.0907 5552 WmFilter - ok
17:57:58.0907 5552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:57:58.0917 5552 WmiAcpi - ok
17:57:58.0927 5552 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:57:58.0947 5552 wmiApSrv - ok
17:57:58.0957 5552 WMPNetworkSvc - ok
17:57:58.0957 5552 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
17:57:58.0957 5552 WmVirHid - ok
17:57:58.0967 5552 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
17:57:58.0977 5552 WmXlCore - ok
17:57:58.0987 5552 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
17:57:58.0997 5552 WMZuneComm - ok
17:57:58.0997 5552 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:57:59.0017 5552 WPCSvc - ok
17:57:59.0017 5552 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:57:59.0027 5552 WPDBusEnum - ok
17:57:59.0027 5552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:57:59.0027 5552 ws2ifsl - ok
17:57:59.0037 5552 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:57:59.0037 5552 wscsvc - ok
17:57:59.0037 5552 WSearch - ok
17:57:59.0107 5552 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:57:59.0127 5552 wuauserv - ok
17:57:59.0157 5552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:57:59.0157 5552 WudfPf - ok
17:57:59.0167 5552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:57:59.0177 5552 WUDFRd - ok
17:57:59.0187 5552 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:57:59.0197 5552 wudfsvc - ok
17:57:59.0207 5552 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:57:59.0217 5552 WwanSvc - ok
17:57:59.0227 5552 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:57:59.0237 5552 xusb21 - ok
17:57:59.0447 5552 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
17:57:59.0517 5552 ZuneNetworkSvc - ok
17:57:59.0537 5552 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
17:57:59.0537 5552 ZuneWlanCfgSvc - ok
17:57:59.0547 5552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:57:59.0607 5552 \Device\Harddisk0\DR0 - ok
17:57:59.0617 5552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:57:59.0787 5552 \Device\Harddisk1\DR1 - ok
17:57:59.0797 5552 Boot (0x1200) (13710c53ded5c0a3b9d34ea3ac3b791e) \Device\Harddisk0\DR0\Partition0
17:57:59.0797 5552 \Device\Harddisk0\DR0\Partition0 - ok
17:57:59.0797 5552 Boot (0x1200) (cac0dd4d2ffb5baa75e3793bd5cf767b) \Device\Harddisk0\DR0\Partition1
17:57:59.0797 5552 \Device\Harddisk0\DR0\Partition1 - ok
17:57:59.0807 5552 Boot (0x1200) (8a7589044a9f54a5f057e242ba37b66c) \Device\Harddisk1\DR1\Partition0
17:57:59.0807 5552 \Device\Harddisk1\DR1\Partition0 - ok
17:57:59.0807 5552 Boot (0x1200) (08e654e035bd5dabc446a88c42c2382b) \Device\Harddisk1\DR1\Partition1
17:57:59.0807 5552 \Device\Harddisk1\DR1\Partition1 - ok
17:57:59.0807 5552 ============================================================
17:57:59.0807 5552 Scan finished
17:57:59.0807 5552 ============================================================
17:57:59.0817 4988 Detected object count: 0
17:57:59.0817 4988 Actual detected object count: 0
18:01:08.0983 5604 Deinitialize success

-----------------------------------------------------

...and aswMBR log:

-----------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 18:01:12
-----------------------------
18:01:12.883 OS Version: Windows x64 6.1.7601 Service Pack 1
18:01:12.883 Number of processors: 4 586 0x2A07
18:01:12.883 ComputerName: TURRICAN2 UserName: simon
18:01:13.093 Initialize success
18:10:47.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:10:47.546 Disk 0 Vendor: M4-CT128M4SSD2 0002 Size: 122104MB BusType: 3
18:10:47.549 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
18:10:47.551 Disk 1 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
18:10:47.554 Disk 0 MBR read successfully
18:10:47.557 Disk 0 MBR scan
18:10:47.559 Disk 0 Windows 7 default MBR code
18:10:47.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:10:47.565 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
18:10:47.569 Disk 0 scanning C:\Windows\system32\drivers
18:10:48.590 Service scanning
18:10:52.127 Modules scanning
18:10:52.136 Disk 0 trace - called modules:
18:10:52.142 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:10:52.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008115060]
18:10:52.478 3 CLASSPNP.SYS[fffff88001b7743f] -> nt!IofCallDriver -> [0xfffffa8007b8c9b0]
18:10:52.482 5 ACPI.sys[fffff88000f787a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007c33060]
18:10:52.486 Scan finished successfully
18:12:38.718 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
18:12:38.758 The log file has been saved successfully to "C:\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 10 July 2012 - 03:28 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 July 2012 - 05:28 AM

Hi,

No problems running this again. The output of combofix is below. Did you want me to re-install MSE yet to see if it works?

----------------------------------------------

ComboFix 12-07-10.01 - simon 10/07/2012 20:20:30.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8105.6680 [GMT 10:00]
Running from: e:\users\Simon\Downloads\ComboFix.exe
Command switches used :: e:\users\Simon\Documents\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 10:22 . 2012-07-10 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 10:22 . 2012-07-10 10:22 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-09 08:34 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B7B3096-7AC6-4091-B200-2C917019C50C}\mpengine.dll
2012-07-08 05:54 . 2012-07-08 05:54 328704 ----a-w- c:\windows\system32\services.exe.55A069161FB5E157
2012-07-08 05:51 . 2012-07-08 05:51 328704 ----a-w- c:\windows\system32\services.exe.97C54231A062546E
2012-07-08 05:48 . 2012-07-08 05:48 328704 ----a-w- c:\windows\system32\services.exe.28B5CCB47C873C34
2012-07-08 05:43 . 2012-07-08 05:43 328704 ----a-w- c:\windows\system32\services.exe.9157C7CE508C8606
2012-07-08 05:39 . 2012-07-08 05:39 328704 ----a-w- c:\windows\system32\services.exe.C494ABB02B4A2960
2012-07-08 04:50 . 2012-07-08 04:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-08 04:39 . 2012-07-08 04:46 -------- d-----w- c:\users\simon\AppData\Roaming\xsecva
2012-07-08 04:26 . 2012-07-08 04:26 -------- d-----w- c:\users\simon\AppData\Local\APN
2012-07-08 04:26 . 2012-07-08 04:28 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-07-08 00:27 . 2012-07-08 00:28 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-07-08 00:27 . 2010-10-23 14:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-07-07 23:46 . 2012-07-07 23:46 -------- d-----w- c:\program files (x86)\FreeStopwatch
2012-07-06 12:15 . 2012-07-06 12:15 -------- d-----w- c:\program files (x86)\OpenPlsInWMP
2012-06-24 01:33 . 2012-06-24 01:33 -------- d-----w- c:\program files (x86)\Audacity
2012-06-21 08:04 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:04 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:04 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:04 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:04 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:04 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 07:17 . 2012-06-17 07:17 -------- d-----w- c:\windows\system32\SPReview
2012-06-17 07:17 . 2012-06-17 07:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-13 09:18 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 07:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-17 07:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-10 18:56 . 2012-03-29 20:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 18:56 . 2011-08-13 23:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 02:25 . 2011-08-13 22:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-05 12:08 . 2012-04-14 09:08 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-23 08:57 . 2012-04-23 08:57 403296 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.AdminPack.Client_1.0.0.0_31bf3856ad364e35\Microsoft.Web.Management.AdminPack.Client.dll
2012-04-23 08:57 . 2012-04-23 08:57 117504 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\en\Microsoft.Web.Management.Rewrite.Client.resources.dll
2012-04-23 08:57 . 2012-04-23 08:57 547584 ----a-w- c:\users\simon\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_08.14.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 13:45 . 2012-07-09 08:23 43660 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-10 05:55 37576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-08-13 05:23 . 2012-07-09 08:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-13 05:23 . 2012-07-10 06:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-13 05:23 . 2012-07-09 08:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-13 05:23 . 2012-07-10 06:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-09 08:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-10 06:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-13 08:41 . 2012-07-10 05:55 7422 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-482699728-3184499980-1273444691-1000_UserData.bin
+ 2012-07-10 10:23 . 2012-07-10 10:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-09 08:14 . 2012-07-09 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-10 10:23 . 2012-07-10 10:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-09 08:14 . 2012-07-09 08:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-13 13:40 . 2012-07-10 10:14 323582 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-07-10 10:19 874768 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-10 10:19 201428 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-09 08:14 296084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-10 10:23 296084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 12:33 . 2012-07-09 10:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-04-25 12:33 . 2012-07-08 05:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-04-25 12:33 . 2012-07-08 05:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-25 12:33 . 2012-07-09 10:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-25 12:33 . 2012-07-09 10:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-04-25 12:33 . 2012-07-08 05:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-25 12:33 . 2012-07-09 10:23 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-04-25 12:33 . 2012-07-08 05:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2011-08-14 02:22 . 2012-07-10 10:23 6282100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-482699728-3184499980-1273444691-1000-8192.dat
- 2011-08-13 23:45 . 2012-07-08 12:19 6797748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-482699728-3184499980-1273444691-1000-12288.dat
+ 2011-08-13 23:45 . 2012-07-09 11:57 6797748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-482699728-3184499980-1273444691-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XSECVA"="c:\users\simon\AppData\Roaming\xsecva\xsecva.exe" [2012-07-08 185856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-08-13 4942336]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-23 245544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2011-8-14 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-10 31808]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2008-04-04 178560]
R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\DRIVERS\SaiIFFB5.sys [2008-04-04 20864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-16 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 428384]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 25312]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-08-13 15936]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-11 243200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:56]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-482699728-3184499980-1273444691-1000Core.job
- c:\users\simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 12:16]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-482699728-3184499980-1273444691-1000UA.job
- c:\users\simon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 12:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 61.9.211.1 61.9.211.33
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-10 20:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 10:25
ComboFix2.txt 2012-07-09 08:16
.
Pre-Run: 47,084,900,352 bytes free
Post-Run: 46,797,148,160 bytes free
.
- - End Of File - - 544B71B7B0EDCE300126F89181857102

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 10 July 2012 - 07:28 AM

Greetings


yes go ahead and reinstall MSE now.




These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 July 2012 - 04:28 PM

Hi Gringo,

Everything has gone fine, but between doing your last instructions & these, I've noticed my IE9 browser is still going to some pages I dont type the URLs of.

Malware Bytes log:

----------------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
simon :: TURRICAN2 [administrator]

12/07/2012 7:21:06 AM
mbam-log-2012-07-12 (07-21-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236422
Time elapsed: 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------------------------------------------------

Hijackthis logs:

----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:25:08 AM, on 12/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Users\simon\AppData\Roaming\xsecva\xsecva.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
C:\Program Files (x86)\Windows Live\Device Integrator\DI_HIDServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
E:\Users\Simon\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [XSECVA] C:\Users\simon\AppData\Roaming\xsecva\xsecva.exe -s
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6873 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 11 July 2012 - 08:42 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [XSECVA] C:\Users\simon\AppData\Roaming\xsecva\xsecva.exe -s
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 13 July 2012 - 11:42 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 July 2012 - 07:56 AM

Hi, sorry, I got busy :) Thanks for your help.

Hijack This hilighted the xsecva program in my appdata folder. I've googled this, and it seems this is the trojan causing my I.E. hijacking. What I want to know is why have no anti-virus programs I've run identified this as a virus?

Anyway, the esset scan log:

--------------------------------------------------------------------------

C:\Qoobox\Quarantine\C\Windows\Installer\{17006d3f-2236-6ef1-9596-617bfda805b3}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined

--------------------------------------------------------------------------

(MSE has since identified & cleaned this file)

Edited by xbattlestation, 15 July 2012 - 07:57 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 15 July 2012 - 11:42 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 xbattlestation

xbattlestation
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 July 2012 - 05:41 PM

Thanks for your help Gringo - donated :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 15 July 2012 - 08:40 PM

thank you and you are more than welcome!!


Glad I was able to help



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users