Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 Skyies

Skyies

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 12 July 2012 - 06:24 AM

Computer is stuck in reboot every 1 minute on restart. Microsoft Security Essential encounter a critical error on start up. I had glimpse of Virus:win64/sirefef.A, Trojan:Win64/sirefef.W, and trojan:win64/sirefef being in MSE quick scan before reboot.

Edited by Skyies, 12 July 2012 - 06:59 AM.


BC AdBot (Login to Remove)

 


#2 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 12 July 2012 - 07:22 AM

After few attempt it stop rebooting and is sitting at my desktop. I was able to run DDS.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Jeff at 7:13:29 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4806 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe
C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HW_OPENEYE_OUC_Cricket Broadband EC1705] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Facebook Update] "C:\Users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [PlayNC Launcher]
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{7B6BB47B-3A90-4018-88F3-84831A213B4E} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{7E75E090-87B6-42C1-8413-7ECBF098E85A} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{862A93C5-F364-4065-B2B6-5B794ED308A4} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{D59D1705-0DCF-4563-8934-64B0A9613223} : NameServer = 10.133.20.11 10.132.20.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-12 11:59:35 328704 ----a-w- C:\Windows\System32\services.exe.AC1437D542705D95
2012-07-12 11:56:23 328704 ----a-w- C:\Windows\System32\services.exe.79E5FC19E71873E4
2012-07-12 11:53:05 328704 ----a-w- C:\Windows\System32\services.exe.7AFF5284B05B4A60
2012-07-12 10:47:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11CA313B-8829-45CB-A2BA-37BF759BA568}\offreg.dll
2012-07-12 10:46:32 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01E3616C-EA51-4C72-84E1-76387747697F}\gapaengine.dll
2012-07-12 10:46:27 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11CA313B-8829-45CB-A2BA-37BF759BA568}\mpengine.dll
2012-07-12 10:43:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-12 10:43:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-12 10:37:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 10:25:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-12 10:25:03 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-12 10:25:03 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-12 10:25:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-12 10:25:03 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-12 10:25:03 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-12 10:25:03 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-12 10:25:03 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-12 10:25:03 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-12 10:25:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-12 10:25:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-07-12 10:25:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-07-12 10:23:50 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-12 10:23:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-12 10:23:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-12 10:23:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-12 10:23:50 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-12 10:23:50 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:23:49 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-12 10:23:49 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:23:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:23:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-12 10:23:49 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 10:23:49 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:23:49 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-12 09:46:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 03:57:23 5874 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2012-07-12 03:56:44 -------- d-----w- C:\Users\Jeff\AppData\Local\Downloaded Installations
2012-07-12 03:02:06 -------- d-----w- C:\Program Files (x86)\Sky
2012-07-12 02:25:26 -------- d-----w- C:\Users\Jeff\AppData\Local\TSVNCache
2012-07-12 02:11:18 -------- d-----w- C:\Users\Jeff\AppData\Roaming\TortoiseSVN
2012-07-12 02:05:50 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Subversion
2012-07-11 08:48:00 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-11 08:47:33 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-08 10:38:52 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Ubisoft
2012-07-08 03:13:36 -------- d-----w- C:\Users\Jeff\AppData\Local\BigHugeEngine
2012-06-30 04:32:58 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Waveform
2012-06-30 04:32:16 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-06-30 04:32:16 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-06-30 04:32:16 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-06-30 04:32:16 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-06-30 04:32:16 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-06-18 06:52:56 -------- d-----w- C:\Windows\SysWow64\Logs
.
==================== Find3M ====================
.
2012-07-12 12:02:52 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-11 18:21:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:21:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-30 04:24:08 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-30 04:24:08 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 00:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-14 22:35:28 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-04-03 22:55:31 509 ----a-w- C:\Program Files (x86)\layout.bin
.
============= FINISH: 7:18:29.68 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 12:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 July 2012 - 02:44 AM

Having no problem at the moment. Everything running smooth.

Here is the Checkup Log.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````



Heres the ComboFix Log




ComboFix 12-07-13.01 - Jeff 07/13/2012 2:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3970 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\users\Jeff\AppData\Local\assembly\tmp
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Modern Warfare 2.url
c:\windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@
c:\windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L\00000004.@
c:\windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L\1afb2d56
c:\windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L\201d3dde
c:\windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U\00000008.@
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2012-06-18_01-52-56_r3dlog.txt
c:\windows\SysWow64\SETD9AE.tmp
c:\windows\SysWow64\SETEA38.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 07:25 . 2012-07-13 07:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80ED3E8A-6A35-402F-A6C0-581CAC17BC47}\offreg.dll
2012-07-13 07:23 . 2012-07-13 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 01:14 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80ED3E8A-6A35-402F-A6C0-581CAC17BC47}\mpengine.dll
2012-07-12 11:59 . 2012-07-12 11:59 328704 ----a-w- c:\windows\system32\services.exe.AC1437D542705D95
2012-07-12 11:56 . 2012-07-12 11:56 328704 ----a-w- c:\windows\system32\services.exe.79E5FC19E71873E4
2012-07-12 11:53 . 2012-07-12 11:53 328704 ----a-w- c:\windows\system32\services.exe.7AFF5284B05B4A60
2012-07-12 10:46 . 2012-07-12 10:45 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01E3616C-EA51-4C72-84E1-76387747697F}\gapaengine.dll
2012-07-12 10:46 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 10:43 . 2012-07-12 10:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-12 10:43 . 2012-07-12 10:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 10:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 10:25 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 10:25 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 10:25 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 10:25 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 10:25 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 10:25 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 10:25 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 10:25 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 10:25 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-12 10:25 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-12 10:25 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-12 10:25 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-12 10:23 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 10:23 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 10:23 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 10:23 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 10:23 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:23 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-12 10:23 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 10:23 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-12 10:23 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:23 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:23 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:23 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-12 10:23 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 09:46 . 2012-07-12 09:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 03:59 . 2012-07-12 03:59 -------- d--h--r- c:\users\Jeff\AppData\Roaming\SecuROM
2012-07-12 03:57 . 2012-07-12 03:57 5874 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-07-12 03:02 . 2012-07-12 09:56 -------- d-----w- c:\program files (x86)\Sky
2012-07-12 02:25 . 2012-07-12 09:58 -------- d-----w- c:\users\Jeff\AppData\Local\TSVNCache
2012-07-12 02:11 . 2012-07-12 02:11 -------- d-----w- c:\users\Jeff\AppData\Roaming\TortoiseSVN
2012-07-12 02:05 . 2012-07-12 02:05 -------- d-----w- c:\users\Jeff\AppData\Roaming\Subversion
2012-07-11 08:48 . 2012-07-11 08:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-11 08:48 . 2012-07-11 08:48 -------- d-----w- c:\program files (x86)\Oracle
2012-07-11 08:47 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-08 10:38 . 2012-07-08 10:38 -------- d-----w- c:\users\Jeff\AppData\Roaming\Ubisoft
2012-07-08 03:13 . 2012-07-08 03:13 -------- d-----w- c:\users\Jeff\AppData\Local\BigHugeEngine
2012-06-30 04:32 . 2012-06-30 04:32 -------- d-----w- c:\users\Jeff\AppData\Roaming\Waveform
2012-06-30 04:32 . 2012-06-30 04:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-30 04:32 . 2012-06-30 04:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-30 04:32 . 2012-06-30 04:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-30 04:32 . 2012-06-30 04:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-30 04:32 . 2012-06-30 04:32 -------- d-----w- c:\program files (x86)\OpenAL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-11 18:21 . 2012-04-17 16:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 18:21 . 2011-09-06 20:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-30 04:24 . 2010-06-15 19:30 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-30 04:24 . 2010-06-15 19:30 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-16 18:49 . 2012-04-13 19:15 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-05 00:29 . 2010-04-16 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-14 22:35 . 2010-06-15 19:49 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-04-03 22:55 . 2010-06-04 06:47 509 ----a-w- c:\program files (x86)\layout.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Cricket Broadband EC1705"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-06-20 196608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-11 3077528]
"Facebook Update"="c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-06-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-06-20 252928]
R3 kbdcap;kbdcap; [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2005-02-24 503352]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-06-20 83456]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 18:21]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000Core.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:08]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000UA.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:08]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 08:04]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 08:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{7B6BB47B-3A90-4018-88F3-84831A213B4E}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{7E75E090-87B6-42C1-8413-7ECBF098E85A}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{D59D1705-0DCF-4563-8934-64B0A9613223}: NameServer = 10.133.20.11 10.132.20.11
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Alan Wake_is1 - c:\program files (x86)\Sky\Alan Wake\unins000.exe
AddRemove-AutoHotkey - c:\program files (x86)\AutoHotkey\uninst.exe
AddRemove-Batman Arkham City_is1 - c:\program files (x86)\R.G. Catalyst\Batman Arkham City\uninstall\unins000.exe
AddRemove-Homeworld2 - c:\program files (x86)\Sierra\Homeworld2\uninstall.exe
AddRemove-Renegade - c:\westwood\Renegade\Uninstll.exe
AddRemove-The Darkness II_is1 - c:\program files (x86)\Skyies\The Darkness II\unins000.exe
AddRemove-Tiberian Sun - c:\westwood\SUN\Uninstll.EXE
AddRemove-{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1 - c:\program files (x86)\Square Enix\Deus Ex - Human Revolution\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3879286769-3404492953-3856487551-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,05,ee,1f,5f,a0,3e,0e,a5,68,6c,62,9d,64,8b,f0,ec,a1,7d,9e,24,
fc,01,dd,1c,c5,05,cb,fa,e3,f1,e6,bc,c1,bd,c4,18,9e,11,23,5d,0f,d4,9c,42,57,\
"rkeysecu"=hex:dd,12,e4,0b,ed,b3,ce,2b,3b,04,6b,e0,b4,0c,39,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programdata\Cricket Broadband EC1705\userdata\ouc.exe
.
**************************************************************************
.
Completion time: 2012-07-13 02:41:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 07:41
.
Pre-Run: 121,325,735,936 bytes free
Post-Run: 122,526,486,528 bytes free
.
- - End Of File - - 3DAB61D43590F116E82E956F4F5360BB

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 12:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 July 2012 - 06:02 PM

TDS

16:48:33.0743 3324 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
16:48:34.0196 3324 ============================================================
16:48:34.0196 3324 Current date / time: 2012/07/13 16:48:34.0196
16:48:34.0196 3324 SystemInfo:
16:48:34.0196 3324
16:48:34.0196 3324 OS Version: 6.1.7601 ServicePack: 1.0
16:48:34.0196 3324 Product type: Workstation
16:48:34.0196 3324 ComputerName: JEFFTRAN
16:48:34.0196 3324 UserName: Jeff
16:48:34.0196 3324 Windows directory: C:\Windows
16:48:34.0196 3324 System windows directory: C:\Windows
16:48:34.0196 3324 Running under WOW64
16:48:34.0196 3324 Processor architecture: Intel x64
16:48:34.0196 3324 Number of processors: 2
16:48:34.0196 3324 Page size: 0x1000
16:48:34.0196 3324 Boot type: Normal boot
16:48:34.0196 3324 ============================================================
16:48:34.0820 3324 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:34.0851 3324 Drive \Device\Harddisk5\DR5 - Size: 0xEFF4FE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:48:34.0851 3324 ============================================================
16:48:34.0851 3324 \Device\Harddisk0\DR0:
16:48:34.0851 3324 MBR partitions:
16:48:34.0851 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CFDEC9
16:48:34.0851 3324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48CFDF08, BlocksNum 0x1B58FB9
16:48:34.0851 3324 \Device\Harddisk5\DR5:
16:48:34.0851 3324 MBR partitions:
16:48:34.0851 3324 \Device\Harddisk5\DR5\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
16:48:34.0851 3324 ============================================================
16:48:34.0882 3324 C: <-> \Device\Harddisk0\DR0\Partition0
16:48:34.0929 3324 D: <-> \Device\Harddisk0\DR0\Partition1
16:48:34.0929 3324 ============================================================
16:48:34.0929 3324 Initialize success
16:48:34.0929 3324 ============================================================
16:48:40.0093 1152 ============================================================
16:48:40.0093 1152 Scan started
16:48:40.0093 1152 Mode: Manual;
16:48:40.0093 1152 ============================================================
16:48:40.0467 1152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:48:40.0467 1152 1394ohci - ok
16:48:40.0529 1152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:48:40.0529 1152 ACPI - ok
16:48:40.0545 1152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:48:40.0545 1152 AcpiPmi - ok
16:48:40.0685 1152 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:40.0685 1152 AdobeFlashPlayerUpdateSvc - ok
16:48:40.0748 1152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:40.0748 1152 adp94xx - ok
16:48:40.0795 1152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:48:40.0810 1152 adpahci - ok
16:48:40.0826 1152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:48:40.0826 1152 adpu320 - ok
16:48:40.0857 1152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:48:40.0857 1152 AeLookupSvc - ok
16:48:40.0935 1152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:48:40.0935 1152 AFD - ok
16:48:40.0997 1152 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
16:48:40.0997 1152 AgereModemAudio - ok
16:48:41.0075 1152 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
16:48:41.0075 1152 AGERESoftModem - ok
16:48:41.0263 1152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:48:41.0263 1152 agp440 - ok
16:48:41.0294 1152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:48:41.0294 1152 ALG - ok
16:48:41.0309 1152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:48:41.0309 1152 aliide - ok
16:48:41.0341 1152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:48:41.0341 1152 amdide - ok
16:48:41.0372 1152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:48:41.0372 1152 AmdK8 - ok
16:48:41.0387 1152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:48:41.0387 1152 AmdPPM - ok
16:48:41.0434 1152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:48:41.0434 1152 amdsata - ok
16:48:41.0465 1152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:41.0465 1152 amdsbs - ok
16:48:41.0481 1152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:48:41.0481 1152 amdxata - ok
16:48:41.0528 1152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:48:41.0528 1152 AppID - ok
16:48:41.0559 1152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:48:41.0559 1152 AppIDSvc - ok
16:48:41.0621 1152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:48:41.0621 1152 Appinfo - ok
16:48:41.0746 1152 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:41.0746 1152 Apple Mobile Device - ok
16:48:41.0777 1152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:48:41.0777 1152 arc - ok
16:48:41.0793 1152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:48:41.0809 1152 arcsas - ok
16:48:41.0933 1152 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:48:41.0933 1152 aspnet_state - ok
16:48:41.0949 1152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:41.0949 1152 AsyncMac - ok
16:48:42.0011 1152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:48:42.0011 1152 atapi - ok
16:48:42.0074 1152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:42.0089 1152 AudioEndpointBuilder - ok
16:48:42.0089 1152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:42.0089 1152 AudioSrv - ok
16:48:42.0152 1152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:48:42.0152 1152 AxInstSV - ok
16:48:42.0214 1152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:48:42.0214 1152 b06bdrv - ok
16:48:42.0230 1152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:42.0245 1152 b57nd60a - ok
16:48:42.0277 1152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:48:42.0277 1152 BDESVC - ok
16:48:42.0292 1152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:48:42.0292 1152 Beep - ok
16:48:42.0370 1152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:48:42.0370 1152 BFE - ok
16:48:42.0448 1152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:48:42.0464 1152 BITS - ok
16:48:42.0511 1152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:42.0511 1152 blbdrive - ok
16:48:42.0620 1152 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:48:42.0620 1152 Bonjour Service - ok
16:48:42.0651 1152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:48:42.0651 1152 bowser - ok
16:48:42.0682 1152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:42.0682 1152 BrFiltLo - ok
16:48:42.0698 1152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:42.0698 1152 BrFiltUp - ok
16:48:42.0729 1152 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:48:42.0729 1152 BridgeMP - ok
16:48:42.0776 1152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:48:42.0776 1152 Browser - ok
16:48:42.0791 1152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:48:42.0791 1152 Brserid - ok
16:48:42.0807 1152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:42.0807 1152 BrSerWdm - ok
16:48:42.0823 1152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:42.0823 1152 BrUsbMdm - ok
16:48:42.0838 1152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:42.0838 1152 BrUsbSer - ok
16:48:42.0854 1152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:42.0854 1152 BTHMODEM - ok
16:48:42.0901 1152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:48:42.0901 1152 bthserv - ok
16:48:42.0901 1152 catchme - ok
16:48:42.0916 1152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:48:42.0932 1152 cdfs - ok
16:48:42.0979 1152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:48:42.0979 1152 cdrom - ok
16:48:43.0041 1152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:43.0041 1152 CertPropSvc - ok
16:48:43.0057 1152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:48:43.0072 1152 circlass - ok
16:48:43.0119 1152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:48:43.0119 1152 CLFS - ok
16:48:43.0181 1152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:43.0181 1152 clr_optimization_v2.0.50727_32 - ok
16:48:43.0244 1152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:43.0244 1152 clr_optimization_v2.0.50727_64 - ok
16:48:43.0322 1152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:43.0322 1152 clr_optimization_v4.0.30319_32 - ok
16:48:43.0369 1152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:43.0369 1152 clr_optimization_v4.0.30319_64 - ok
16:48:43.0431 1152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:43.0431 1152 CmBatt - ok
16:48:43.0462 1152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:48:43.0462 1152 cmdide - ok
16:48:43.0525 1152 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:48:43.0540 1152 CNG - ok
16:48:43.0556 1152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:48:43.0571 1152 Compbatt - ok
16:48:43.0587 1152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:48:43.0587 1152 CompositeBus - ok
16:48:43.0603 1152 COMSysApp - ok
16:48:43.0681 1152 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
16:48:43.0681 1152 cpuz135 - ok
16:48:43.0696 1152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:43.0696 1152 crcdisk - ok
16:48:43.0759 1152 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:48:43.0759 1152 CryptSvc - ok
16:48:43.0821 1152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:43.0821 1152 DcomLaunch - ok
16:48:43.0915 1152 DCService.exe (00eaf3956092a8008608ca6e2c5d649d) C:\ProgramData\DatacardService\DCService.exe
16:48:43.0915 1152 DCService.exe - ok
16:48:43.0961 1152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:48:43.0961 1152 defragsvc - ok
16:48:44.0039 1152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:48:44.0039 1152 DfsC - ok
16:48:44.0086 1152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:48:44.0086 1152 Dhcp - ok
16:48:44.0102 1152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:44.0102 1152 discache - ok
16:48:44.0149 1152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:48:44.0149 1152 Disk - ok
16:48:44.0180 1152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:48:44.0180 1152 Dnscache - ok
16:48:44.0242 1152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:48:44.0242 1152 dot3svc - ok
16:48:44.0289 1152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:48:44.0305 1152 DPS - ok
16:48:44.0367 1152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:44.0367 1152 drmkaud - ok
16:48:44.0461 1152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:44.0476 1152 DXGKrnl - ok
16:48:44.0492 1152 EagleX64 - ok
16:48:44.0523 1152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:48:44.0523 1152 EapHost - ok
16:48:44.0726 1152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:48:44.0757 1152 ebdrv - ok
16:48:44.0851 1152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:48:44.0851 1152 EFS - ok
16:48:44.0944 1152 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:48:44.0960 1152 ehRecvr - ok
16:48:44.0991 1152 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:48:44.0991 1152 ehSched - ok
16:48:45.0069 1152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:48:45.0085 1152 elxstor - ok
16:48:45.0131 1152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:48:45.0131 1152 ErrDev - ok
16:48:45.0178 1152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:48:45.0178 1152 EventSystem - ok
16:48:45.0241 1152 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:48:45.0256 1152 ewusbnet - ok
16:48:45.0287 1152 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:48:45.0287 1152 ew_hwusbdev - ok
16:48:45.0334 1152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:45.0334 1152 exfat - ok
16:48:45.0365 1152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:45.0365 1152 fastfat - ok
16:48:45.0443 1152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:48:45.0443 1152 Fax - ok
16:48:45.0475 1152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:48:45.0475 1152 fdc - ok
16:48:45.0506 1152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:48:45.0521 1152 fdPHost - ok
16:48:45.0537 1152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:48:45.0537 1152 FDResPub - ok
16:48:45.0553 1152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:45.0553 1152 FileInfo - ok
16:48:45.0568 1152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:45.0568 1152 Filetrace - ok
16:48:45.0584 1152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:45.0584 1152 flpydisk - ok
16:48:45.0646 1152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:45.0646 1152 FltMgr - ok
16:48:45.0724 1152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:48:45.0740 1152 FontCache - ok
16:48:45.0833 1152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:45.0833 1152 FontCache3.0.0.0 - ok
16:48:45.0865 1152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:45.0865 1152 FsDepends - ok
16:48:45.0896 1152 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:45.0896 1152 Fs_Rec - ok
16:48:45.0943 1152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:45.0943 1152 fvevol - ok
16:48:45.0958 1152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:45.0958 1152 gagp30kx - ok
16:48:45.0989 1152 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:46.0005 1152 GEARAspiWDM - ok
16:48:46.0083 1152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:48:46.0083 1152 gpsvc - ok
16:48:46.0145 1152 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:48:46.0145 1152 hamachi - ok
16:48:46.0161 1152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:46.0161 1152 hcw85cir - ok
16:48:46.0239 1152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:48:46.0239 1152 HdAudAddService - ok
16:48:46.0286 1152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:48:46.0286 1152 HDAudBus - ok
16:48:46.0301 1152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:46.0301 1152 HidBatt - ok
16:48:46.0317 1152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:48:46.0333 1152 HidBth - ok
16:48:46.0348 1152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:48:46.0348 1152 HidIr - ok
16:48:46.0379 1152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:48:46.0379 1152 hidserv - ok
16:48:46.0411 1152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:48:46.0411 1152 HidUsb - ok
16:48:46.0442 1152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:48:46.0442 1152 hkmsvc - ok
16:48:46.0504 1152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:48:46.0504 1152 HomeGroupListener - ok
16:48:46.0535 1152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:48:46.0551 1152 HomeGroupProvider - ok
16:48:46.0582 1152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:46.0582 1152 HpSAMD - ok
16:48:46.0676 1152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:46.0691 1152 HTTP - ok
16:48:46.0723 1152 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:48:46.0723 1152 huawei_enumerator - ok
16:48:46.0769 1152 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:48:46.0769 1152 hwdatacard - ok
16:48:46.0785 1152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:46.0785 1152 hwpolicy - ok
16:48:46.0847 1152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:48:46.0847 1152 i8042prt - ok
16:48:46.0910 1152 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:48:46.0910 1152 iaStor - ok
16:48:46.0941 1152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:48:46.0941 1152 iaStorV - ok
16:48:47.0081 1152 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:48:47.0081 1152 IDriverT - ok
16:48:47.0237 1152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:47.0253 1152 idsvc - ok
16:48:47.0362 1152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:48:47.0362 1152 iirsp - ok
16:48:47.0456 1152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:48:47.0456 1152 IKEEXT - ok
16:48:47.0596 1152 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
16:48:47.0612 1152 IntcAzAudAddService - ok
16:48:47.0737 1152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:47.0737 1152 intelide - ok
16:48:47.0783 1152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:47.0783 1152 intelppm - ok
16:48:47.0799 1152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:48:47.0799 1152 IPBusEnum - ok
16:48:47.0846 1152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:47.0846 1152 IpFilterDriver - ok
16:48:47.0924 1152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:48:47.0939 1152 iphlpsvc - ok
16:48:47.0971 1152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:47.0971 1152 IPMIDRV - ok
16:48:48.0002 1152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:48.0002 1152 IPNAT - ok
16:48:48.0127 1152 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:48:48.0127 1152 iPod Service - ok
16:48:48.0173 1152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:48.0173 1152 IRENUM - ok
16:48:48.0189 1152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:48.0189 1152 isapnp - ok
16:48:48.0251 1152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:48.0251 1152 iScsiPrt - ok
16:48:48.0267 1152 kbdcap - ok
16:48:48.0329 1152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:48:48.0329 1152 kbdclass - ok
16:48:48.0376 1152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:48:48.0376 1152 kbdhid - ok
16:48:48.0407 1152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:48.0407 1152 KeyIso - ok
16:48:48.0454 1152 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:48:48.0454 1152 KSecDD - ok
16:48:48.0470 1152 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:48.0470 1152 KSecPkg - ok
16:48:48.0501 1152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:48.0501 1152 ksthunk - ok
16:48:48.0563 1152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:48:48.0563 1152 KtmRm - ok
16:48:48.0626 1152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:48:48.0626 1152 LanmanServer - ok
16:48:48.0673 1152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:48:48.0673 1152 LanmanWorkstation - ok
16:48:48.0704 1152 libusb0 - ok
16:48:48.0735 1152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:48.0735 1152 lltdio - ok
16:48:48.0766 1152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:48:48.0766 1152 lltdsvc - ok
16:48:48.0782 1152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:48:48.0782 1152 lmhosts - ok
16:48:48.0813 1152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:48.0813 1152 LSI_FC - ok
16:48:48.0844 1152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:48.0844 1152 LSI_SAS - ok
16:48:48.0860 1152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:48.0875 1152 LSI_SAS2 - ok
16:48:48.0891 1152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:48.0891 1152 LSI_SCSI - ok
16:48:48.0907 1152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:48.0907 1152 luafv - ok
16:48:48.0938 1152 LVPr2M64 - ok
16:48:49.0000 1152 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
16:48:49.0000 1152 LVRS64 - ok
16:48:49.0265 1152 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:48:49.0297 1152 LVUVC64 - ok
16:48:49.0468 1152 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
16:48:49.0468 1152 ManyCam - ok
16:48:49.0515 1152 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:48:49.0515 1152 Mcx2Svc - ok
16:48:49.0546 1152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:48:49.0546 1152 megasas - ok
16:48:49.0577 1152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:49.0577 1152 MegaSR - ok
16:48:49.0609 1152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:49.0609 1152 MMCSS - ok
16:48:49.0609 1152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:49.0609 1152 Modem - ok
16:48:49.0640 1152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:49.0640 1152 monitor - ok
16:48:49.0687 1152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:48:49.0702 1152 mouclass - ok
16:48:49.0718 1152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:49.0718 1152 mouhid - ok
16:48:49.0749 1152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:49.0749 1152 mountmgr - ok
16:48:49.0811 1152 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:48:49.0811 1152 MpFilter - ok
16:48:49.0858 1152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:49.0874 1152 mpio - ok
16:48:49.0889 1152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:49.0889 1152 mpsdrv - ok
16:48:49.0967 1152 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:48:49.0983 1152 MpsSvc - ok
16:48:50.0030 1152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:50.0030 1152 MRxDAV - ok
16:48:50.0061 1152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:50.0061 1152 mrxsmb - ok
16:48:50.0123 1152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:50.0123 1152 mrxsmb10 - ok
16:48:50.0139 1152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:50.0139 1152 mrxsmb20 - ok
16:48:50.0186 1152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:50.0186 1152 msahci - ok
16:48:50.0233 1152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:50.0233 1152 msdsm - ok
16:48:50.0279 1152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:48:50.0279 1152 MSDTC - ok
16:48:50.0326 1152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:50.0326 1152 Msfs - ok
16:48:50.0342 1152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:50.0342 1152 mshidkmdf - ok
16:48:50.0357 1152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:50.0357 1152 msisadrv - ok
16:48:50.0389 1152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:48:50.0404 1152 MSiSCSI - ok
16:48:50.0404 1152 msiserver - ok
16:48:50.0420 1152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:50.0420 1152 MSKSSRV - ok
16:48:50.0498 1152 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:48:50.0498 1152 MsMpSvc - ok
16:48:50.0529 1152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:50.0529 1152 MSPCLOCK - ok
16:48:50.0545 1152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:50.0545 1152 MSPQM - ok
16:48:50.0607 1152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:50.0607 1152 MsRPC - ok
16:48:50.0623 1152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:48:50.0623 1152 mssmbios - ok
16:48:50.0638 1152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:50.0638 1152 MSTEE - ok
16:48:50.0654 1152 msvsmon90 - ok
16:48:50.0669 1152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:50.0669 1152 MTConfig - ok
16:48:50.0685 1152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:50.0685 1152 Mup - ok
16:48:50.0747 1152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:48:50.0763 1152 napagent - ok
16:48:50.0810 1152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:50.0825 1152 NativeWifiP - ok
16:48:50.0888 1152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:48:50.0888 1152 NDIS - ok
16:48:50.0903 1152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:50.0903 1152 NdisCap - ok
16:48:50.0935 1152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:50.0935 1152 NdisTapi - ok
16:48:50.0981 1152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:50.0981 1152 Ndisuio - ok
16:48:51.0044 1152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:51.0044 1152 NdisWan - ok
16:48:51.0091 1152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:51.0091 1152 NDProxy - ok
16:48:51.0106 1152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:51.0106 1152 NetBIOS - ok
16:48:51.0169 1152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:51.0169 1152 NetBT - ok
16:48:51.0184 1152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:51.0184 1152 Netlogon - ok
16:48:51.0231 1152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:48:51.0247 1152 Netman - ok
16:48:51.0356 1152 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0356 1152 NetMsmqActivator - ok
16:48:51.0356 1152 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0356 1152 NetPipeActivator - ok
16:48:51.0403 1152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:48:51.0403 1152 netprofm - ok
16:48:51.0418 1152 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0418 1152 NetTcpActivator - ok
16:48:51.0418 1152 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:51.0418 1152 NetTcpPortSharing - ok
16:48:51.0481 1152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:51.0481 1152 nfrd960 - ok
16:48:51.0527 1152 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:48:51.0527 1152 NisDrv - ok
16:48:51.0605 1152 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:48:51.0605 1152 NisSrv - ok
16:48:51.0668 1152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:48:51.0668 1152 NlaSvc - ok
16:48:51.0683 1152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:51.0683 1152 Npfs - ok
16:48:51.0699 1152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:48:51.0699 1152 nsi - ok
16:48:51.0715 1152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:51.0715 1152 nsiproxy - ok
16:48:51.0839 1152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:48:51.0855 1152 Ntfs - ok
16:48:51.0964 1152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:51.0964 1152 Null - ok
16:48:52.0651 1152 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:52.0729 1152 nvlddmkm - ok
16:48:52.0885 1152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:48:52.0885 1152 nvraid - ok
16:48:52.0916 1152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:48:52.0916 1152 nvstor - ok
16:48:53.0009 1152 nvsvc (687d36f22e3a1b9513135bbeb47d7556) C:\Windows\system32\nvvsvc.exe
16:48:53.0025 1152 nvsvc - ok
16:48:53.0228 1152 nvUpdatusService (55370b722a62d0b1dca79a58a05a5712) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:48:53.0259 1152 nvUpdatusService - ok
16:48:53.0399 1152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:53.0399 1152 nv_agp - ok
16:48:53.0493 1152 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:48:53.0509 1152 odserv - ok
16:48:53.0540 1152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:53.0540 1152 ohci1394 - ok
16:48:53.0602 1152 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:53.0602 1152 ose - ok
16:48:53.0930 1152 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:48:53.0977 1152 osppsvc - ok
16:48:54.0086 1152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:54.0101 1152 p2pimsvc - ok
16:48:54.0133 1152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:48:54.0133 1152 p2psvc - ok
16:48:54.0179 1152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:48:54.0179 1152 Parport - ok
16:48:54.0211 1152 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:48:54.0211 1152 partmgr - ok
16:48:54.0226 1152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:48:54.0226 1152 PcaSvc - ok
16:48:54.0304 1152 PcdrNdisuio - ok
16:48:54.0351 1152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:54.0351 1152 pci - ok
16:48:54.0367 1152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:54.0367 1152 pciide - ok
16:48:54.0398 1152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:54.0398 1152 pcmcia - ok
16:48:54.0429 1152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:54.0429 1152 pcw - ok
16:48:54.0476 1152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:54.0476 1152 PEAUTH - ok
16:48:54.0538 1152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:48:54.0538 1152 PerfHost - ok
16:48:54.0725 1152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:48:54.0741 1152 pla - ok
16:48:54.0850 1152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:48:54.0850 1152 PlugPlay - ok
16:48:54.0866 1152 PnkBstrA - ok
16:48:54.0897 1152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:48:54.0897 1152 PNRPAutoReg - ok
16:48:54.0928 1152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:54.0928 1152 PNRPsvc - ok
16:48:54.0991 1152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:48:55.0006 1152 PolicyAgent - ok
16:48:55.0037 1152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:48:55.0037 1152 Power - ok
16:48:55.0115 1152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:55.0115 1152 PptpMiniport - ok
16:48:55.0147 1152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:48:55.0147 1152 Processor - ok
16:48:55.0178 1152 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:48:55.0178 1152 ProfSvc - ok
16:48:55.0193 1152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:55.0193 1152 ProtectedStorage - ok
16:48:55.0256 1152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:55.0256 1152 Psched - ok
16:48:55.0349 1152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:48:55.0365 1152 ql2300 - ok
16:48:55.0505 1152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:55.0521 1152 ql40xx - ok
16:48:55.0552 1152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:48:55.0552 1152 QWAVE - ok
16:48:55.0568 1152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:55.0568 1152 QWAVEdrv - ok
16:48:55.0599 1152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:55.0599 1152 RasAcd - ok
16:48:55.0630 1152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:55.0630 1152 RasAgileVpn - ok
16:48:55.0646 1152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:48:55.0661 1152 RasAuto - ok
16:48:55.0708 1152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:55.0708 1152 Rasl2tp - ok
16:48:55.0739 1152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:48:55.0755 1152 RasMan - ok
16:48:55.0771 1152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:55.0771 1152 RasPppoe - ok
16:48:55.0786 1152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:55.0786 1152 RasSstp - ok
16:48:55.0849 1152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:55.0849 1152 rdbss - ok
16:48:55.0864 1152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:55.0864 1152 rdpbus - ok
16:48:55.0880 1152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:55.0880 1152 RDPCDD - ok
16:48:55.0895 1152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:55.0895 1152 RDPENCDD - ok
16:48:55.0911 1152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:55.0911 1152 RDPREFMP - ok
16:48:55.0958 1152 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:48:55.0958 1152 RDPWD - ok
16:48:56.0036 1152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:56.0036 1152 rdyboost - ok
16:48:56.0083 1152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:48:56.0083 1152 RemoteAccess - ok
16:48:56.0114 1152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:48:56.0114 1152 RemoteRegistry - ok
16:48:56.0129 1152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:48:56.0129 1152 RpcEptMapper - ok
16:48:56.0161 1152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:48:56.0161 1152 RpcLocator - ok
16:48:56.0223 1152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:56.0223 1152 RpcSs - ok
16:48:56.0254 1152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:56.0254 1152 rspndr - ok
16:48:56.0301 1152 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:48:56.0301 1152 RTL8167 - ok
16:48:56.0332 1152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:56.0332 1152 SamSs - ok
16:48:56.0363 1152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:56.0379 1152 sbp2port - ok
16:48:56.0410 1152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:48:56.0410 1152 SCardSvr - ok
16:48:56.0441 1152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:56.0441 1152 scfilter - ok
16:48:56.0551 1152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:48:56.0551 1152 Schedule - ok
16:48:56.0597 1152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:56.0597 1152 SCPolicySvc - ok
16:48:56.0644 1152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:48:56.0644 1152 SDRSVC - ok
16:48:56.0707 1152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:56.0707 1152 secdrv - ok
16:48:56.0738 1152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:48:56.0738 1152 seclogon - ok
16:48:56.0769 1152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:48:56.0769 1152 SENS - ok
16:48:56.0785 1152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:48:56.0785 1152 SensrSvc - ok
16:48:56.0800 1152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:48:56.0800 1152 Serenum - ok
16:48:56.0831 1152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:48:56.0831 1152 Serial - ok
16:48:56.0863 1152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:48:56.0863 1152 sermouse - ok
16:48:56.0925 1152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:48:56.0925 1152 SessionEnv - ok
16:48:56.0941 1152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:56.0941 1152 sffdisk - ok
16:48:56.0956 1152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:56.0956 1152 sffp_mmc - ok
16:48:56.0956 1152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:56.0972 1152 sffp_sd - ok
16:48:56.0987 1152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:56.0987 1152 sfloppy - ok
16:48:57.0034 1152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:48:57.0034 1152 SharedAccess - ok
16:48:57.0065 1152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:48:57.0081 1152 ShellHWDetection - ok
16:48:57.0112 1152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:57.0112 1152 SiSRaid2 - ok
16:48:57.0128 1152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:57.0128 1152 SiSRaid4 - ok
16:48:57.0393 1152 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:48:57.0424 1152 Skype C2C Service - ok
16:48:57.0471 1152 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:48:57.0471 1152 SkypeUpdate - ok
16:48:57.0580 1152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:57.0580 1152 Smb - ok
16:48:57.0611 1152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:48:57.0611 1152 SNMPTRAP - ok
16:48:57.0643 1152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:57.0643 1152 spldr - ok
16:48:57.0705 1152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:48:57.0721 1152 Spooler - ok
16:48:57.0939 1152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:48:57.0970 1152 sppsvc - ok
16:48:58.0064 1152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:48:58.0064 1152 sppuinotify - ok
16:48:58.0157 1152 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
16:48:58.0157 1152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
16:48:58.0157 1152 sptd ( LockedFile.Multi.Generic ) - warning
16:48:58.0157 1152 sptd - detected LockedFile.Multi.Generic (1)
16:48:58.0204 1152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:58.0204 1152 srv - ok
16:48:58.0251 1152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:58.0251 1152 srv2 - ok
16:48:58.0267 1152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:58.0267 1152 srvnet - ok
16:48:58.0313 1152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:48:58.0313 1152 SSDPSRV - ok
16:48:58.0329 1152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:48:58.0345 1152 SstpSvc - ok
16:48:58.0438 1152 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:48:58.0454 1152 StarWindServiceAE - ok
16:48:58.0469 1152 Steam Client Service - ok
16:48:58.0516 1152 Stereo Service - ok
16:48:58.0547 1152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:48:58.0563 1152 stexstor - ok
16:48:58.0625 1152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:48:58.0641 1152 stisvc - ok
16:48:58.0688 1152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:48:58.0688 1152 swenum - ok
16:48:58.0735 1152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:48:58.0735 1152 swprv - ok
16:48:58.0859 1152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:48:58.0875 1152 SysMain - ok
16:48:59.0000 1152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:48:59.0000 1152 TabletInputService - ok
16:48:59.0047 1152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:48:59.0062 1152 TapiSrv - ok
16:48:59.0093 1152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:48:59.0093 1152 TBS - ok
16:48:59.0234 1152 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:48:59.0249 1152 Tcpip - ok
16:48:59.0421 1152 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:59.0437 1152 TCPIP6 - ok
16:48:59.0515 1152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:59.0515 1152 tcpipreg - ok
16:48:59.0546 1152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:59.0546 1152 TDPIPE - ok
16:48:59.0577 1152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:48:59.0577 1152 TDTCP - ok
16:48:59.0624 1152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:59.0624 1152 tdx - ok
16:48:59.0686 1152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:48:59.0686 1152 TermDD - ok
16:48:59.0749 1152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:48:59.0764 1152 TermService - ok
16:48:59.0780 1152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:48:59.0780 1152 Themes - ok
16:48:59.0811 1152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:59.0811 1152 THREADORDER - ok
16:48:59.0827 1152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:48:59.0827 1152 TrkWks - ok
16:48:59.0905 1152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:48:59.0905 1152 TrustedInstaller - ok
16:48:59.0967 1152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0967 1152 tssecsrv - ok
16:49:00.0029 1152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:49:00.0029 1152 TsUsbFlt - ok
16:49:00.0092 1152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0107 1152 tunnel - ok
16:49:00.0123 1152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:49:00.0139 1152 uagp35 - ok
16:49:00.0201 1152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:49:00.0201 1152 udfs - ok
16:49:00.0232 1152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:49:00.0232 1152 UI0Detect - ok
16:49:00.0263 1152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:49:00.0263 1152 uliagpkx - ok
16:49:00.0326 1152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:49:00.0326 1152 umbus - ok
16:49:00.0341 1152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:49:00.0341 1152 UmPass - ok
16:49:00.0482 1152 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:49:00.0482 1152 UMVPFSrv - ok
16:49:00.0529 1152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:49:00.0544 1152 upnphost - ok
16:49:00.0591 1152 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:49:00.0591 1152 USBAAPL64 - ok
16:49:00.0638 1152 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:49:00.0638 1152 usbaudio - ok
16:49:00.0669 1152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:00.0669 1152 usbccgp - ok
16:49:00.0716 1152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:49:00.0716 1152 usbcir - ok
16:49:00.0747 1152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:00.0747 1152 usbehci - ok
16:49:00.0778 1152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:00.0794 1152 usbhub - ok
16:49:00.0809 1152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:49:00.0809 1152 usbohci - ok
16:49:00.0825 1152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:00.0825 1152 usbprint - ok
16:49:00.0856 1152 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:00.0856 1152 usbscan - ok
16:49:00.0872 1152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:00.0872 1152 USBSTOR - ok
16:49:00.0887 1152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:00.0887 1152 usbuhci - ok
16:49:00.0934 1152 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:49:00.0934 1152 usbvideo - ok
16:49:00.0950 1152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:49:00.0950 1152 UxSms - ok
16:49:00.0965 1152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:49:00.0965 1152 VaultSvc - ok
16:49:00.0997 1152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:49:00.0997 1152 vdrvroot - ok
16:49:01.0075 1152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:49:01.0075 1152 vds - ok
16:49:01.0106 1152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:01.0106 1152 vga - ok
16:49:01.0121 1152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:49:01.0121 1152 VgaSave - ok
16:49:01.0153 1152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:49:01.0168 1152 vhdmp - ok
16:49:01.0168 1152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:49:01.0168 1152 viaide - ok
16:49:01.0231 1152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:49:01.0231 1152 volmgr - ok
16:49:01.0277 1152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:49:01.0293 1152 volmgrx - ok
16:49:01.0309 1152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:49:01.0324 1152 volsnap - ok
16:49:01.0355 1152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:01.0355 1152 vsmraid - ok
16:49:01.0480 1152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:49:01.0496 1152 VSS - ok
16:49:01.0589 1152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:49:01.0605 1152 vwifibus - ok
16:49:01.0652 1152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:49:01.0652 1152 W32Time - ok
16:49:01.0667 1152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:49:01.0667 1152 WacomPen - ok
16:49:01.0730 1152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:01.0730 1152 WANARP - ok
16:49:01.0730 1152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:01.0730 1152 Wanarpv6 - ok
16:49:01.0855 1152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:49:01.0855 1152 WatAdminSvc - ok
16:49:01.0979 1152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:49:01.0995 1152 wbengine - ok
16:49:02.0089 1152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:49:02.0104 1152 WbioSrvc - ok
16:49:02.0151 1152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:49:02.0167 1152 wcncsvc - ok
16:49:02.0182 1152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:49:02.0182 1152 WcsPlugInService - ok
16:49:02.0213 1152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:49:02.0229 1152 Wd - ok
16:49:02.0276 1152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:49:02.0276 1152 Wdf01000 - ok
16:49:02.0291 1152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:49:02.0291 1152 WdiServiceHost - ok
16:49:02.0291 1152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:49:02.0307 1152 WdiSystemHost - ok
16:49:02.0354 1152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:49:02.0369 1152 WebClient - ok
16:49:02.0385 1152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:49:02.0385 1152 Wecsvc - ok
16:49:02.0401 1152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:49:02.0401 1152 wercplsupport - ok
16:49:02.0432 1152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:49:02.0432 1152 WerSvc - ok
16:49:02.0479 1152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:49:02.0479 1152 WfpLwf - ok
16:49:02.0494 1152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:49:02.0494 1152 WIMMount - ok
16:49:02.0541 1152 WinDefend - ok
16:49:02.0557 1152 WinHttpAutoProxySvc - ok
16:49:02.0619 1152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:49:02.0635 1152 Winmgmt - ok
16:49:02.0775 1152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:49:02.0791 1152 WinRM - ok
16:49:02.0947 1152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:49:02.0947 1152 WinUsb - ok
16:49:03.0025 1152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:49:03.0025 1152 Wlansvc - ok
16:49:03.0227 1152 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:49:03.0243 1152 wlidsvc - ok
16:49:03.0383 1152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:49:03.0383 1152 WmiAcpi - ok
16:49:03.0461 1152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:49:03.0461 1152 wmiApSrv - ok
16:49:03.0524 1152 WMPNetworkSvc - ok
16:49:03.0555 1152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:49:03.0555 1152 WPCSvc - ok
16:49:03.0602 1152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:49:03.0602 1152 WPDBusEnum - ok
16:49:03.0617 1152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:03.0633 1152 ws2ifsl - ok
16:49:03.0649 1152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:49:03.0649 1152 wscsvc - ok
16:49:03.0664 1152 WSearch - ok
16:49:03.0820 1152 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:49:03.0851 1152 wuauserv - ok
16:49:03.0976 1152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:49:03.0976 1152 WudfPf - ok
16:49:04.0007 1152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:04.0007 1152 WUDFRd - ok
16:49:04.0054 1152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:49:04.0054 1152 wudfsvc - ok
16:49:04.0085 1152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:49:04.0085 1152 WwanSvc - ok
16:49:04.0132 1152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:49:04.0335 1152 \Device\Harddisk0\DR0 - ok
16:49:04.0351 1152 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
16:49:04.0351 1152 \Device\Harddisk5\DR5 - ok
16:49:04.0351 1152 Boot (0x1200) (39e696d23b7043d8d7864ae484c88d6c) \Device\Harddisk0\DR0\Partition0
16:49:04.0351 1152 \Device\Harddisk0\DR0\Partition0 - ok
16:49:04.0382 1152 Boot (0x1200) (a9e912919680b2694ec88933295647b9) \Device\Harddisk0\DR0\Partition1
16:49:04.0382 1152 \Device\Harddisk0\DR0\Partition1 - ok
16:49:04.0397 1152 Boot (0x1200) (35eca4235f0bf876f4fdd1d0ddb9917b) \Device\Harddisk5\DR5\Partition0
16:49:04.0397 1152 \Device\Harddisk5\DR5\Partition0 - ok
16:49:04.0397 1152 ============================================================
16:49:04.0397 1152 Scan finished
16:49:04.0397 1152 ============================================================
16:49:04.0397 2088 Detected object count: 1
16:49:04.0397 2088 Actual detected object count: 1
16:49:16.0160 2088 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:49:16.0160 2088 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 16:50:19
-----------------------------
16:50:19.824 OS Version: Windows x64 6.1.7601 Service Pack 1
16:50:19.824 Number of processors: 2 586 0x170A
16:50:19.824 ComputerName: JEFFTRAN UserName: Jeff
16:50:21.009 Initialize success
16:51:06.721 AVAST engine defs: 12071301
16:51:14.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:51:14.646 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
16:51:14.661 Disk 0 MBR read successfully
16:51:14.661 Disk 0 MBR scan
16:51:14.677 Disk 0 Windows 7 default MBR code
16:51:14.677 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596475 MB offset 63
16:51:14.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1221582600
16:51:14.786 Disk 0 scanning C:\Windows\system32\drivers
16:51:31.291 Service scanning
16:51:57.998 Modules scanning
16:51:57.998 Disk 0 trace - called modules:
16:51:58.014 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
16:51:58.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061d4060]
16:51:58.014 3 CLASSPNP.SYS[fffff88001da043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c28050]
16:51:59.184 AVAST engine scan C:\Windows
16:52:06.048 AVAST engine scan C:\Windows\system32
16:56:55.421 AVAST engine scan C:\Windows\system32\drivers
16:57:16.635 AVAST engine scan C:\Users\Jeff
17:45:03.219 AVAST engine scan C:\ProgramData
17:56:54.471 Scan finished successfully
18:00:45.615 Disk 0 MBR has been saved successfully to "L:\sirefef help\MBR.dat"
18:00:45.683 The log file has been saved successfully to "L:\sirefef help\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 07:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 July 2012 - 08:29 PM

ComboFix 12-07-13.03 - Jeff 07/13/2012 19:46:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4129 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\users\Jeff\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 01:00 . 2012-07-14 01:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E7227F6-A7D1-42BC-9D4D-DE685BEC0E91}\offreg.dll
2012-07-14 00:58 . 2012-07-14 00:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-14 00:58 . 2012-07-14 00:58 -------- d-----w- c:\users\UpdatusUser.JEFFTRAN\AppData\Local\temp
2012-07-14 00:58 . 2012-07-14 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 10:39 . 2012-07-13 10:39 -------- d-----w- c:\users\Jeff\jagexcache1
2012-07-13 07:45 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E7227F6-A7D1-42BC-9D4D-DE685BEC0E91}\mpengine.dll
2012-07-12 11:59 . 2012-07-12 11:59 328704 ----a-w- c:\windows\system32\services.exe.AC1437D542705D95
2012-07-12 11:56 . 2012-07-12 11:56 328704 ----a-w- c:\windows\system32\services.exe.79E5FC19E71873E4
2012-07-12 11:53 . 2012-07-12 11:53 328704 ----a-w- c:\windows\system32\services.exe.7AFF5284B05B4A60
2012-07-12 10:46 . 2012-07-12 10:45 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01E3616C-EA51-4C72-84E1-76387747697F}\gapaengine.dll
2012-07-12 10:46 . 2012-05-31 02:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 10:43 . 2012-07-12 10:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-12 10:43 . 2012-07-12 10:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 10:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 10:25 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 10:25 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 10:25 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 10:25 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 10:25 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 10:25 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 10:25 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 10:25 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 10:25 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-12 10:25 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-12 10:25 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-12 10:25 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-12 10:23 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 10:23 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 10:23 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 10:23 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 10:23 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:23 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-12 10:23 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 10:23 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-12 10:23 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:23 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:23 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:23 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-12 10:23 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 09:46 . 2012-07-12 09:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 03:59 . 2012-07-12 03:59 -------- d--h--r- c:\users\Jeff\AppData\Roaming\SecuROM
2012-07-12 03:57 . 2012-07-12 03:57 5874 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-07-12 03:02 . 2012-07-13 09:05 -------- d-----w- c:\program files (x86)\Sky
2012-07-12 02:25 . 2012-07-12 09:58 -------- d-----w- c:\users\Jeff\AppData\Local\TSVNCache
2012-07-12 02:11 . 2012-07-12 02:11 -------- d-----w- c:\users\Jeff\AppData\Roaming\TortoiseSVN
2012-07-12 02:05 . 2012-07-12 02:05 -------- d-----w- c:\users\Jeff\AppData\Roaming\Subversion
2012-07-11 08:48 . 2012-07-11 08:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-11 08:48 . 2012-07-11 08:48 -------- d-----w- c:\program files (x86)\Oracle
2012-07-11 08:47 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-08 10:38 . 2012-07-08 10:38 -------- d-----w- c:\users\Jeff\AppData\Roaming\Ubisoft
2012-07-08 03:13 . 2012-07-08 03:13 -------- d-----w- c:\users\Jeff\AppData\Local\BigHugeEngine
2012-06-30 04:32 . 2012-06-30 04:32 -------- d-----w- c:\users\Jeff\AppData\Roaming\Waveform
2012-06-30 04:32 . 2012-06-30 04:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-30 04:32 . 2012-06-30 04:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-06-30 04:32 . 2012-06-30 04:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-30 04:32 . 2012-06-30 04:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-30 04:32 . 2012-06-30 04:32 -------- d-----w- c:\program files (x86)\OpenAL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-11 18:21 . 2012-04-17 16:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 18:21 . 2011-09-06 20:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-30 04:24 . 2010-06-15 19:30 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-30 04:24 . 2010-06-15 19:30 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-16 18:49 . 2012-04-13 19:15 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-05 00:29 . 2010-04-16 16:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-04-03 22:55 . 2010-06-04 06:47 509 ----a-w- c:\program files (x86)\layout.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_07.28.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-10 21:18 . 2012-07-14 01:02 71620 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-14 01:02 47070 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-09 19:21 . 2012-07-14 01:02 27232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3879286769-3404492953-3856487551-1000_UserData.bin
- 2010-04-19 03:53 . 2012-07-11 08:50 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-04-19 03:53 . 2012-07-13 10:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2010-04-19 03:52 . 2012-07-11 08:50 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-04-19 03:52 . 2012-07-13 10:29 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2010-06-06 23:17 . 2012-07-11 08:50 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-06-06 23:17 . 2012-07-13 10:29 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-06-06 23:17 . 2012-07-11 08:50 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-06-06 23:17 . 2012-07-13 10:39 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-07-09 18:12 . 2012-07-11 08:50 19788 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
+ 2010-07-09 18:12 . 2012-07-13 10:39 19788 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
- 2010-07-09 18:12 . 2012-07-11 08:50 66048 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
+ 2010-07-09 18:12 . 2012-07-13 10:39 66048 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
+ 2011-11-01 16:40 . 2012-07-13 10:29 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
- 2011-11-01 16:40 . 2011-12-27 02:17 66048 c:\windows\.jagex_cache_32\browsercontrol.dll
+ 2012-07-14 00:59 . 2012-07-14 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 07:25 . 2012-07-13 07:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 00:59 . 2012-07-14 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-13 07:25 . 2012-07-13 07:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-14 00:58 441672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 07:23 441672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-06 23:17 . 2012-07-13 10:29 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
- 2010-06-06 23:17 . 2012-07-11 08:50 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2012-07-13 10:36 . 2012-07-13 10:36 101137 c:\windows\.jagex_cache_32\loginapplet\cache-1986278970.dat
+ 2010-05-03 05:47 . 2012-07-14 00:58 6241192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3879286769-3404492953-3856487551-1000-12288.dat
- 2010-05-03 05:47 . 2012-07-13 07:23 6241192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3879286769-3404492953-3856487551-1000-12288.dat
+ 2010-04-14 20:04 . 2012-07-13 10:29 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-04-14 20:04 . 2012-07-11 08:50 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Cricket Broadband EC1705"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-06-20 196608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-11 3077528]
"Facebook Update"="c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-06-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-06-20 252928]
R3 kbdcap;kbdcap; [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2005-02-24 503352]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2009-12-22 225280]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-06-20 83456]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 18:21]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000Core.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:08]
.
2012-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000UA.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:08]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 08:04]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879286769-3404492953-3856487551-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 08:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{7B6BB47B-3A90-4018-88F3-84831A213B4E}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{7E75E090-87B6-42C1-8413-7ECBF098E85A}: NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{D59D1705-0DCF-4563-8934-64B0A9613223}: NameServer = 10.133.20.11 10.132.20.11
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3879286769-3404492953-3856487551-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,05,ee,1f,5f,a0,3e,0e,a5,68,6c,62,9d,64,8b,f0,ec,a1,7d,9e,24,
fc,01,dd,1c,c5,05,cb,fa,e3,f1,e6,bc,c1,bd,c4,18,9e,11,23,5d,0f,d4,9c,42,57,\
"rkeysecu"=hex:dd,12,e4,0b,ed,b3,ce,2b,3b,04,6b,e0,b4,0c,39,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programdata\Cricket Broadband EC1705\userdata\ouc.exe
.
**************************************************************************
.
Completion time: 2012-07-13 20:16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 01:16
ComboFix2.txt 2012-07-13 07:41
.
Pre-Run: 118,914,273,280 bytes free
Post-Run: 118,767,583,232 bytes free
.
- - End Of File - - 82683109E5F25546EB336E58CD0AB8B0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 08:34 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 July 2012 - 09:22 PM

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Alan Wake
Amnesia: The Dark Descent version 1.0
ANNO 2070
Apple Application Support
Apple Software Update
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
AutoHotkey 1.0.48.05
Batman Arkham City 1.0
Battlefield 3™ Open Beta
Battlelog Web Plugins
BioShock
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CameraHelperMsi
Command & Conquer Renegade
Command & Conquer Tiberian Sun
Compatibility Pack for the 2007 Office system
Cricket Broadband EC1705
Crystal Reports Basic for Visual Studio 2008
D3DX10
DC Universe Online
Dead Space™ 2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex - Human Revolution version 1.0
Diablo III
DiskAid 5.08
DivX Setup
Dota 2
Dota 2 Test
erLT
ESN Sonar
Facebook Video Calling 1.2.0.159
Fraps (remove only)
Free YouTube to MP3 Converter version 3.10.17.221
GIMP 2.6.11
Google Chrome
Heroes of Newerth
Homeworld2
HyperCam 2
HyperCam Toolbar
iLiberty+ 1.2.1 Build 78
Iron Grip: Marauders
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.1
K-Lite Codec Pack 5.8.3 (Full)
League of Legends
Livestream Procaster
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
ManyCam 2.6.65 (remove only)
Mass Effect™ 3
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Document Explorer 2008
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio Web Authoring Component
MSVCRT
Mumble 1.2.3
NCsoft Launcher
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
OpenAL
OpenProj
Origin
Pando Media Booster
PHStat2 version 2.8
Portal: First Slice
PunkBuster Services
Python 2.4.4
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
RuneScape Launcher 1.2
Secure Download Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype Click to Call
Skype™ 5.9
Splice Demo
SplitMediaLabs VH Screen Capture Driver (x86)
StarCraft II
Steam
TextPad 4.7
The Darkness II
The Elder Scrolls V: Skyrim
Tibia
Tibia Testserver
Tibiacast
Two Worlds
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Waveform Demo
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
Xfire (remove only)
XSplit
Yahoo! Detect

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 09:36 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 13 July 2012 - 10:10 PM

Everything is working fine. I havent seen any problems yet.


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeff :: JEFFTRAN [administrator]

Protection: Enabled

7/13/2012 10:02:46 PM
mbam-log-2012-07-13 (22-02-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258022
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:53 PM, on 7/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Cricket Broadband EC1705] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B6BB47B-3A90-4018-88F3-84831A213B4E}: NameServer = 10.133.20.11 10.132.20.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75E090-87B6-42C1-8413-7ECBF098E85A}: NameServer = 10.133.20.11 10.132.20.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D59D1705-0DCF-4563-8934-64B0A9613223}: NameServer = 10.133.20.11 10.132.20.11
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10842 bytes

Edited by Skyies, 13 July 2012 - 10:10 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 13 July 2012 - 10:25 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Skyies

Skyies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 14 July 2012 - 12:45 AM

C:\Program Files (x86)\HyperCam Toolbar\UninstallToolbar.exe Win32/Somoto application
C:\Program Files (x86)\Sky\Syndicate\System\Win32_x86_Release\Syndicate.exe a variant of Win32/Packed.VMProtect.AAM trojan
C:\Program Files (x86)\Sky\Ubisoft\Related Designs\ANNO 2070\solidcore32.dll a variant of Win32/Kryptik.FM trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Users\Jeff\Downloads\cnet2_RTL8187B_5_6_1135_0625_2008_Silent_Install_zip.exe a variant of Win32/InstallCore.D application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:32 AM

Posted 14 July 2012 - 11:11 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\HyperCam Toolbar\UninstallToolbar.exe"
    del /f /s /q "C:\Program Files (x86)\Sky\Syndicate\System\Win32_x86_Release\Syndicate.exe"
    del /f /s /q "C:\Program Files (x86)\Sky\Ubisoft\Related Designs\ANNO 2070\solidcore32.dll"
    del /f /s /q "C:\Users\Jeff\Downloads\cnet2_RTL8187B_5_6_1135_0625_2008_Silent_Install_zip.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users