Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Patched_c.lxt infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 k3tone

k3tone

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 15 July 2012 - 08:10 AM

Hi and thank you allready!

I've read many topics of removing this trojan but every case seems to go slightly different ways.

So I have to ask first time in my life help with removing some infection..

Here's the DDS log:

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26.3.2010 10:10:30
System Uptime: 15.7.2012 15:58:05 (1 hours ago)
.
Motherboard: Acer | | Aspire 8930
Processor: Intel® Core™2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 14,147 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 16,215 GiB free.
E: is FIXED (NTFS) - 176 GiB total, 58,785 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
Class GUID: {53d29ef7-377c-4d14-864b-eb3a85769359}
Description: Validity Sensors VFS201
Device ID: USB\VID_138A&PID_0001\5&2C540981&0&1
Manufacturer: Validity Sensors, Inc.
Name: Validity Sensors VFS201
PNP Device ID: USB\VID_138A&PID_0001\5&2C540981&0&1
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter 1.60b
Acrobat.com
Adobe Acrobat 9 Pro - English, Franēais, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
µTorrent
AVerMedia A310 (MiniCard, DVB-T) 1.1.64.29
AVG PC Tuneup
Connect
CyberLink PowerDVD 11
D3DX10
DAEMON Tools Toolbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EASEUS Partition Master 6.5.2 Home Edition
erLT
EVEREST Ultimate Edition v5.50
Garmin USB Drivers
High-Definition Video Playback
ImagXpress
ImgBurn
ITECIR
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
JMicron JMB38X Flash Media Controller
Junk Mail filter update
kuler
Logitech SetPoint
Malwarebytes Anti-Malware versio 1.62.0.1300
Mathcad 14.0 M020
Mathcad 14.0 M020 Help
Mathcad 14.0 M020 Resource Center
Maxtor Manager
Mesh Runtime
Messenger-kumppani
Microsoft Mathematics Add-in (32-bit)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Finnish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Finnish) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Finnish) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Finnish) 2010
Microsoft Office Language Pack 2010 - Finnish/suomi
Microsoft Office O MUI (Finnish) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Finnish) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Finnish) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Finnish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Finnish) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Finnish) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Finnish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Finnish) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Finnish) 2010
Microsoft Office X MUI (Finnish) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 11
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero Audio Pack 1
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11 Help (CHM)
Nero WaveEditor 11 Help (CHM)
Nero Video 11 Help (CHM)
nero.prerequisites.msi
neroxml
NirSoft ProduKey
NVIDIA Performance
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Rainlendar2 (remove only)
Rainmeter
Realtek High Definition Audio Driver
Samsung CLX-216x Series
save2pc Light 4.16
SCANIA Truck Driving Simulator 1.0.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Suite Shared Configuration CS4
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
System Requirements Lab for Intel
Theme Hospital
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VCDS Release 11.11.3
welcome
Win7codecs
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Media Player Firefox Plugin
WinUtilities 9.8 Professional Edition
Visual Studio 2008 x64 Redistributables
.
==== End Of File ===========================


Best regards

k3tone

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 16 July 2012 - 12:39 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 16 July 2012 - 05:10 AM

Hi ahd thanks for quick reply!

heres frst64 log:

Scan result of Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 16-07-2012 12:48:46
Running from G:\
Windows 7 Ultimate (X64) OS Language: 040B
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2803496 2011-06-23] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [x]
HKLM-x32\...\Run: [Maple_S2P] C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe [253952 2007-01-16] ()
HKLM-x32\...\Run: [BCSSync] "D:\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "D:\AVG\AVG2012\avgtray.exe" [x]
HKU\Mikko\...\Run: [Google Update] "C:\Users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-03-26] (Google Inc.)
HKU\Mikko\...\Run: [AdobeBridge] [x]
HKU\Mikko\...\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe [x]
HKU\Mikko_2\...\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe [x]
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Bluetooth Software\BTTray.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Logitech\SetPoint\SetPoint.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

==================== Services (Whitelisted) ======

2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-11-21] ()
2 CyberLink PowerDVD 11.0 Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe" [75048 2011-11-11] (CyberLink)
2 CyberLink PowerDVD 11.0 Service; "C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe" [292136 2011-11-11] (CyberLink)
2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-07-11] (Enigma Software Group USA, LLC.)
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)
2 AVGIDSAgent; C:\AVG\AVG2012\avgidsagent.exe [x]
2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [x]
3 Microsoft SharePoint Workspace Audit Service; "C:\Microsoft Office 2010\Office14\GROOVE.EXE" /auditservice [x]
2 nTuneService; C:\NVIDIA Corporation\nTune\nTuneService.exe /StartService [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-11-08] (IVT Corporation.)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [69320 2009-10-22] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [84808 2009-10-22] (FTDI Ltd.)
0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-07-13] (Nero AG)
0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-07-13] (Nero AG)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-26] (Duplex Secure Ltd.)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [42896 2010-06-08] (Oracle Corporation)
2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-11-16] (CyberLink Corp.)
2 !SASCORE; [x]
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [x]
3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [x]
3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [x]
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [x]
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
0 vhjrap; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-16 11:29 - 2012-07-16 11:30 - 00000000 ____D C:\Windows\LastGood.Tmp
2012-07-16 11:29 - 2009-03-09 15:58 - 00060416 ____A (ITE Tech. Inc. ) C:\Windows\System32\Drivers\itecir.sys
2012-07-15 14:57 - 2012-07-15 14:57 - 00000586 ____A C:\Users\Mikko\Desktop\defogger_disable.log
2012-07-15 14:57 - 2012-07-15 14:57 - 00000020 ____A C:\Users\Mikko_2\defogger_reenable
2012-07-15 14:53 - 2012-07-15 14:52 - 00050477 ____A C:\Users\Mikko\Desktop\Defogger.exe
2012-07-15 14:52 - 2012-07-15 14:51 - 00607260 ____R (Swearware) C:\Users\Mikko\Desktop\dds.com
2012-07-14 11:32 - 2012-07-14 11:32 - 00002266 ____A C:\Users\Mikko_2\Desktop\SpyHunter.lnk
2012-07-14 11:32 - 2012-07-14 11:32 - 00000000 ____D C:\sh4ldr
2012-07-14 11:32 - 2012-07-14 11:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-14 11:31 - 2012-07-14 11:32 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-14 10:01 - 2012-07-14 10:01 - 00000000 ____D C:\Users\Mikko_2\AppData\Roaming\Malwarebytes
2012-07-14 10:01 - 2012-07-14 10:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-14 10:01 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-14 07:09 - 2012-07-14 10:17 - 00000000 ____D C:\CCE_Quarantine
2012-07-14 07:09 - 2012-07-14 07:09 - 00000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-07-13 21:00 - 2012-07-13 21:00 - 00000000 ____D C:\Users\Mikko_2\AppData\Roaming\AVG
2012-07-13 20:47 - 2012-07-13 20:47 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\AVG2012
2012-07-13 20:42 - 2012-07-13 20:42 - 00000000 ____D C:\Users\Mikko_2\AppData\Roaming\AVG2012
2012-07-13 20:41 - 2012-07-13 20:41 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-13 20:40 - 2012-07-15 17:30 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-13 20:40 - 2012-07-13 20:56 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-13 20:40 - 2012-07-13 20:40 - 00000000 ___HD C:\$AVG
2012-07-13 20:37 - 2012-07-15 17:30 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-13 20:35 - 2012-07-13 20:35 - 00000000 ____D C:\Users\All Users\GFI Software
2012-07-13 17:30 - 2012-07-13 17:30 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-13 07:43 - 2012-07-13 07:43 - 00000000 ____D C:\Users\Mikko\AppData\Local\adaware
2012-07-12 19:40 - 2012-07-12 19:49 - 00000000 ____D C:\Users\Mikko_2\AppData\Roaming\Ad-Aware Antivirus
2012-07-12 19:36 - 2012-07-03 18:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-12 19:35 - 2012-07-13 20:42 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-11 07:39 - 2012-06-12 05:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:35 - 2012-06-09 07:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:35 - 2012-06-09 06:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 07:35 - 2012-06-06 08:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:35 - 2012-06-06 08:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:35 - 2012-06-06 08:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 07:35 - 2012-06-06 07:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 07:35 - 2012-06-06 07:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 07:35 - 2012-06-06 07:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 07:35 - 2012-06-02 07:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 07:35 - 2012-06-02 07:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 07:35 - 2012-06-02 07:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:35 - 2012-06-02 07:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:35 - 2012-06-02 07:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 07:35 - 2012-06-02 06:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 07:35 - 2012-06-02 06:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 07:35 - 2012-06-02 06:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 07:35 - 2012-06-02 06:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 07:35 - 2010-06-26 05:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 07:35 - 2010-06-26 05:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 18:20 - 2012-07-09 18:21 - 00001483 ____A C:\Users\Mikko\Desktop\STDS.lnk
2012-07-06 07:09 - 2012-07-06 07:10 - 00015168 ____A C:\Windows\DPINST.LOG
2012-07-06 07:07 - 2012-07-06 07:07 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-06 07:07 - 2012-07-06 07:07 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-06 07:07 - 2012-07-06 07:07 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\SystemRequirementsLab
2012-07-06 07:07 - 2012-07-06 07:07 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-07-06 07:07 - 2012-07-06 07:07 - 00000000 ____D C:\Program Files (x86)\Java
2012-07-06 07:07 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 06:25 - 2012-07-05 06:25 - 00000000 ____D C:\Users\Mikko\AppData\Local\Macromedia
2012-07-04 06:49 - 2012-07-15 21:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-04 06:49 - 2012-07-12 15:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-04 06:49 - 2012-07-12 15:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-04 06:49 - 2012-07-04 06:49 - 00000000 ____D C:\Windows\System32\Macromed
2012-07-04 06:49 - 2012-07-04 06:49 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-30 18:15 - 2012-06-30 18:15 - 00000807 ____A C:\Users\Public\Desktop\Theme Hospital.lnk
2012-06-28 06:06 - 2012-07-10 20:05 - 00000000 ____D C:\Users\Mikko\Documents\SCANIA Truck Driving Simulator
2012-06-27 18:19 - 2012-06-28 06:04 - 00000000 ____D C:\Users\Mikko_2\Documents\SCANIA Truck Driving Simulator
2012-06-27 13:23 - 2012-06-27 13:23 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-27 13:23 - 2012-05-04 18:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-27 08:06 - 2012-06-27 08:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Verkkoympäristö
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Tulostinympäristö
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Omat tiedostot
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Mallit
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Käynnistä-valikko
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Omat videotiedostot
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Omat musiikkitiedostot
2012-06-27 08:06 - 2012-06-27 08:06 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Omat kuvatiedostot
2012-06-27 08:06 - 2012-05-15 11:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-06-27 08:06 - 2012-05-15 11:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-06-27 08:06 - 2012-05-15 11:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-27 08:06 - 2012-05-15 11:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-27 08:06 - 2012-05-15 11:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-27 08:06 - 2012-05-15 11:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-27 08:06 - 2010-10-20 17:27 - 00109672 ____A C:\Users\UpdatusUser\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 08:06 - 2010-10-20 17:27 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Windows Live
2012-06-27 08:06 - 2010-03-27 15:23 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2012-06-27 08:05 - 2012-06-27 08:05 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-06-27 08:05 - 2012-05-15 12:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-27 08:05 - 2012-05-15 12:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-27 08:04 - 2012-05-15 12:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-06-27 08:04 - 2012-05-15 12:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-06-27 08:04 - 2012-04-18 19:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-06-27 08:04 - 2012-04-18 19:08 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-06-27 08:04 - 2012-04-18 19:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-06-25 07:58 - 2012-06-25 07:58 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-06-21 08:08 - 2012-06-03 00:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:08 - 2012-06-03 00:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:08 - 2012-06-03 00:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:08 - 2012-06-03 00:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:08 - 2012-06-03 00:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:08 - 2012-06-03 00:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:08 - 2012-06-03 00:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:08 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:08 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files ========================

2012-07-16 11:36 - 2009-07-14 06:45 - 00000000 _____ C:\Windows\System32\umstartup.etl
2012-07-16 11:36 - 2009-07-14 06:45 - 00000000 _____ C:\Windows\System32\umstartup.etl
2012-07-16 11:32 - 2010-03-26 10:06 - 01144885 ____A C:\Windows\WindowsUpdate.log
2012-07-16 11:32 - 2009-07-14 06:45 - 00016624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 11:32 - 2009-07-14 06:45 - 00016624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 11:29 - 2012-03-26 13:02 - 00005525 ____A C:\Windows\setupact.log
2012-07-16 11:29 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 21:06 - 2012-07-04 06:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-15 20:43 - 2010-03-26 16:48 - 00001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000UA.job
2012-07-15 16:16 - 2009-07-14 11:01 - 00443374 ____A C:\Windows\System32\perfh00B.dat
2012-07-15 16:16 - 2009-07-14 11:01 - 00083182 ____A C:\Windows\System32\perfc00B.dat
2012-07-15 16:16 - 2009-07-14 07:13 - 01238706 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-15 14:57 - 2012-07-15 14:57 - 00000586 ____A C:\Users\Mikko\Desktop\defogger_disable.log
2012-07-15 14:57 - 2012-07-15 14:57 - 00000020 ____A C:\Users\Mikko_2\defogger_reenable
2012-07-15 14:52 - 2012-07-15 14:53 - 00050477 ____A C:\Users\Mikko\Desktop\Defogger.exe
2012-07-15 14:51 - 2012-07-15 14:52 - 00607260 ____R (Swearware) C:\Users\Mikko\Desktop\dds.com
2012-07-15 10:43 - 2010-03-26 16:48 - 00000966 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000Core.job
2012-07-14 11:34 - 2011-10-01 18:02 - 00003109 ____A C:\Users\Mikko\Desktop\Google Chrome.lnk
2012-07-14 11:32 - 2012-07-14 11:32 - 00002266 ____A C:\Users\Mikko_2\Desktop\SpyHunter.lnk
2012-07-14 11:25 - 2012-05-11 15:41 - 00008138 ____A C:\Windows\PFRO.log
2012-07-14 07:09 - 2012-07-14 07:09 - 00000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-07-13 17:30 - 2012-07-13 17:30 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-12 19:36 - 2010-03-26 11:33 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-12 19:03 - 2010-12-21 20:22 - 00002122 ____A C:\Windows\epplauncher.mif
2012-07-12 18:35 - 2009-07-14 06:45 - 03110552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 15:06 - 2012-07-04 06:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 15:06 - 2012-07-04 06:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 07:36 - 2010-03-26 13:17 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 18:21 - 2012-07-09 18:20 - 00001483 ____A C:\Users\Mikko\Desktop\STDS.lnk
2012-07-09 18:19 - 2010-06-29 19:37 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-06 07:10 - 2012-07-06 07:09 - 00015168 ____A C:\Windows\DPINST.LOG
2012-07-06 07:07 - 2012-07-06 07:07 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-06 07:07 - 2012-07-06 07:07 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-03 18:21 - 2012-07-12 19:36 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 12:46 - 2012-07-14 10:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 18:15 - 2012-06-30 18:15 - 00000807 ____A C:\Users\Public\Desktop\Theme Hospital.lnk
2012-06-27 17:31 - 2010-07-22 19:00 - 00000110 ____A C:\Windows\SysWOW64\_WKERNEL.SYL
2012-06-27 08:06 - 2012-06-27 08:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-06-12 05:08 - 2012-07-11 07:39 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 07:43 - 2012-07-11 07:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 06:41 - 2012-07-11 07:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 08:06 - 2012-07-11 07:35 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 08:06 - 2012-07-11 07:35 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 08:02 - 2012-07-11 07:35 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 07:05 - 2012-07-11 07:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 07:05 - 2012-07-11 07:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 07:03 - 2012-07-11 07:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 00:19 - 2012-06-21 08:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 00:19 - 2012-06-21 08:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 00:19 - 2012-06-21 08:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 00:19 - 2012-06-21 08:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 00:19 - 2012-06-21 08:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 00:15 - 2012-06-21 08:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 00:15 - 2012-06-21 08:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 08:08 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 08:08 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:50 - 2012-07-11 07:35 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 07:48 - 2012-07-11 07:35 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 07:48 - 2012-07-11 07:35 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 07:45 - 2012-07-11 07:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 07:44 - 2012-07-11 07:35 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 06:40 - 2012-07-11 07:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 06:40 - 2012-07-11 07:35 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 06:39 - 2012-07-11 07:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 06:34 - 2012-07-11 07:35 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-15 12:48 - 2012-06-27 08:05 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 12:48 - 2012-06-27 08:05 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 12:48 - 2012-06-27 08:04 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 12:48 - 2012-06-27 08:04 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 11:29 - 2012-06-27 08:06 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 11:29 - 2012-06-27 08:06 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 11:29 - 2012-06-27 08:06 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 11:29 - 2012-06-27 08:06 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 11:29 - 2012-06-27 08:06 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 11:28 - 2012-06-27 08:06 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 06:01 - 2012-06-13 05:52 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 05:59 - 2012-06-13 05:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-15 05:03 - 2012-06-13 05:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-15 05:00 - 2012-06-13 05:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-13 21:57 - 2012-05-13 21:57 - 00002801 ____A C:\Users\Mikko\Desktop\Nero Express 11.lnk
2012-05-12 21:34 - 2010-03-26 13:11 - 00000528 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-04 18:29 - 2012-07-06 07:07 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 18:29 - 2012-06-27 13:23 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 18:29 - 2010-05-06 19:59 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 13:06 - 2012-06-13 05:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 13:00 - 2012-06-13 05:51 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 12:03 - 2012-06-13 05:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 12:03 - 2012-06-13 05:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 11:59 - 2012-06-13 05:51 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 21:31 - 2010-12-24 11:05 - 00001299 ___AH C:\Windows\EPMBatch.ept
2012-05-01 07:40 - 2012-06-13 05:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 07:32 - 2012-06-13 05:51 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-28 05:55 - 2012-06-13 05:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 07:41 - 2012-06-13 05:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 07:41 - 2012-06-13 05:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 07:34 - 2012-06-13 05:51 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 04:55 - 2010-12-21 20:20 - 01268828 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-24 07:37 - 2012-06-13 05:51 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 07:37 - 2012-06-13 05:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 07:37 - 2012-06-13 05:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 06:36 - 2012-06-13 05:51 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 06:36 - 2012-06-13 05:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 06:36 - 2012-06-13 05:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 07:42 - 2012-06-13 05:52 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 07:00 - 2012-06-13 05:52 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 07:00 - 2012-06-13 05:52 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 06:57 - 2012-06-13 05:52 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 06:57 - 2012-06-13 05:52 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 06:57 - 2012-06-13 05:52 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 06:56 - 2012-06-13 05:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 06:56 - 2012-06-13 05:52 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 06:56 - 2012-06-13 05:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 05:45 - 2012-06-13 05:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-20 05:16 - 2012-06-13 05:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 19:08 - 2012-06-27 08:04 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 19:08 - 2012-06-27 08:04 - 00072512 ____A (NVIDIA Corporation) C:\Windows\System32\nvapo64v.dll
2012-04-18 19:08 - 2012-06-27 08:04 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 19:08 - 2012-03-17 18:54 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll


ZeroAccess:
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\L
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\L\00000004.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\L\00000008.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\00000004.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\00000008.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\000000cb.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\80000000.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\80000032.@
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4092.96 MB
Available physical RAM: 3458.41 MB
Total Pagefile: 4091.11 MB
Available Pagefile: 3462.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (WINDOWS7) (Fixed) (Total:72.81 GB) (Free:14.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (OHJELMAT) (Fixed) (Total:48.83 GB) (Free:16.27 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:176.44 GB) (Free:60.25 GB) NTFS
5 Drive g: (MKETONEN) (Removable) (Total:1.86 GB) (Free:1.45 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Levy tila koko vapaana dyn GPT
-------- ------------- ------- ----------- --- ---
Levy 0 Online 298 Gt 0 tavua
Levy 1 Online 1909 Mt 0 tavua

Suljetaan DiskPart...


==========================================================

Last Boot: 2012-07-09 11:33

======================= End Of Log ==========================

I also got a failure message during the scan that says "c:\windows\system32\umstartup.etl is damaged or can't read, run chkdsk"

Thanks in advance

k3tone

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 16 July 2012 - 11:33 AM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 16 July 2012 - 12:53 PM

Hi again and thank you so much!

Heres the log:

Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 2012-07-16 20:44:45
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

-k3tone

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 16 July 2012 - 09:04 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 17 July 2012 - 12:06 AM

Thank you again!

Heres the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-07-2012
Ran by SYSTEM at 2012-07-17 07:58:36 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{fafadb7a-13b4-c51b-d9ef-6116ce4a2fac} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

-k3tone

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 17 July 2012 - 12:36 AM

ello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 17 July 2012 - 01:52 AM

Thanks for your quick reply Gringo!

Combofix log:


ComboFix 12-07-16.01 - Mikko_2 17.07.2012 9:36.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.4093.2563 [GMT 3:00]
Sijainti: c:\users\Mikko\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Uusi palautuspiste luotu
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
---- Edellinen ajo -------
.
c:\users\Mikko_2\AppData\Roaming\chrtmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\UNWISE.EXE
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-06-17 to 2012-07-17 )))))))))))))))))
.
.
2012-07-17 06:42 . 2012-07-17 06:42 -------- d-----w- c:\users\Mikko_2\AppData\Local\temp
2012-07-17 06:42 . 2012-07-17 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 06:23 . 2012-07-17 06:23 -------- d-----w- c:\windows\LastGood
2012-07-17 06:23 . 2009-03-09 13:58 60416 ----a-w- c:\windows\system32\drivers\itecir.sys
2012-07-16 10:42 . 2012-07-16 10:42 -------- d-----w- C:\FRST
2012-07-14 09:32 . 2012-07-14 09:32 -------- d-----w- C:\sh4ldr
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-14 09:32 . 2012-07-14 09:32 -------- d-----w- c:\program files\Enigma Software Group
2012-07-14 09:31 . 2012-07-14 09:32 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-14 09:31 . 2012-07-14 09:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-14 08:01 . 2012-07-14 08:01 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\Malwarebytes
2012-07-14 08:01 . 2012-07-14 08:01 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 08:01 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 05:09 . 2012-07-14 08:17 -------- d-----w- C:\CCE_Quarantine
2012-07-13 19:00 . 2012-07-13 19:00 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\AVG
2012-07-13 18:47 . 2012-07-13 18:47 -------- d-----w- c:\users\Mikko\AppData\Roaming\AVG2012
2012-07-13 18:41 . 2012-07-13 18:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-13 18:40 . 2012-07-16 10:02 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-13 18:40 . 2012-07-13 18:56 -------- d-----w- c:\programdata\AVG2012
2012-07-13 18:40 . 2012-07-13 18:40 -------- d-----w- C:\$AVG
2012-07-13 18:37 . 2012-07-17 05:51 -------- d-----w- c:\programdata\MFAData
2012-07-13 18:37 . 2012-07-13 18:37 -------- d--h--w- c:\programdata\Common Files
2012-07-13 18:35 . 2012-07-13 18:35 -------- d-----w- c:\programdata\GFI Software
2012-07-13 05:43 . 2012-07-13 05:43 -------- d-----w- c:\users\Mikko\AppData\Local\adaware
2012-07-12 17:40 . 2012-07-12 17:49 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\Ad-Aware Antivirus
2012-07-12 17:36 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-12 17:35 . 2012-07-13 18:42 -------- d-----w- c:\programdata\AVAST Software
2012-07-11 05:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\users\Mikko\AppData\Roaming\SystemRequirementsLab
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\Java
2012-07-05 04:25 . 2012-07-05 04:25 -------- d-----w- c:\users\Mikko\AppData\Local\Macromedia
2012-07-04 04:49 . 2012-07-04 04:49 -------- d-----w- c:\programdata\McAfee
2012-07-04 04:49 . 2012-07-12 13:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-04 04:49 . 2012-07-12 13:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-04 04:49 . 2012-07-04 04:49 -------- d-----w- c:\windows\system32\Macromed
2012-06-27 11:23 . 2012-06-27 11:23 -------- d-----w- c:\program files (x86)\Oracle
2012-06-27 11:23 . 2012-05-04 16:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-27 06:06 . 2012-06-27 06:06 -------- d-----w- c:\users\UpdatusUser
2012-06-27 06:06 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-27 06:06 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-27 06:06 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-27 06:06 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-27 06:06 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-27 06:06 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-27 06:05 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-27 06:05 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-27 06:05 . 2012-06-27 06:05 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-25 05:58 . 2012-06-25 05:58 -------- d-----w- c:\program files (x86)\Garmin
2012-06-21 06:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 06:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:08 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:08 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 22:20 . 2012-06-18 22:20 2203776 ----a-w- c:\program files (x86)\Common Files\System\MSMAPI\MSNCON32.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 18:22 . 2010-06-04 14:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-13 18:22 . 2010-05-24 17:53 460624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-19 05:21 . 2010-05-24 17:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-19 05:21 . 2010-06-07 16:29 460624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-15 09:29 . 2012-06-27 06:06 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 04:01 . 2012-06-13 03:52 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 03:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 16:29 . 2010-05-06 17:59 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 03:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 03:51 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 03:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 03:51 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 03:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 03:51 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 03:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:51 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:51 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 03:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-19 01:50 . 2012-04-19 01:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 17:08 . 2012-03-17 16:54 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="d:\rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="d:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Maple_S2P"="c:\program files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe" [2007-01-16 253952]
"BCSSync"="d:\microsoft office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-11-21 234792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="d:\avg\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\users\Mikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - d:\rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - d:\bluetooth software\BTTray.exe [2007-4-24 985904]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-10-12 1207312]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe [2010-6-12 303456]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-1-3 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Ad-Aware Antivirus\Definitions\0d:\avg\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vhjrap;vhjrap; [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 !SASCORE;SAS Core Service; [x]
R2 AVGIDSAgent;AVGIDSAgent;d:\avg\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-26 1038088]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-09-28 169048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw5s64;Intel® Wireless WiFi Link -sovitinohjain 7 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain Vista 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\netw5v64.sys [2010-05-31 7533568]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain Vista 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETwNv64.sys [2011-01-19 7886848]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 144784]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-08 42896]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-virtualisointikantapalvelu;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-26 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/25 13:27];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-11-16 09:00 148976]
S2 avgwd;AVG WatchDog;d:\avg\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-21 75248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain 7 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-23 8616960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 13:06]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000Core.job
- c:\users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 14:48]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000UA.job
- c:\users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Täydentävä tarkistus -------
.
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\micros~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office14\ONBttnIE.dll/105
IE: Search the Web
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Mikko_2\AppData\Roaming\Mozilla\Firefox\Profiles\jbvn7j8o.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2012-07-17 09:45:28
ComboFix-quarantined-files.txt 2012-07-17 06:45
.
Ennen ajoa: 14 969 610 240 tavua vapaana
Ajon jälkeen: 14 845 329 408 tavua vapaana
.
- - End Of File - - CE4F04F08D1E9072E572FB01D6162398

Had a little problem when running Combofix first time; First it claimed that Microsoft Security Essentials is on, although I removed it several days ago and installed AVG which I temporalily disabled. I hitted OK for messages and Combofix ran fine. After it rebooted computer it was just flashing its window from upper left corner of the screen to the middle. It did this 30 mins, after that I rebooted computer myself and ran combofix again and then received this report. Running Combofix second time it didn't give any note about Security Essentials.

After an hour I haven't had any message from AVG and I feel like computer feels like a bit faster.
Don't know if it's just placebo or not.

Regards

-k3tone

Edited by k3tone, 17 July 2012 - 02:00 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 17 July 2012 - 10:21 PM

Greetings k3tone

even tho things seem better I want to do some deeper checking.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 18 July 2012 - 12:45 AM

Hi Gringo!

Here's TDSSkiller log:


08:13:07.0696 3076 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:13:07.0982 3076 ============================================================
08:13:07.0982 3076 Current date / time: 2012/07/18 08:13:07.0981
08:13:07.0982 3076 SystemInfo:
08:13:07.0982 3076
08:13:07.0982 3076 OS Version: 6.1.7601 ServicePack: 1.0
08:13:07.0982 3076 Product type: Workstation
08:13:07.0982 3076 ComputerName: MIKKO-PC
08:13:07.0982 3076 UserName: Mikko_2
08:13:07.0982 3076 Windows directory: C:\Windows
08:13:07.0982 3076 System windows directory: C:\Windows
08:13:07.0982 3076 Running under WOW64
08:13:07.0982 3076 Processor architecture: Intel x64
08:13:07.0982 3076 Number of processors: 2
08:13:07.0982 3076 Page size: 0x1000
08:13:07.0982 3076 Boot type: Normal boot
08:13:07.0982 3076 ============================================================
08:13:08.0768 3076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:13:08.0778 3076 ============================================================
08:13:08.0778 3076 \Device\Harddisk0\DR0:
08:13:08.0778 3076 MBR partitions:
08:13:08.0778 3076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x919FBA2
08:13:08.0778 3076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x919FBE1, BlocksNum 0x61AB827
08:13:08.0778 3076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF34B408, BlocksNum 0x160E2BF8
08:13:08.0778 3076 ============================================================
08:13:08.0825 3076 E: <-> \Device\Harddisk0\DR0\Partition2
08:13:08.0864 3076 D: <-> \Device\Harddisk0\DR0\Partition1
08:13:08.0887 3076 C: <-> \Device\Harddisk0\DR0\Partition0
08:13:08.0887 3076 ============================================================
08:13:08.0887 3076 Initialize success
08:13:08.0887 3076 ============================================================
08:13:25.0739 4004 ============================================================
08:13:25.0739 4004 Scan started
08:13:25.0739 4004 Mode: Manual;
08:13:25.0739 4004 ============================================================
08:13:26.0205 4004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:13:26.0209 4004 1394ohci - ok
08:13:26.0262 4004 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:13:26.0266 4004 ACPI - ok
08:13:26.0281 4004 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:13:26.0282 4004 AcpiPmi - ok
08:13:26.0310 4004 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
08:13:26.0312 4004 adfs - ok
08:13:26.0497 4004 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:13:26.0501 4004 AdobeFlashPlayerUpdateSvc - ok
08:13:26.0560 4004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:13:26.0566 4004 adp94xx - ok
08:13:26.0602 4004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:13:26.0607 4004 adpahci - ok
08:13:26.0630 4004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:13:26.0633 4004 adpu320 - ok
08:13:26.0665 4004 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:13:26.0667 4004 AeLookupSvc - ok
08:13:26.0729 4004 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:13:26.0735 4004 AFD - ok
08:13:26.0840 4004 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
08:13:26.0866 4004 AgereSoftModem - ok
08:13:26.0899 4004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:13:26.0901 4004 agp440 - ok
08:13:26.0917 4004 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:13:26.0919 4004 ALG - ok
08:13:26.0934 4004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:13:26.0936 4004 aliide - ok
08:13:26.0950 4004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:13:26.0952 4004 amdide - ok
08:13:26.0974 4004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:13:26.0977 4004 AmdK8 - ok
08:13:26.0982 4004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:13:26.0984 4004 AmdPPM - ok
08:13:27.0021 4004 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:13:27.0023 4004 amdsata - ok
08:13:27.0043 4004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:13:27.0046 4004 amdsbs - ok
08:13:27.0078 4004 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:13:27.0079 4004 amdxata - ok
08:13:27.0113 4004 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:13:27.0116 4004 AppID - ok
08:13:27.0137 4004 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:13:27.0141 4004 AppIDSvc - ok
08:13:27.0172 4004 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:13:27.0174 4004 Appinfo - ok
08:13:27.0221 4004 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:13:27.0224 4004 AppMgmt - ok
08:13:27.0242 4004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:13:27.0245 4004 arc - ok
08:13:27.0263 4004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:13:27.0265 4004 arcsas - ok
08:13:27.0280 4004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:13:27.0281 4004 AsyncMac - ok
08:13:27.0316 4004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:13:27.0317 4004 atapi - ok
08:13:27.0348 4004 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
08:13:27.0348 4004 AtiPcie - ok
08:13:27.0413 4004 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:13:27.0421 4004 AudioEndpointBuilder - ok
08:13:27.0429 4004 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:13:27.0434 4004 AudioSrv - ok
08:13:27.0732 4004 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) D:\AVG\AVG2012\avgidsagent.exe
08:13:27.0764 4004 AVGIDSAgent - ok
08:13:27.0801 4004 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:13:27.0803 4004 AVGIDSDriver - ok
08:13:27.0834 4004 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:13:27.0835 4004 AVGIDSFilter - ok
08:13:27.0853 4004 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
08:13:27.0854 4004 AVGIDSHA - ok
08:13:27.0911 4004 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
08:13:27.0916 4004 Avgldx64 - ok
08:13:27.0946 4004 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
08:13:27.0947 4004 Avgmfx64 - ok
08:13:27.0987 4004 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
08:13:27.0988 4004 Avgrkx64 - ok
08:13:28.0022 4004 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
08:13:28.0027 4004 Avgtdia - ok
08:13:28.0094 4004 avgwd (ea1145debcd508fd25bd1e95c4346929) D:\AVG\AVG2012\avgwdsvc.exe
08:13:28.0096 4004 avgwd - ok
08:13:28.0126 4004 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:13:28.0129 4004 AxInstSV - ok
08:13:28.0183 4004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:13:28.0190 4004 b06bdrv - ok
08:13:28.0220 4004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:13:28.0225 4004 b57nd60a - ok
08:13:28.0249 4004 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:13:28.0252 4004 BDESVC - ok
08:13:28.0266 4004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:13:28.0267 4004 Beep - ok
08:13:28.0368 4004 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:13:28.0377 4004 BFE - ok
08:13:28.0455 4004 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:13:28.0462 4004 BITS - ok
08:13:28.0517 4004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:13:28.0518 4004 blbdrive - ok
08:13:28.0556 4004 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:13:28.0557 4004 bowser - ok
08:13:28.0569 4004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:13:28.0571 4004 BrFiltLo - ok
08:13:28.0582 4004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:13:28.0583 4004 BrFiltUp - ok
08:13:28.0625 4004 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:13:28.0628 4004 BridgeMP - ok
08:13:28.0666 4004 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:13:28.0669 4004 Browser - ok
08:13:28.0695 4004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:13:28.0701 4004 Brserid - ok
08:13:28.0715 4004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:13:28.0717 4004 BrSerWdm - ok
08:13:28.0726 4004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:13:28.0728 4004 BrUsbMdm - ok
08:13:28.0735 4004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:13:28.0736 4004 BrUsbSer - ok
08:13:28.0784 4004 Btcsrusb (24613567251f96330479302e091ae12e) C:\Windows\system32\Drivers\btcusb.sys
08:13:28.0785 4004 Btcsrusb - ok
08:13:28.0818 4004 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:13:28.0820 4004 BthEnum - ok
08:13:28.0848 4004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:13:28.0851 4004 BTHMODEM - ok
08:13:28.0886 4004 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:13:28.0889 4004 BthPan - ok
08:13:28.0928 4004 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:13:28.0937 4004 BTHPORT - ok
08:13:28.0967 4004 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:13:28.0969 4004 bthserv - ok
08:13:28.0990 4004 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:13:28.0992 4004 BTHUSB - ok
08:13:29.0035 4004 btwaudio (a0a431cf678c5c13707200c640d9b928) C:\Windows\system32\drivers\btwaudio.sys
08:13:29.0038 4004 btwaudio - ok
08:13:29.0075 4004 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
08:13:29.0077 4004 btwavdt - ok
08:13:29.0089 4004 btwrchid (11e80da0a0698c203115610ad19db410) C:\Windows\system32\DRIVERS\btwrchid.sys
08:13:29.0091 4004 btwrchid - ok
08:13:29.0099 4004 catchme - ok
08:13:29.0121 4004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:13:29.0123 4004 cdfs - ok
08:13:29.0162 4004 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:13:29.0165 4004 cdrom - ok
08:13:29.0204 4004 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:13:29.0206 4004 CertPropSvc - ok
08:13:29.0242 4004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:13:29.0243 4004 circlass - ok
08:13:29.0286 4004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:13:29.0291 4004 CLFS - ok
08:13:29.0430 4004 CLHNServiceForPowerDVD (e3893d0e84ad1a986c3db28eb3005198) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
08:13:29.0431 4004 CLHNServiceForPowerDVD - ok
08:13:29.0495 4004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:13:29.0511 4004 clr_optimization_v2.0.50727_32 - ok
08:13:29.0554 4004 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:13:29.0557 4004 clr_optimization_v2.0.50727_64 - ok
08:13:29.0626 4004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:13:29.0627 4004 clr_optimization_v4.0.30319_32 - ok
08:13:29.0661 4004 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:13:29.0663 4004 clr_optimization_v4.0.30319_64 - ok
08:13:29.0699 4004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:13:29.0701 4004 CmBatt - ok
08:13:29.0729 4004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:13:29.0731 4004 cmdide - ok
08:13:29.0786 4004 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:13:29.0792 4004 CNG - ok
08:13:29.0806 4004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:13:29.0807 4004 Compbatt - ok
08:13:29.0826 4004 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:13:29.0828 4004 CompositeBus - ok
08:13:29.0833 4004 COMSysApp - ok
08:13:29.0850 4004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:13:29.0851 4004 crcdisk - ok
08:13:29.0908 4004 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:13:29.0911 4004 CryptSvc - ok
08:13:29.0964 4004 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:13:29.0972 4004 CSC - ok
08:13:30.0024 4004 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:13:30.0033 4004 CscService - ok
08:13:30.0152 4004 CyberLink PowerDVD 11.0 Monitor Service (2e27b3ffdfa45d04179b476a28193871) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
08:13:30.0154 4004 CyberLink PowerDVD 11.0 Monitor Service - ok
08:13:30.0206 4004 CyberLink PowerDVD 11.0 Service (f7893758a023e00fc16d8c2f58174052) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
08:13:30.0210 4004 CyberLink PowerDVD 11.0 Service - ok
08:13:30.0248 4004 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:13:30.0254 4004 DcomLaunch - ok
08:13:30.0293 4004 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:13:30.0299 4004 defragsvc - ok
08:13:30.0367 4004 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:13:30.0369 4004 DfsC - ok
08:13:30.0404 4004 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
08:13:30.0406 4004 DgiVecp - ok
08:13:30.0448 4004 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:13:30.0454 4004 Dhcp - ok
08:13:30.0469 4004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:13:30.0469 4004 discache - ok
08:13:30.0486 4004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:13:30.0487 4004 Disk - ok
08:13:30.0528 4004 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:13:30.0532 4004 Dnscache - ok
08:13:30.0579 4004 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:13:30.0583 4004 dot3svc - ok
08:13:30.0603 4004 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:13:30.0606 4004 DPS - ok
08:13:30.0633 4004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:13:30.0635 4004 drmkaud - ok
08:13:30.0699 4004 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:13:30.0712 4004 DXGKrnl - ok
08:13:30.0745 4004 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:13:30.0748 4004 EapHost - ok
08:13:30.0940 4004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:13:30.0987 4004 ebdrv - ok
08:13:31.0091 4004 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:13:31.0093 4004 EFS - ok
08:13:31.0189 4004 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:13:31.0194 4004 ehRecvr - ok
08:13:31.0236 4004 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:13:31.0237 4004 ehSched - ok
08:13:31.0299 4004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:13:31.0307 4004 elxstor - ok
08:13:31.0339 4004 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
08:13:31.0341 4004 epmntdrv - ok
08:13:31.0370 4004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:13:31.0372 4004 ErrDev - ok
08:13:31.0385 4004 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
08:13:31.0387 4004 EuGdiDrv - ok
08:13:31.0441 4004 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:13:31.0447 4004 EventSystem - ok
08:13:31.0472 4004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:13:31.0476 4004 exfat - ok
08:13:31.0499 4004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:13:31.0503 4004 fastfat - ok
08:13:31.0569 4004 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:13:31.0579 4004 Fax - ok
08:13:31.0597 4004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:13:31.0598 4004 fdc - ok
08:13:31.0614 4004 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:13:31.0616 4004 fdPHost - ok
08:13:31.0631 4004 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:13:31.0633 4004 FDResPub - ok
08:13:31.0661 4004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:13:31.0662 4004 FileInfo - ok
08:13:31.0677 4004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:13:31.0679 4004 Filetrace - ok
08:13:31.0767 4004 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:13:31.0776 4004 FLEXnet Licensing Service - ok
08:13:31.0872 4004 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:13:31.0885 4004 FLEXnet Licensing Service 64 - ok
08:13:31.0973 4004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:13:31.0975 4004 flpydisk - ok
08:13:32.0023 4004 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:13:32.0028 4004 FltMgr - ok
08:13:32.0109 4004 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:13:32.0125 4004 FontCache - ok
08:13:32.0198 4004 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:13:32.0200 4004 FontCache3.0.0.0 - ok
08:13:32.0228 4004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:13:32.0230 4004 FsDepends - ok
08:13:32.0255 4004 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:13:32.0257 4004 Fs_Rec - ok
08:13:32.0290 4004 FTDIBUS (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys
08:13:32.0293 4004 FTDIBUS - ok
08:13:32.0313 4004 FTSER2K (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys
08:13:32.0316 4004 FTSER2K - ok
08:13:32.0364 4004 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:13:32.0367 4004 fvevol - ok
08:13:32.0386 4004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:13:32.0388 4004 gagp30kx - ok
08:13:32.0456 4004 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:13:32.0467 4004 gpsvc - ok
08:13:32.0484 4004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:13:32.0486 4004 hcw85cir - ok
08:13:32.0540 4004 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:13:32.0546 4004 HdAudAddService - ok
08:13:32.0566 4004 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:13:32.0568 4004 HDAudBus - ok
08:13:32.0586 4004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:13:32.0587 4004 HidBatt - ok
08:13:32.0604 4004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:13:32.0606 4004 HidBth - ok
08:13:32.0622 4004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:13:32.0623 4004 HidIr - ok
08:13:32.0653 4004 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:13:32.0655 4004 hidserv - ok
08:13:32.0674 4004 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:13:32.0676 4004 HidUsb - ok
08:13:32.0711 4004 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:13:32.0714 4004 hkmsvc - ok
08:13:32.0757 4004 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:13:32.0761 4004 HomeGroupListener - ok
08:13:32.0802 4004 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:13:32.0806 4004 HomeGroupProvider - ok
08:13:32.0824 4004 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:13:32.0827 4004 HpSAMD - ok
08:13:32.0900 4004 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:13:32.0910 4004 HTTP - ok
08:13:32.0949 4004 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:13:32.0950 4004 hwpolicy - ok
08:13:32.0985 4004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:13:32.0987 4004 i8042prt - ok
08:13:33.0067 4004 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:13:33.0070 4004 IAANTMON - ok
08:13:33.0136 4004 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
08:13:33.0140 4004 iaStor - ok
08:13:33.0197 4004 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:13:33.0203 4004 iaStorV - ok
08:13:33.0314 4004 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:13:33.0326 4004 idsvc - ok
08:13:33.0414 4004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:13:33.0416 4004 iirsp - ok
08:13:33.0488 4004 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:13:33.0500 4004 IKEEXT - ok
08:13:33.0668 4004 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
08:13:33.0711 4004 IntcAzAudAddService - ok
08:13:33.0837 4004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:13:33.0839 4004 intelide - ok
08:13:33.0867 4004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:13:33.0869 4004 intelppm - ok
08:13:33.0897 4004 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:13:33.0900 4004 IPBusEnum - ok
08:13:33.0941 4004 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:13:33.0943 4004 IpFilterDriver - ok
08:13:34.0045 4004 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:13:34.0053 4004 iphlpsvc - ok
08:13:34.0091 4004 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:13:34.0094 4004 IPMIDRV - ok
08:13:34.0110 4004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:13:34.0113 4004 IPNAT - ok
08:13:34.0128 4004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:13:34.0129 4004 IRENUM - ok
08:13:34.0145 4004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:13:34.0147 4004 isapnp - ok
08:13:34.0172 4004 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:13:34.0176 4004 iScsiPrt - ok
08:13:34.0203 4004 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
08:13:34.0205 4004 itecir - ok
08:13:34.0251 4004 JMCR (4ead106f130782aa990ff7f3b0e4e5d1) C:\Windows\system32\DRIVERS\jmcr.sys
08:13:34.0254 4004 JMCR - ok
08:13:34.0278 4004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:13:34.0280 4004 kbdclass - ok
08:13:34.0295 4004 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:13:34.0297 4004 kbdhid - ok
08:13:34.0332 4004 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:13:34.0334 4004 KeyIso - ok
08:13:34.0371 4004 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:13:34.0373 4004 KSecDD - ok
08:13:34.0413 4004 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:13:34.0415 4004 KSecPkg - ok
08:13:34.0436 4004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:13:34.0438 4004 ksthunk - ok
08:13:34.0476 4004 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:13:34.0482 4004 KtmRm - ok
08:13:34.0517 4004 L1E (71366a5e898ee044a0aff2dc3abaec60) C:\Windows\system32\DRIVERS\L1E62x64.sys
08:13:34.0519 4004 L1E - ok
08:13:34.0567 4004 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:13:34.0572 4004 LanmanServer - ok
08:13:34.0612 4004 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:13:34.0617 4004 LanmanWorkstation - ok
08:13:34.0699 4004 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
08:13:34.0701 4004 LBTServ - ok
08:13:34.0730 4004 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
08:13:34.0732 4004 LEqdUsb - ok
08:13:34.0742 4004 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
08:13:34.0743 4004 LHidEqd - ok
08:13:34.0763 4004 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
08:13:34.0765 4004 LHidFilt - ok
08:13:34.0785 4004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:13:34.0799 4004 lltdio - ok
08:13:34.0871 4004 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:13:34.0877 4004 lltdsvc - ok
08:13:34.0894 4004 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:13:34.0897 4004 lmhosts - ok
08:13:34.0913 4004 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
08:13:34.0914 4004 LMouFilt - ok
08:13:34.0945 4004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:13:34.0947 4004 LSI_FC - ok
08:13:34.0969 4004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:13:34.0971 4004 LSI_SAS - ok
08:13:34.0986 4004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:13:34.0988 4004 LSI_SAS2 - ok
08:13:35.0013 4004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:13:35.0016 4004 LSI_SCSI - ok
08:13:35.0039 4004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:13:35.0041 4004 luafv - ok
08:13:35.0079 4004 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:13:35.0082 4004 Mcx2Svc - ok
08:13:35.0095 4004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:13:35.0097 4004 megasas - ok
08:13:35.0131 4004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:13:35.0136 4004 MegaSR - ok
08:13:35.0184 4004 Microsoft SharePoint Workspace Audit Service - ok
08:13:35.0218 4004 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:13:35.0221 4004 MMCSS - ok
08:13:35.0251 4004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:13:35.0252 4004 Modem - ok
08:13:35.0265 4004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:13:35.0268 4004 monitor - ok
08:13:35.0299 4004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:13:35.0301 4004 mouclass - ok
08:13:35.0328 4004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:13:35.0329 4004 mouhid - ok
08:13:35.0356 4004 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:13:35.0358 4004 mountmgr - ok
08:13:35.0397 4004 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:13:35.0400 4004 mpio - ok
08:13:35.0417 4004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:13:35.0420 4004 mpsdrv - ok
08:13:35.0495 4004 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:13:35.0507 4004 MpsSvc - ok
08:13:35.0550 4004 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:13:35.0554 4004 MRxDAV - ok
08:13:35.0606 4004 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:13:35.0609 4004 mrxsmb - ok
08:13:35.0649 4004 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:13:35.0654 4004 mrxsmb10 - ok
08:13:35.0674 4004 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:13:35.0676 4004 mrxsmb20 - ok
08:13:35.0687 4004 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:13:35.0688 4004 msahci - ok
08:13:35.0727 4004 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:13:35.0730 4004 msdsm - ok
08:13:35.0762 4004 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:13:35.0766 4004 MSDTC - ok
08:13:35.0792 4004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:13:35.0793 4004 Msfs - ok
08:13:35.0808 4004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:13:35.0809 4004 mshidkmdf - ok
08:13:35.0840 4004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:13:35.0841 4004 msisadrv - ok
08:13:35.0876 4004 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:13:35.0880 4004 MSiSCSI - ok
08:13:35.0885 4004 msiserver - ok
08:13:35.0905 4004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:13:35.0906 4004 MSKSSRV - ok
08:13:35.0913 4004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:13:35.0914 4004 MSPCLOCK - ok
08:13:35.0931 4004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:13:35.0932 4004 MSPQM - ok
08:13:35.0987 4004 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:13:35.0992 4004 MsRPC - ok
08:13:36.0007 4004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:13:36.0008 4004 mssmbios - ok
08:13:36.0014 4004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:13:36.0015 4004 MSTEE - ok
08:13:36.0034 4004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:13:36.0036 4004 MTConfig - ok
08:13:36.0058 4004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:13:36.0059 4004 Mup - ok
08:13:36.0099 4004 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:13:36.0107 4004 napagent - ok
08:13:36.0151 4004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:13:36.0158 4004 NativeWifiP - ok
08:13:36.0219 4004 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys
08:13:36.0220 4004 NBVol - ok
08:13:36.0231 4004 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys
08:13:36.0232 4004 NBVolUp - ok
08:13:36.0286 4004 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:13:36.0299 4004 NDIS - ok
08:13:36.0318 4004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:13:36.0320 4004 NdisCap - ok
08:13:36.0340 4004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:13:36.0341 4004 NdisTapi - ok
08:13:36.0374 4004 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:13:36.0377 4004 Ndisuio - ok
08:13:36.0418 4004 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:13:36.0421 4004 NdisWan - ok
08:13:36.0466 4004 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:13:36.0468 4004 NDProxy - ok
08:13:36.0495 4004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:13:36.0496 4004 NetBIOS - ok
08:13:36.0539 4004 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:13:36.0543 4004 NetBT - ok
08:13:36.0574 4004 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:13:36.0576 4004 Netlogon - ok
08:13:36.0621 4004 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:13:36.0626 4004 Netman - ok
08:13:36.0664 4004 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:13:36.0670 4004 netprofm - ok
08:13:36.0743 4004 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:13:36.0745 4004 NetTcpPortSharing - ok
08:13:37.0135 4004 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:13:37.0224 4004 NETw5s64 - ok
08:13:37.0785 4004 netw5v64 (ce423855d54594beda633cccbe7e3cf0) C:\Windows\system32\DRIVERS\netw5v64.sys
08:13:37.0884 4004 netw5v64 - ok
08:13:38.0442 4004 NETwNs64 (1d974430131627ad97bd28e5746c2ec1) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:13:38.0554 4004 NETwNs64 - ok
08:13:39.0055 4004 NETwNv64 (75700ccbcbc93ebe422e6589b70f97f0) C:\Windows\system32\DRIVERS\NETwNv64.sys
08:13:39.0160 4004 NETwNv64 - ok
08:13:39.0288 4004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:13:39.0290 4004 nfrd960 - ok
08:13:39.0353 4004 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:13:39.0359 4004 NlaSvc - ok
08:13:39.0365 4004 nmwcdcx64 - ok
08:13:39.0373 4004 nmwcdnsucx64 - ok
08:13:39.0381 4004 nmwcdnsux64 - ok
08:13:39.0389 4004 nmwcdx64 - ok
08:13:39.0419 4004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:13:39.0420 4004 Npfs - ok
08:13:39.0442 4004 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:13:39.0445 4004 nsi - ok
08:13:39.0466 4004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:13:39.0467 4004 nsiproxy - ok
08:13:39.0591 4004 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:13:39.0615 4004 Ntfs - ok
08:13:39.0757 4004 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
08:13:39.0759 4004 ntk_PowerDVD - ok
08:13:39.0792 4004 nTuneService - ok
08:13:39.0911 4004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:13:39.0912 4004 Null - ok
08:13:39.0969 4004 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
08:13:39.0973 4004 NVHDA - ok
08:13:40.0730 4004 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:13:40.0817 4004 nvlddmkm - ok
08:13:40.0919 4004 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
08:13:40.0921 4004 nvoclk64 - ok
08:13:40.0961 4004 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:13:40.0964 4004 nvraid - ok
08:13:40.0991 4004 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:13:40.0995 4004 nvstor - ok
08:13:41.0105 4004 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
08:13:41.0113 4004 nvsvc - ok
08:13:41.0286 4004 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:13:41.0295 4004 nvUpdatusService - ok
08:13:41.0396 4004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:13:41.0399 4004 nv_agp - ok
08:13:41.0419 4004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:13:41.0421 4004 ohci1394 - ok
08:13:41.0480 4004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:13:41.0482 4004 ose - ok
08:13:41.0760 4004 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:13:41.0791 4004 osppsvc - ok
08:13:41.0902 4004 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:13:41.0908 4004 p2pimsvc - ok
08:13:41.0949 4004 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:13:41.0956 4004 p2psvc - ok
08:13:41.0999 4004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:13:42.0002 4004 Parport - ok
08:13:42.0040 4004 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:13:42.0041 4004 partmgr - ok
08:13:42.0066 4004 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:13:42.0071 4004 PcaSvc - ok
08:13:42.0105 4004 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
08:13:42.0107 4004 pccsmcfd - ok
08:13:42.0147 4004 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:13:42.0150 4004 pci - ok
08:13:42.0169 4004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:13:42.0171 4004 pciide - ok
08:13:42.0198 4004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:13:42.0202 4004 pcmcia - ok
08:13:42.0224 4004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:13:42.0226 4004 pcw - ok
08:13:42.0282 4004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:13:42.0290 4004 PEAUTH - ok
08:13:42.0382 4004 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:13:42.0402 4004 PeerDistSvc - ok
08:13:42.0489 4004 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:13:42.0492 4004 PerfHost - ok
08:13:42.0650 4004 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:13:42.0669 4004 pla - ok
08:13:42.0753 4004 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:13:42.0771 4004 PlugPlay - ok
08:13:42.0800 4004 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:13:42.0804 4004 PNRPAutoReg - ok
08:13:42.0835 4004 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:13:42.0839 4004 PNRPsvc - ok
08:13:42.0896 4004 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:13:42.0903 4004 PolicyAgent - ok
08:13:42.0944 4004 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:13:42.0949 4004 Power - ok
08:13:43.0002 4004 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:13:43.0004 4004 PptpMiniport - ok
08:13:43.0035 4004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:13:43.0037 4004 Processor - ok
08:13:43.0078 4004 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:13:43.0082 4004 ProfSvc - ok
08:13:43.0116 4004 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:13:43.0117 4004 ProtectedStorage - ok
08:13:43.0167 4004 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:13:43.0169 4004 Psched - ok
08:13:43.0265 4004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:13:43.0286 4004 ql2300 - ok
08:13:43.0397 4004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:13:43.0399 4004 ql40xx - ok
08:13:43.0432 4004 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:13:43.0437 4004 QWAVE - ok
08:13:43.0454 4004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:13:43.0456 4004 QWAVEdrv - ok
08:13:43.0472 4004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:13:43.0474 4004 RasAcd - ok
08:13:43.0504 4004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:13:43.0506 4004 RasAgileVpn - ok
08:13:43.0523 4004 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:13:43.0527 4004 RasAuto - ok
08:13:43.0564 4004 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:13:43.0566 4004 Rasl2tp - ok
08:13:43.0597 4004 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:13:43.0603 4004 RasMan - ok
08:13:43.0628 4004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:13:43.0631 4004 RasPppoe - ok
08:13:43.0648 4004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:13:43.0651 4004 RasSstp - ok
08:13:43.0696 4004 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:13:43.0701 4004 rdbss - ok
08:13:43.0717 4004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:13:43.0718 4004 rdpbus - ok
08:13:43.0735 4004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:13:43.0736 4004 RDPCDD - ok
08:13:43.0790 4004 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:13:43.0793 4004 RDPDR - ok
08:13:43.0810 4004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:13:43.0811 4004 RDPENCDD - ok
08:13:43.0835 4004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:13:43.0836 4004 RDPREFMP - ok
08:13:43.0909 4004 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
08:13:43.0910 4004 RdpVideoMiniport - ok
08:13:43.0955 4004 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:13:43.0959 4004 RDPWD - ok
08:13:43.0986 4004 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:13:43.0989 4004 rdyboost - ok
08:13:44.0048 4004 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:13:44.0052 4004 RemoteAccess - ok
08:13:44.0098 4004 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:13:44.0101 4004 RemoteRegistry - ok
08:13:44.0139 4004 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:13:44.0142 4004 RFCOMM - ok
08:13:44.0167 4004 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:13:44.0170 4004 RpcEptMapper - ok
08:13:44.0199 4004 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:13:44.0201 4004 RpcLocator - ok
08:13:44.0257 4004 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:13:44.0263 4004 RpcSs - ok
08:13:44.0284 4004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:13:44.0286 4004 rspndr - ok
08:13:44.0323 4004 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:13:44.0325 4004 s3cap - ok
08:13:44.0357 4004 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:13:44.0359 4004 SamSs - ok
08:13:44.0384 4004 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:13:44.0387 4004 sbp2port - ok
08:13:44.0394 4004 SBRE - ok
08:13:44.0422 4004 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:13:44.0426 4004 SCardSvr - ok
08:13:44.0463 4004 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:13:44.0464 4004 scfilter - ok
08:13:44.0546 4004 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:13:44.0562 4004 Schedule - ok
08:13:44.0605 4004 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:13:44.0606 4004 SCPolicySvc - ok
08:13:44.0775 4004 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
08:13:44.0783 4004 ScrybeUpdater - ok
08:13:44.0887 4004 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:13:44.0892 4004 SDRSVC - ok
08:13:44.0932 4004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:13:44.0934 4004 secdrv - ok
08:13:44.0976 4004 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:13:44.0979 4004 seclogon - ok
08:13:45.0014 4004 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:13:45.0018 4004 SENS - ok
08:13:45.0041 4004 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:13:45.0044 4004 SensrSvc - ok
08:13:45.0068 4004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:13:45.0069 4004 Serenum - ok
08:13:45.0093 4004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:13:45.0096 4004 Serial - ok
08:13:45.0133 4004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:13:45.0135 4004 sermouse - ok
08:13:45.0236 4004 ServiceLayer (c52572a3e609989c2cbeed503e95153e) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
08:13:45.0245 4004 ServiceLayer - ok
08:13:45.0304 4004 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:13:45.0309 4004 SessionEnv - ok
08:13:45.0328 4004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:13:45.0329 4004 sffdisk - ok
08:13:45.0341 4004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:13:45.0342 4004 sffp_mmc - ok
08:13:45.0363 4004 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:13:45.0364 4004 sffp_sd - ok
08:13:45.0395 4004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:13:45.0397 4004 sfloppy - ok
08:13:45.0459 4004 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:13:45.0465 4004 SharedAccess - ok
08:13:45.0504 4004 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:13:45.0511 4004 ShellHWDetection - ok
08:13:45.0528 4004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:13:45.0530 4004 SiSRaid2 - ok
08:13:45.0548 4004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:13:45.0550 4004 SiSRaid4 - ok
08:13:45.0570 4004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:13:45.0573 4004 Smb - ok
08:13:45.0607 4004 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:13:45.0610 4004 SNMPTRAP - ok
08:13:45.0624 4004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:13:45.0625 4004 spldr - ok
08:13:45.0681 4004 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:13:45.0687 4004 Spooler - ok
08:13:45.0899 4004 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:13:45.0922 4004 sppsvc - ok
08:13:46.0014 4004 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:13:46.0017 4004 sppuinotify - ok
08:13:46.0107 4004 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
08:13:46.0118 4004 sptd - ok
08:13:46.0260 4004 SpyHunter 4 Service (cef26d36cf0c8a2ae6aac27767070308) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
08:13:46.0272 4004 SpyHunter 4 Service - ok
08:13:46.0402 4004 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:13:46.0409 4004 srv - ok
08:13:46.0448 4004 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:13:46.0454 4004 srv2 - ok
08:13:46.0478 4004 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:13:46.0481 4004 srvnet - ok
08:13:46.0526 4004 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:13:46.0529 4004 SSDPSRV - ok
08:13:46.0566 4004 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
08:13:46.0567 4004 SSPORT - ok
08:13:46.0586 4004 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:13:46.0589 4004 SstpSvc - ok
08:13:46.0616 4004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:13:46.0618 4004 stexstor - ok
08:13:46.0684 4004 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:13:46.0694 4004 stisvc - ok
08:13:46.0730 4004 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:13:46.0731 4004 storflt - ok
08:13:46.0753 4004 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:13:46.0755 4004 storvsc - ok
08:13:46.0772 4004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:13:46.0774 4004 swenum - ok
08:13:46.0817 4004 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:13:46.0826 4004 swprv - ok
08:13:46.0834 4004 Synth3dVsc - ok
08:13:46.0957 4004 SynTP (1bfdd504f8c2e76b74e86ccf11283368) C:\Windows\system32\DRIVERS\SynTP.sys
08:13:46.0977 4004 SynTP - ok
08:13:47.0192 4004 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:13:47.0215 4004 SysMain - ok
08:13:47.0282 4004 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:13:47.0286 4004 TabletInputService - ok
08:13:47.0317 4004 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:13:47.0322 4004 TapiSrv - ok
08:13:47.0357 4004 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:13:47.0361 4004 TBS - ok
08:13:47.0501 4004 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:13:47.0526 4004 Tcpip - ok
08:13:47.0679 4004 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:13:47.0691 4004 TCPIP6 - ok
08:13:47.0766 4004 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:13:47.0768 4004 tcpipreg - ok
08:13:47.0802 4004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:13:47.0804 4004 TDPIPE - ok
08:13:47.0838 4004 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:13:47.0840 4004 TDTCP - ok
08:13:47.0880 4004 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:13:47.0881 4004 tdx - ok
08:13:47.0922 4004 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:13:47.0924 4004 TermDD - ok
08:13:47.0976 4004 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:13:47.0982 4004 TermService - ok
08:13:48.0013 4004 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:13:48.0016 4004 Themes - ok
08:13:48.0044 4004 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:13:48.0046 4004 THREADORDER - ok
08:13:48.0065 4004 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:13:48.0069 4004 TrkWks - ok
08:13:48.0125 4004 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:13:48.0127 4004 TrustedInstaller - ok
08:13:48.0173 4004 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:13:48.0175 4004 tssecsrv - ok
08:13:48.0217 4004 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:13:48.0219 4004 TsUsbFlt - ok
08:13:48.0227 4004 tsusbhub - ok
08:13:48.0270 4004 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:13:48.0272 4004 tunnel - ok
08:13:48.0311 4004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:13:48.0313 4004 uagp35 - ok
08:13:48.0364 4004 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:13:48.0369 4004 udfs - ok
08:13:48.0409 4004 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:13:48.0413 4004 UI0Detect - ok
08:13:48.0454 4004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:13:48.0456 4004 uliagpkx - ok
08:13:48.0478 4004 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:13:48.0480 4004 umbus - ok
08:13:48.0495 4004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:13:48.0497 4004 UmPass - ok
08:13:48.0536 4004 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:13:48.0541 4004 UmRdpService - ok
08:13:48.0618 4004 UpdateCenterService - ok
08:13:48.0676 4004 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:13:48.0682 4004 upnphost - ok
08:13:48.0690 4004 upperdev - ok
08:13:48.0734 4004 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:13:48.0736 4004 usbccgp - ok
08:13:48.0761 4004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:13:48.0764 4004 usbcir - ok
08:13:48.0802 4004 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:13:48.0804 4004 usbehci - ok
08:13:48.0844 4004 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:13:48.0849 4004 usbhub - ok
08:13:48.0885 4004 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:13:48.0887 4004 usbohci - ok
08:13:48.0903 4004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:13:48.0905 4004 usbprint - ok
08:13:48.0935 4004 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:13:48.0937 4004 usbscan - ok
08:13:48.0975 4004 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
08:13:48.0977 4004 usbser - ok
08:13:48.0985 4004 UsbserFilt - ok
08:13:49.0026 4004 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:13:49.0028 4004 USBSTOR - ok
08:13:49.0072 4004 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:13:49.0073 4004 usbuhci - ok
08:13:49.0103 4004 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:13:49.0107 4004 usbvideo - ok
08:13:49.0139 4004 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:13:49.0145 4004 UxSms - ok
08:13:49.0183 4004 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:13:49.0185 4004 VaultSvc - ok
08:13:49.0236 4004 VBoxNetAdp (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
08:13:49.0239 4004 VBoxNetAdp - ok
08:13:49.0247 4004 VBoxNetFlt - ok
08:13:49.0291 4004 VBoxUSB (533ca8ac465f00ae5283c76c3737ab8c) C:\Windows\system32\Drivers\VBoxUSB.sys
08:13:49.0293 4004 VBoxUSB - ok
08:13:49.0315 4004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:13:49.0317 4004 vdrvroot - ok
08:13:49.0377 4004 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:13:49.0387 4004 vds - ok
08:13:49.0418 4004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:13:49.0420 4004 vga - ok
08:13:49.0440 4004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:13:49.0442 4004 VgaSave - ok
08:13:49.0450 4004 VGPU - ok
08:13:49.0501 4004 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:13:49.0504 4004 vhdmp - ok
08:13:49.0523 4004 vhjrap - ok
08:13:49.0545 4004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:13:49.0546 4004 viaide - ok
08:13:49.0576 4004 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:13:49.0578 4004 vmbus - ok
08:13:49.0597 4004 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:13:49.0599 4004 VMBusHID - ok
08:13:49.0622 4004 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:13:49.0623 4004 volmgr - ok
08:13:49.0676 4004 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:13:49.0681 4004 volmgrx - ok
08:13:49.0716 4004 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:13:49.0722 4004 volsnap - ok
08:13:49.0752 4004 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
08:13:49.0755 4004 vpcbus - ok
08:13:49.0789 4004 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
08:13:49.0791 4004 vpcnfltr - ok
08:13:49.0813 4004 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
08:13:49.0815 4004 vpcusb - ok
08:13:49.0835 4004 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
08:13:49.0836 4004 vpcuxd - ok
08:13:49.0888 4004 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
08:13:49.0893 4004 vpcvmm - ok
08:13:49.0934 4004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:13:49.0937 4004 vsmraid - ok
08:13:50.0052 4004 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:13:50.0073 4004 VSS - ok
08:13:50.0171 4004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:13:50.0172 4004 vwifibus - ok
08:13:50.0195 4004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:13:50.0197 4004 vwififlt - ok
08:13:50.0220 4004 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:13:50.0221 4004 vwifimp - ok
08:13:50.0276 4004 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:13:50.0284 4004 W32Time - ok
08:13:50.0306 4004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:13:50.0308 4004 WacomPen - ok
08:13:50.0350 4004 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:13:50.0352 4004 WANARP - ok
08:13:50.0360 4004 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:13:50.0361 4004 Wanarpv6 - ok
08:13:50.0465 4004 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:13:50.0490 4004 wbengine - ok
08:13:50.0578 4004 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:13:50.0583 4004 WbioSrvc - ok
08:13:50.0641 4004 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:13:50.0648 4004 wcncsvc - ok
08:13:50.0671 4004 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:13:50.0675 4004 WcsPlugInService - ok
08:13:50.0710 4004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:13:50.0712 4004 Wd - ok
08:13:50.0766 4004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:13:50.0774 4004 Wdf01000 - ok
08:13:50.0798 4004 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:13:50.0802 4004 WdiServiceHost - ok
08:13:50.0810 4004 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:13:50.0814 4004 WdiSystemHost - ok
08:13:50.0859 4004 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:13:50.0865 4004 WebClient - ok
08:13:50.0902 4004 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:13:50.0908 4004 Wecsvc - ok
08:13:50.0941 4004 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:13:50.0944 4004 wercplsupport - ok
08:13:50.0965 4004 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:13:50.0969 4004 WerSvc - ok
08:13:50.0995 4004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:13:50.0997 4004 WfpLwf - ok
08:13:51.0017 4004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:13:51.0019 4004 WIMMount - ok
08:13:51.0067 4004 WinDefend - ok
08:13:51.0083 4004 WinHttpAutoProxySvc - ok
08:13:51.0150 4004 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:13:51.0154 4004 Winmgmt - ok
08:13:51.0289 4004 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:13:51.0320 4004 WinRM - ok
08:13:51.0446 4004 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
08:13:51.0448 4004 WinUsb - ok
08:13:51.0520 4004 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:13:51.0534 4004 Wlansvc - ok
08:13:51.0615 4004 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:13:51.0617 4004 wlcrasvc - ok
08:13:51.0763 4004 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:13:51.0778 4004 wlidsvc - ok
08:13:51.0888 4004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:13:51.0889 4004 WmiAcpi - ok
08:13:51.0958 4004 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:13:51.0962 4004 wmiApSrv - ok
08:13:51.0989 4004 WMPNetworkSvc - ok
08:13:52.0015 4004 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:13:52.0019 4004 WPCSvc - ok
08:13:52.0062 4004 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:13:52.0066 4004 WPDBusEnum - ok
08:13:52.0093 4004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:13:52.0095 4004 ws2ifsl - ok
08:13:52.0121 4004 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:13:52.0125 4004 wscsvc - ok
08:13:52.0134 4004 WSearch - ok
08:13:52.0301 4004 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:13:52.0336 4004 wuauserv - ok
08:13:52.0459 4004 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:13:52.0462 4004 WudfPf - ok
08:13:52.0491 4004 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:13:52.0494 4004 WUDFRd - ok
08:13:52.0548 4004 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:13:52.0553 4004 wudfsvc - ok
08:13:52.0595 4004 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:13:52.0601 4004 WwanSvc - ok
08:13:52.0741 4004 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
08:13:52.0743 4004 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
08:13:52.0787 4004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:13:52.0972 4004 \Device\Harddisk0\DR0 - ok
08:13:52.0976 4004 Boot (0x1200) (a044a353604733313112c73a4e4d814f) \Device\Harddisk0\DR0\Partition0
08:13:52.0977 4004 \Device\Harddisk0\DR0\Partition0 - ok
08:13:52.0990 4004 Boot (0x1200) (91afe42045d5336527c136428d2ea7b4) \Device\Harddisk0\DR0\Partition1
08:13:52.0992 4004 \Device\Harddisk0\DR0\Partition1 - ok
08:13:53.0008 4004 Boot (0x1200) (b2f8316772cc0049a3856763b461cfd2) \Device\Harddisk0\DR0\Partition2
08:13:53.0010 4004 \Device\Harddisk0\DR0\Partition2 - ok
08:13:53.0010 4004 ============================================================
08:13:53.0010 4004 Scan finished
08:13:53.0010 4004 ============================================================
08:13:53.0023 2636 Detected object count: 0
08:13:53.0024 2636 Actual detected object count: 0
08:16:22.0784 4936 Deinitialize success

I couldn't run aswMBR cause it crashes every time. I tried to run it twice after TDSSkiller and then rebooted and tried again with no luck.

Here's aswMBR's crash log if it helps:


Ongelman tunniste:
Ongelmatapahtuman nimi: APPCRASH
Sovelluksen nimi: aswMBR.exe
Sovelluksen versio: 0.9.9.1665
Sovelluksen aikaleima: 4f5f9c86
Vikamoduulin nimi: ntdll.dll
Vikamoduulin versio: 6.1.7601.17725
Vikamoduulin aikaleima: 4ec49b8f
Poikkeuskoodi: c0000005
Poikkeuksen poikkeama: 0002e3be
Käyttöjärjestelmän versio: 6.1.7601.2.1.0.256.1
Aluekohtaisten asetusten tunnus: 1035
Lisätietoja 1: 0a9e
Lisätietoja 2: 0a9e372d3b4ad19135b953a78882e789
Lisätietoja 3: 0a9e
Lisätietoja 4: 0a9e372d3b4ad19135b953a78882e789

Lue tietosuojatiedot verkossa:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x040b

Jos tietosuojatiedot verkossa eivät ole käytettävissä, voit lukea tietosuojatiedot myös offline-tilassa:
C:\Windows\system32\fi-FI\erofflps.txt

Thanks

-k3tone

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 18 July 2012 - 12:57 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
vhjrap

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 18 July 2012 - 01:49 AM

Hi and thanks for very quick reply!

Here's Combofix report:


ComboFix 12-07-16.01 - Mikko_2 18.07.2012 9:37.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.4093.2669 [GMT 3:00]
Sijainti: c:\users\Mikko\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Mikko\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Uusi palautuspiste luotu
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VHJRAP
-------\Service_vhjrap
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-06-18 to 2012-07-18 )))))))))))))))))
.
.
2012-07-18 06:43 . 2012-07-18 06:43 -------- d-----w- c:\users\Mikko_2\AppData\Local\temp
2012-07-18 06:43 . 2012-07-18 06:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 06:25 . 2012-07-18 06:25 -------- d-----w- c:\windows\LastGood
2012-07-18 06:25 . 2009-03-09 13:58 60416 ----a-w- c:\windows\system32\drivers\itecir.sys
2012-07-16 10:42 . 2012-07-16 10:42 -------- d-----w- C:\FRST
2012-07-14 09:32 . 2012-07-14 09:32 -------- d-----w- C:\sh4ldr
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-14 09:32 . 2012-07-14 09:32 110080 ----a-r- c:\users\Mikko_2\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-14 09:32 . 2012-07-14 09:32 -------- d-----w- c:\program files\Enigma Software Group
2012-07-14 09:31 . 2012-07-14 09:32 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-14 09:31 . 2012-07-14 09:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-14 08:01 . 2012-07-14 08:01 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\Malwarebytes
2012-07-14 08:01 . 2012-07-14 08:01 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 08:01 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 05:09 . 2012-07-14 08:17 -------- d-----w- C:\CCE_Quarantine
2012-07-13 19:00 . 2012-07-13 19:00 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\AVG
2012-07-13 18:47 . 2012-07-13 18:47 -------- d-----w- c:\users\Mikko\AppData\Roaming\AVG2012
2012-07-13 18:41 . 2012-07-13 18:41 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-13 18:40 . 2012-07-18 05:46 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-13 18:40 . 2012-07-13 18:56 -------- d-----w- c:\programdata\AVG2012
2012-07-13 18:40 . 2012-07-13 18:40 -------- d-----w- C:\$AVG
2012-07-13 18:37 . 2012-07-18 05:46 -------- d-----w- c:\programdata\MFAData
2012-07-13 18:37 . 2012-07-13 18:37 -------- d--h--w- c:\programdata\Common Files
2012-07-13 18:35 . 2012-07-13 18:35 -------- d-----w- c:\programdata\GFI Software
2012-07-13 05:43 . 2012-07-13 05:43 -------- d-----w- c:\users\Mikko\AppData\Local\adaware
2012-07-12 17:40 . 2012-07-12 17:49 -------- d-----w- c:\users\Mikko_2\AppData\Roaming\Ad-Aware Antivirus
2012-07-12 17:36 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-12 17:35 . 2012-07-13 18:42 -------- d-----w- c:\programdata\AVAST Software
2012-07-11 05:39 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\users\Mikko\AppData\Roaming\SystemRequirementsLab
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-06 05:07 . 2012-07-06 05:07 -------- d-----w- c:\program files (x86)\Java
2012-07-05 04:25 . 2012-07-05 04:25 -------- d-----w- c:\users\Mikko\AppData\Local\Macromedia
2012-07-04 04:49 . 2012-07-04 04:49 -------- d-----w- c:\programdata\McAfee
2012-07-04 04:49 . 2012-07-12 13:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-04 04:49 . 2012-07-12 13:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-04 04:49 . 2012-07-04 04:49 -------- d-----w- c:\windows\system32\Macromed
2012-06-27 11:23 . 2012-06-27 11:23 -------- d-----w- c:\program files (x86)\Oracle
2012-06-27 11:23 . 2012-05-04 16:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-27 06:06 . 2012-06-27 06:06 -------- d-----w- c:\users\UpdatusUser
2012-06-27 06:06 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-27 06:06 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-27 06:06 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-27 06:06 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-27 06:06 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-27 06:06 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-27 06:05 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-27 06:05 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-27 06:05 . 2012-06-27 06:05 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-25 05:58 . 2012-06-25 05:58 -------- d-----w- c:\program files (x86)\Garmin
2012-06-21 06:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 06:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:08 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:08 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 22:20 . 2012-06-18 22:20 2203776 ----a-w- c:\program files (x86)\Common Files\System\MSMAPI\MSNCON32.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 18:22 . 2010-06-04 14:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-13 18:22 . 2010-05-24 17:53 460624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-19 05:21 . 2010-05-24 17:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-19 05:21 . 2010-06-07 16:29 460624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-15 09:29 . 2012-06-27 06:06 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 04:01 . 2012-06-13 03:52 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 03:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 16:29 . 2010-05-06 17:59 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 03:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 03:51 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 03:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 03:51 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-13 03:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 03:51 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 03:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:51 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:51 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 03:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_06.43.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-17 06:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-18 06:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-18 06:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 06:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 06:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 06:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 09:05 . 2012-07-18 06:28 49860 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-18 06:28 49128 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-26 08:17 . 2012-07-18 06:28 17394 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3956303362-521451700-1098953867-1000_UserData.bin
- 2010-03-26 08:08 . 2012-07-17 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-26 08:08 . 2012-07-18 06:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-26 08:08 . 2012-07-18 06:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-26 08:08 . 2012-07-17 06:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 06:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 13:21 . 2012-07-18 06:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-26 13:21 . 2012-07-17 06:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-26 13:21 . 2012-07-17 06:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-26 13:21 . 2012-07-18 06:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-26 13:21 . 2012-07-17 06:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 13:21 . 2012-07-18 06:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-26 09:07 . 2012-07-17 06:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-26 09:07 . 2012-07-18 06:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-26 09:07 . 2012-07-17 06:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-26 09:07 . 2012-07-18 06:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-17 06:23 . 2009-03-09 13:58 60416 c:\windows\LastGood\system32\DRIVERS\itecir.sys
+ 2012-07-18 06:25 . 2009-03-09 13:58 60416 c:\windows\LastGood\system32\DRIVERS\itecir.sys
- 2012-07-17 06:23 . 2012-07-17 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 06:24 . 2012-07-18 06:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 06:24 . 2012-07-18 06:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-17 06:23 . 2012-07-17 06:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-18 06:23 506724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-17 06:22 506724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="d:\rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="d:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Maple_S2P"="c:\program files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe" [2007-01-16 253952]
"BCSSync"="d:\microsoft office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-11-21 234792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="d:\avg\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\users\Mikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - d:\rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - d:\bluetooth software\BTTray.exe [2007-4-24 985904]
Logitech SetPoint.lnk - d:\logitech\SetPoint\SetPoint.exe [2010-10-12 1207312]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe [2010-6-12 303456]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-1-3 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Ad-Aware Antivirus\Definitions\0d:\avg\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 !SASCORE;SAS Core Service; [x]
R2 AVGIDSAgent;AVGIDSAgent;d:\avg\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-26 1038088]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-09-28 169048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw5s64;Intel® Wireless WiFi Link -sovitinohjain 7 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain Vista 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\netw5v64.sys [2010-05-31 7533568]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain Vista 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETwNv64.sys [2011-01-19 7886848]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 144784]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-08 42896]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB-virtualisointikantapalvelu;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-26 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/25 13:27];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-11-16 09:00 148976]
S2 avgwd;AVG WatchDog;d:\avg\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-21 75248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 -sarjan sovitinohjain 7 64-bit -käyttöjärjestelmään;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-23 8616960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 13:06]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000Core.job
- c:\users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 14:48]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956303362-521451700-1098953867-1000UA.job
- c:\users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Täydentävä tarkistus -------
.
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\micros~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office14\ONBttnIE.dll/105
IE: Search the Web
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Mikko_2\AppData\Roaming\Mozilla\Firefox\Profiles\jbvn7j8o.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
HKLM-Run-combofix - c:\combofix\CF13749.3XE
HKLM-RunOnce-combofix - c:\combofix\CF13749.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2012-07-18 09:45:25
ComboFix-quarantined-files.txt 2012-07-18 06:45
ComboFix2.txt 2012-07-17 06:45
.
Ennen ajoa: 14 673 739 776 tavua vapaana
Ajon jälkeen: 14 617 829 376 tavua vapaana
.
- - End Of File - - 63B0876435B993074135435FF0A5864F

Had a same problem with running Combofix as described before.

Computer feels again slightly quicker.
I'll edit if I notice something else.

-k3tone

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 18 July 2012 - 01:54 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
DAEMON Tools Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 k3tone

k3tone
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 18 July 2012 - 04:53 AM

Hi again Gringo!

Here's MBAM log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mikko :: MIKKO-PC [limited]

18.7.2012 12:35:46
mbam-log-2012-07-18 (12-35-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201467
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:51, on 18.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
D:\Rainlendar2\Rainlendar2.exe
D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\AVG\AVG2012\avgtray.exe
D:\AVG\AVG2012\avgcfgex.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mikko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mikko\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Maple_S2P] C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [BCSSync] "D:\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "D:\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-21-3956303362-521451700-1098953867-1000\..\Run: [Google Update] "C:\Users\Mikko\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Mikko')
O4 - HKUS\S-1-5-21-3956303362-521451700-1098953867-1000\..\Run: [AdobeBridge] (User 'Mikko')
O4 - HKUS\S-1-5-21-3956303362-521451700-1098953867-1000\..\Run: [Rainlendar2] D:\Rainlendar2\Rainlendar2.exe (User 'Mikko')
O4 - HKUS\S-1-5-21-3956303362-521451700-1098953867-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3956303362-521451700-1098953867-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-3956303362-521451700-1098953867-1000 Startup: Rainmeter.lnk = D:\Rainmeter\Rainmeter.exe (User 'Mikko')
O4 - S-1-5-21-3956303362-521451700-1098953867-1000 User Startup: Rainmeter.lnk = D:\Rainmeter\Rainmeter.exe (User 'Mikko')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Outlook 2010.lnk = ?
O4 - Global Startup: Scrybe.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Lähetä Bluetooth-laitteeseen - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Lähetä &Bluetooth-laitteeseen... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - - (no file)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: BITS (Background Intelligent Transfer Service) -palvelu (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Työasema (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TCP/IP NetBIOS -apusovellus (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - D:\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Vertaisverkkoryhmittely (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Tiedostolinkkijäljityksen asiakas (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Windowsin nopea yhteydenmuodostus - Määritysrekisteröinti (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 26542 bytes

This time I didn't have any problems with running these aps.

Haven't had any messages from AVR for a long time and computer feels pretty fast now.. :-)

-k3tone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users