Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, and popups, and disabled AV, oh my!


  • This topic is locked This topic is locked
15 replies to this topic

#1 bppubjr

bppubjr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 23 July 2012 - 12:38 AM

(I accidentally posted this in the Windows 7 forum, so hopefully I don't catch too much of an earful.) In any case, when I click on links, especially from Google searches, I almost always get redirected. I can go back and try it again and after the 3rd or 4th time it usually works. These are often, but not always, accompanied by popups. In addition, my anti-virus, Trend Micro Titanium 2012, has stopped working. The AV has been non-functional for a few months, but the redirects and popups are only a couple weeks old. Not sure if the problems are related, but I have read (on here, in fact) that some rootkits will display these symptoms.

I have run MBAM a couple of times, but every time I do, it comes up with the same infection and then purportedly removes it, only to have it show up again on subsequent scans. I have also tried some solutions I found on this site, kind of at random, including TDSS, RogueKiller, and yorkyt, (though, significantly, as I understand, NOT combofix) which seemed to fix the problem temporarily. However, I'm concerned that "throwing things against the wall and seeing what sticks" will cause more harm than good.

I use Firefox almost exclusively, but the problem appears to exist in IE9 as well.

On a side note, my homegroup seems to have been disabled, I can't even leave it. Not sure if this has anything at all to do with the problem I'm seeking help for, but I just thought I'd throw that out there, just in case.

Thanks in advance,
Kevin P. Miller

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:54 PM

Posted 23 July 2012 - 01:05 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 28 July 2012 - 12:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462025 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 bppubjr

bppubjr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 01 August 2012 - 09:23 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by KPM at 19:15:54 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2349 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe
C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Corner Bowl Software\Log Manager\cblmsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\Program Files\Corner Bowl Software\Log Manager\cblmti.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\splwow64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [xNeat Clipboard Manager] C:\Program Files (x86)\xNeat Application Builder\xNeatClipMngr.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
StartupFolder: C:\Users\KPM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IOCONT~1.LNK - C:\Windows\Installer\{B8A6EF27-E73B-47F9-83D5-62D652E0E2E4}\NewShortcut5_2AA07447F06844BA88FA6CE6A9CE3FFC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVREAL~1.LNK - C:\Program Files (x86)\UV Realtime\UVRTAutostart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60}\2375942554239383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60}\2375942554534313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60}\2456374702755637475627E6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60}\D494C4C4542584F4D454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E838D14-0FCA-439B-858C-E6DE31523E60}\E4144555E49465 : DhcpNameServer = 10.248.4.2
TCP: Interfaces\{983FA2A0-9697-4D17-8E66-83ED1C8BA418} : DhcpNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KPM\AppData\Roaming\Mozilla\Firefox\Profiles\f7cx4nwt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-28 98208]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2012-2-23 69992]
R2 AgtMdnsResponder;Agilent mDNS Responder Service;C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2011-3-21 424960]
R2 Corner Bowl Log Manager;Corner Bowl Log Manager;C:\Program Files\Corner Bowl Software\Log Manager\cblmsrv.exe [2011-6-27 119808]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2012-1-7 98304]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-28 13336]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-28 2320920]
R3 AgilentPXIResourceManager;Agilent PXI Resource Manager;C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2012-2-23 200040]
R3 AgPciMem;AgPciMem;C:\Program Files\Agilent\IO Libraries Suite\agPcimem.sys [2012-2-23 14448]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2012-1-7 3735552]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-12-21 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 Andbus;LGE Android Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-30 136176]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MAUSBPRODUCER;Service for M-Audio Producer;C:\Windows\system32\DRIVERS\MAudioProducer.sys --> C:\Windows\system32\DRIVERS\MAudioProducer.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys --> C:\Windows\system32\Drivers\tascusb2.sys [?]
S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys --> C:\Windows\system32\drivers\tscusb2m.sys [?]
S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;C:\Windows\system32\drivers\tscusb2a.sys --> C:\Windows\system32\drivers\tscusb2a.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-21 08:17:29 -------- d--h--w- C:\ProgramData\CanonIJEGV
2012-07-21 08:15:15 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-07-21 08:15:15 -------- d--h--w- C:\ProgramData\CanonEPP
2012-07-21 08:06:06 373248 ----a-w- C:\Windows\System32\CNC_AQL.dll
2012-07-21 08:06:06 323584 ----a-w- C:\Windows\SysWow64\CNC_AQL.dll
2012-07-21 08:06:06 302080 ----a-w- C:\Windows\System32\CNC_AQC.dll
2012-07-21 08:06:06 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2012-07-21 08:06:06 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2012-07-21 08:06:06 114688 ----a-w- C:\Windows\SysWow64\CNC_AQU.dll
2012-07-21 08:06:06 112128 ----a-w- C:\Windows\System32\CNC_AQI.dll
2012-07-21 08:01:21 -------- d-----w- C:\Program Files\Common Files\CANON
2012-07-21 08:01:09 -------- d-----w- C:\ProgramData\CanonIJWSpt
2012-07-21 07:59:35 -------- d-----w- C:\Program Files\Canon
2012-07-21 07:58:58 98816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAQ.DLL
2012-07-21 07:58:58 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAQ.DLL
2012-07-21 07:58:47 385536 ----a-w- C:\Windows\System32\CNMLMAQ.DLL
2012-07-21 07:58:41 256000 ----a-w- C:\Windows\System32\CNMIUAQ.DLL
2012-07-21 07:57:47 -------- d-----w- C:\Program Files (x86)\Canon
2012-07-20 23:58:01 311808 ----a-w- C:\Users\KPM\AppData\Local\aosmzdtf.exe
2012-07-16 03:39:43 -------- d-----w- C:\ProgramData\0C1CFAF40000F198A8D75EFD4F147CE7
2012-07-16 03:39:38 -------- d-----w- C:\Users\KPM\AppData\Local\{DB7B6B8B-CEF7-11E1-8270-B8AC6F996F26}
2012-07-16 03:39:35 359936 ----a-w- C:\Users\KPM\AppData\Roaming\msqlap.dll
2012-07-12 10:04:44 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:33:13 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-09 04:20:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-07-27 15:13:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 15:13:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 19:16:56.52 ===============

Attached Files



#5 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 02 August 2012 - 12:05 AM

Hi bppubjr

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

#6 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 03 August 2012 - 07:36 AM

Hi bppubjr

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Now ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Download Security Check by screen317 from here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please include the C:\ComboFix.txt, the Security Check log and the TDSSKiller log in your next reply for further review.

White Warrior

#7 bppubjr

bppubjr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 August 2012 - 12:48 PM

TDSSKiller didn't find anything, and didn't generate a log.

ComboFix 12-07-31.06 - KPM 08/03/2012 10:15:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2435 [GMT -7:00]
Running from: c:\users\KPM\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KPM\AppData\Local\aosmzdtf.exe
c:\users\KPM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\KPM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\KPM\AppData\Roaming\msqlap.dll
c:\users\KPM\Documents\~WRL0005.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\msvcrt.1
c:\windows\SysWow64\msvcrt.2
c:\windows\SysWow64\msvcrt.3
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 17:27 . 2012-08-03 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 08:17 . 2012-07-21 08:17 -------- d--h--w- c:\programdata\CanonIJEGV
2012-07-21 08:15 . 2012-07-21 08:15 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2012-07-21 08:15 . 2012-07-21 08:15 -------- d--h--w- c:\programdata\CanonEPP
2012-07-21 08:15 . 2012-07-21 08:15 -------- d-----w- c:\users\KPM\AppData\Roaming\Canon
2012-07-21 08:06 . 2011-04-27 18:01 373248 ----a-w- c:\windows\system32\CNC_AQL.dll
2012-07-21 08:06 . 2011-04-27 18:00 323584 ----a-w- c:\windows\SysWow64\CNC_AQL.dll
2012-07-21 08:06 . 2011-03-31 17:07 114688 ----a-w- c:\windows\SysWow64\CNC_AQU.dll
2012-07-21 08:06 . 2011-03-31 17:07 302080 ----a-w- c:\windows\system32\CNC_AQC.dll
2012-07-21 08:06 . 2011-03-31 17:06 112128 ----a-w- c:\windows\system32\CNC_AQI.dll
2012-07-21 08:06 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-07-21 08:06 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-07-21 08:01 . 2012-07-21 08:01 -------- d-----w- c:\program files\Common Files\CANON
2012-07-21 08:01 . 2012-07-21 08:01 -------- d-----w- c:\programdata\CanonIJWSpt
2012-07-21 07:59 . 2012-07-21 07:59 -------- d-----w- c:\program files\Canon
2012-07-21 07:58 . 2012-07-21 07:58 -------- d--h--w- c:\programdata\CanonBJ
2012-07-21 07:58 . 2011-05-23 12:00 98816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAQ.DLL
2012-07-21 07:58 . 2011-05-23 12:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAQ.DLL
2012-07-21 07:58 . 2012-07-21 07:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-21 07:58 . 2011-05-23 12:00 385536 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2012-07-21 07:58 . 2011-02-03 09:20 256000 ----a-w- c:\windows\system32\CNMIUAQ.DLL
2012-07-21 07:57 . 2012-07-21 08:02 -------- d-----w- c:\program files (x86)\Canon
2012-07-16 03:39 . 2012-07-16 04:08 -------- d-----w- c:\programdata\0C1CFAF40000F198A8D75EFD4F147CE7
2012-07-16 03:39 . 2012-07-16 03:39 -------- d-----w- c:\users\KPM\AppData\Local\{DB7B6B8B-CEF7-11E1-8270-B8AC6F996F26}
2012-07-12 10:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:33 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 04:20 . 2012-07-09 04:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:13 . 2012-04-12 02:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 07:13 . 2011-06-24 17:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-05-20 15:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 02:46 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:46 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:46 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-05 1612920]
.
c:\users\KPM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IO Control.lnk - c:\windows\Installer\{B8A6EF27-E73B-47F9-83D5-62D652E0E2E4}\NewShortcut5_2AA07447F06844BA88FA6CE6A9CE3FFC.exe [2012-4-30 40960]
UV Realtime.lnk - c:\program files (x86)\UV Realtime\UVRTAutostart.exe [2012-2-18 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-01-25 19456]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-01-25 27648]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-01-25 27136]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-01-25 33792]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-01-11 31744]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\DRIVERS\MAudioProducer.sys [2010-03-09 187912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2012-01-14 419160]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2012-01-14 31576]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2012-01-14 53080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-06 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-07-26 53488]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AgilentIOLibrariesService;Agilent IO Libraries Service;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2012-02-24 69992]
S2 AgtMdnsResponder;Agilent mDNS Responder Service;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2011-03-21 424960]
S2 Corner Bowl Log Manager;Corner Bowl Log Manager;c:\program files\Corner Bowl Software\Log Manager\cblmsrv.exe [2011-06-27 119808]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AgilentPXIResourceManager;Agilent PXI Resource Manager;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2012-02-24 200040]
S3 AgPciMem;AgPciMem;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys [2012-02-24 14448]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-30 21072]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:13]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 04:32]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Corner Bowl Log Manager"="c:\program files\Corner Bowl Software\Log Manager\cblmti.exe" [2011-06-27 40192]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-08-02 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-03-09 798728]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\KPM\AppData\Roaming\Mozilla\Firefox\Profiles\f7cx4nwt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-xNeat Clipboard Manager - c:\program files (x86)\xNeat Application Builder\xNeatClipMngr.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-03 10:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 17:36
.
Pre-Run: 384,462,098,432 bytes free
Post-Run: 384,622,530,560 bytes free
.
- - End Of File - - F3E73B0742FB72366279FEFF26736BA0

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#8 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 06 August 2012 - 06:30 AM

Hi bppubjr

TDSSKiller produces a log even when nothing is found. Please see if it has been saved in this location.
Look in the root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
If it is not there please run the program again.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Double Click MBAM
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Logs needed
TDSSKiller log
aswMBR log
MBAM log

How is the computer running now?

White Warrior

#9 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 08 August 2012 - 01:48 PM

Hi

Do you still want my help?
There are other users who can use my help.
Please post a reply telling me what you want to do within the next 48 hours.
Also going forward, you will need to reply to this thread within 1 to 2 days or I will close the thread.

White Warrior

#10 bppubjr

bppubjr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 08 August 2012 - 10:20 PM

I reran all the previously prescribed utilities since the problem has not been resolved and due to the amount of time that has elapsed and the online activity which has, by necessity, taken place since.

18:48:08.0778 8488 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:48:09.0163 8488 ============================================================
18:48:09.0163 8488 Current date / time: 2012/08/08 18:48:09.0163
18:48:09.0164 8488 SystemInfo:
18:48:09.0164 8488
18:48:09.0164 8488 OS Version: 6.1.7600 ServicePack: 0.0
18:48:09.0164 8488 Product type: Workstation
18:48:09.0164 8488 ComputerName: KPM-LAPTOP
18:48:09.0164 8488 UserName: KPM
18:48:09.0164 8488 Windows directory: C:\Windows
18:48:09.0164 8488 System windows directory: C:\Windows
18:48:09.0164 8488 Running under WOW64
18:48:09.0164 8488 Processor architecture: Intel x64
18:48:09.0164 8488 Number of processors: 2
18:48:09.0164 8488 Page size: 0x1000
18:48:09.0164 8488 Boot type: Normal boot
18:48:09.0164 8488 ============================================================
18:48:09.0635 8488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:48:09.0640 8488 ============================================================
18:48:09.0640 8488 \Device\Harddisk0\DR0:
18:48:09.0640 8488 MBR partitions:
18:48:09.0640 8488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:48:09.0640 8488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380E8800
18:48:09.0640 8488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3814C800, BlocksNum 0x2205800
18:48:09.0640 8488 ============================================================
18:48:09.0661 8488 C: <-> \Device\Harddisk0\DR0\Partition1
18:48:09.0723 8488 D: <-> \Device\Harddisk0\DR0\Partition2
18:48:09.0723 8488 ============================================================
18:48:09.0723 8488 Initialize success
18:48:09.0723 8488 ============================================================
18:48:12.0811 8584 ============================================================
18:48:12.0811 8584 Scan started
18:48:12.0811 8584 Mode: Manual;
18:48:12.0811 8584 ============================================================
18:48:17.0227 8584 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:48:17.0242 8584 1394ohci - ok
18:48:17.0286 8584 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:48:17.0307 8584 ACPI - ok
18:48:17.0328 8584 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:48:17.0331 8584 AcpiPmi - ok
18:48:17.0438 8584 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:17.0441 8584 AdobeARMservice - ok
18:48:17.0619 8584 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:48:17.0631 8584 AdobeFlashPlayerUpdateSvc - ok
18:48:17.0709 8584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:17.0736 8584 adp94xx - ok
18:48:17.0789 8584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:17.0810 8584 adpahci - ok
18:48:17.0846 8584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:17.0852 8584 adpu320 - ok
18:48:17.0883 8584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:17.0886 8584 AeLookupSvc - ok
18:48:17.0973 8584 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:48:17.0977 8584 AERTFilters - ok
18:48:18.0066 8584 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:48:18.0088 8584 AFD - ok
18:48:18.0192 8584 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:48:18.0254 8584 AgereSoftModem - ok
18:48:18.0335 8584 AgilentIOLibrariesService (2d4d659a276dcf976991f5c4a6007e85) C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe
18:48:18.0341 8584 AgilentIOLibrariesService - ok
18:48:18.0479 8584 AgilentPXIResourceManager (0eb6164e35e9a55b9a31df41a6c3e4f7) C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe
18:48:18.0494 8584 AgilentPXIResourceManager - ok
18:48:18.0607 8584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:48:18.0611 8584 agp440 - ok
18:48:18.0667 8584 AgPciMem (f9ee55e4b1409385518140814f581d88) C:\Program Files\Agilent\IO Libraries Suite\AgPciMem.sys
18:48:18.0671 8584 AgPciMem - ok
18:48:18.0737 8584 AgtMdnsResponder (1292c29cc28ff76ec18e1ca3c95e35d1) C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe
18:48:18.0766 8584 AgtMdnsResponder - ok
18:48:18.0808 8584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:18.0812 8584 ALG - ok
18:48:18.0866 8584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:48:18.0869 8584 aliide - ok
18:48:18.0889 8584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:48:18.0891 8584 amdide - ok
18:48:18.0910 8584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:18.0914 8584 AmdK8 - ok
18:48:18.0931 8584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:18.0934 8584 AmdPPM - ok
18:48:18.0976 8584 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:48:18.0980 8584 amdsata - ok
18:48:19.0020 8584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:19.0036 8584 amdsbs - ok
18:48:19.0056 8584 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:48:19.0057 8584 amdxata - ok
18:48:19.0171 8584 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:48:19.0183 8584 Amsp - ok
18:48:19.0217 8584 Andbus (bc3e934af147211cb5d61ac257371e4a) C:\Windows\system32\DRIVERS\lgandbus64.sys
18:48:19.0221 8584 Andbus - ok
18:48:19.0252 8584 AndDiag (aed499431a45810d28beca2f7cfd2635) C:\Windows\system32\DRIVERS\lganddiag64.sys
18:48:19.0263 8584 AndDiag - ok
18:48:19.0278 8584 AndGps (c2c42287f8e8f54081b46d22a413e8d3) C:\Windows\system32\DRIVERS\lgandgps64.sys
18:48:19.0282 8584 AndGps - ok
18:48:19.0300 8584 ANDModem (75befd9d99fd08ca2d697d878ef4f23d) C:\Windows\system32\DRIVERS\lgandmodem64.sys
18:48:19.0304 8584 ANDModem - ok
18:48:19.0317 8584 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys
18:48:19.0320 8584 androidusb - ok
18:48:19.0385 8584 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
18:48:19.0394 8584 AnyDVD - ok
18:48:19.0437 8584 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:48:19.0440 8584 AppID - ok
18:48:19.0465 8584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:48:19.0469 8584 AppIDSvc - ok
18:48:19.0485 8584 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:48:19.0488 8584 Appinfo - ok
18:48:19.0587 8584 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:48:19.0591 8584 Apple Mobile Device - ok
18:48:19.0659 8584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:48:19.0663 8584 arc - ok
18:48:19.0685 8584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:48:19.0689 8584 arcsas - ok
18:48:19.0794 8584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:48:19.0797 8584 aspnet_state - ok
18:48:19.0831 8584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:19.0834 8584 AsyncMac - ok
18:48:19.0858 8584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:48:19.0859 8584 atapi - ok
18:48:19.0981 8584 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
18:48:20.0047 8584 athr - ok
18:48:20.0211 8584 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:48:20.0241 8584 AudioEndpointBuilder - ok
18:48:20.0253 8584 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:48:20.0262 8584 AudioSrv - ok
18:48:20.0290 8584 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:48:20.0293 8584 AxInstSV - ok
18:48:20.0378 8584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:48:20.0400 8584 b06bdrv - ok
18:48:20.0452 8584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:20.0471 8584 b57nd60a - ok
18:48:20.0828 8584 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:48:20.0902 8584 BCM43XX - ok
18:48:21.0037 8584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:48:21.0041 8584 BDESVC - ok
18:48:21.0106 8584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:48:21.0109 8584 Beep - ok
18:48:21.0174 8584 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:48:21.0203 8584 BFE - ok
18:48:21.0259 8584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:21.0262 8584 blbdrive - ok
18:48:21.0406 8584 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:48:21.0428 8584 Bonjour Service - ok
18:48:21.0486 8584 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:48:21.0489 8584 bowser - ok
18:48:21.0516 8584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:48:21.0519 8584 BrFiltLo - ok
18:48:21.0538 8584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:48:21.0541 8584 BrFiltUp - ok
18:48:21.0580 8584 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:48:21.0584 8584 BridgeMP - ok
18:48:21.0619 8584 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:48:21.0624 8584 Browser - ok
18:48:21.0674 8584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:48:21.0693 8584 Brserid - ok
18:48:21.0721 8584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:21.0724 8584 BrSerWdm - ok
18:48:21.0744 8584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:21.0747 8584 BrUsbMdm - ok
18:48:21.0767 8584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:21.0769 8584 BrUsbSer - ok
18:48:21.0822 8584 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:48:21.0825 8584 BthEnum - ok
18:48:21.0845 8584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:48:21.0848 8584 BTHMODEM - ok
18:48:21.0887 8584 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:48:21.0891 8584 BthPan - ok
18:48:21.0962 8584 BTHPORT (538392664fee486620dfea146f2500bc) C:\Windows\System32\Drivers\BTHport.sys
18:48:21.0994 8584 BTHPORT - ok
18:48:22.0039 8584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:48:22.0043 8584 bthserv - ok
18:48:22.0071 8584 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\Windows\System32\Drivers\BTHUSB.sys
18:48:22.0075 8584 BTHUSB - ok
18:48:22.0102 8584 catchme - ok
18:48:22.0143 8584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:48:22.0148 8584 cdfs - ok
18:48:22.0186 8584 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:48:22.0191 8584 cdrom - ok
18:48:22.0228 8584 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:48:22.0231 8584 CertPropSvc - ok
18:48:22.0268 8584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:48:22.0271 8584 circlass - ok
18:48:22.0338 8584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:48:22.0355 8584 CLFS - ok
18:48:22.0422 8584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:22.0427 8584 clr_optimization_v2.0.50727_32 - ok
18:48:22.0471 8584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:22.0477 8584 clr_optimization_v2.0.50727_64 - ok
18:48:22.0550 8584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:22.0595 8584 clr_optimization_v4.0.30319_32 - ok
18:48:22.0655 8584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:48:22.0668 8584 clr_optimization_v4.0.30319_64 - ok
18:48:22.0704 8584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:22.0706 8584 CmBatt - ok
18:48:22.0725 8584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:48:22.0728 8584 cmdide - ok
18:48:22.0795 8584 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
18:48:22.0811 8584 CNG - ok
18:48:22.0854 8584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:48:22.0855 8584 Compbatt - ok
18:48:22.0884 8584 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:48:22.0887 8584 CompositeBus - ok
18:48:22.0900 8584 COMSysApp - ok
18:48:23.0005 8584 Corner Bowl Log Manager (c6c218fcd9b473b3d066917688167e9a) C:\Program Files\Corner Bowl Software\Log Manager\cblmsrv.exe
18:48:23.0009 8584 Corner Bowl Log Manager - ok
18:48:23.0038 8584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:48:23.0040 8584 crcdisk - ok
18:48:23.0104 8584 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:48:23.0109 8584 CryptSvc - ok
18:48:23.0175 8584 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:48:23.0236 8584 DcomLaunch - ok
18:48:23.0289 8584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:48:23.0312 8584 defragsvc - ok
18:48:23.0366 8584 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:48:23.0369 8584 DfsC - ok
18:48:23.0423 8584 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:48:23.0442 8584 Dhcp - ok
18:48:23.0468 8584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:48:23.0469 8584 discache - ok
18:48:23.0527 8584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:48:23.0530 8584 Disk - ok
18:48:23.0580 8584 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:48:23.0596 8584 Dnscache - ok
18:48:23.0630 8584 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:48:23.0643 8584 dot3svc - ok
18:48:23.0665 8584 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:48:23.0670 8584 DPS - ok
18:48:23.0703 8584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:48:23.0705 8584 drmkaud - ok
18:48:23.0789 8584 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:48:23.0838 8584 DXGKrnl - ok
18:48:23.0882 8584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:48:23.0886 8584 EapHost - ok
18:48:23.0929 8584 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
18:48:23.0932 8584 easytether - ok
18:48:24.0159 8584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:48:24.0255 8584 ebdrv - ok
18:48:24.0395 8584 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:48:24.0399 8584 EFS - ok
18:48:24.0506 8584 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:48:24.0538 8584 ehRecvr - ok
18:48:24.0560 8584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:48:24.0564 8584 ehSched - ok
18:48:24.0632 8584 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:48:24.0635 8584 ElbyCDIO - ok
18:48:24.0697 8584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:48:24.0723 8584 elxstor - ok
18:48:24.0735 8584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:48:24.0738 8584 ErrDev - ok
18:48:24.0802 8584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:48:24.0820 8584 EventSystem - ok
18:48:24.0861 8584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:48:24.0876 8584 exfat - ok
18:48:24.0901 8584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:48:24.0906 8584 fastfat - ok
18:48:24.0984 8584 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:48:25.0033 8584 Fax - ok
18:48:25.0065 8584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:48:25.0068 8584 fdc - ok
18:48:25.0087 8584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:48:25.0090 8584 fdPHost - ok
18:48:25.0103 8584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:48:25.0106 8584 FDResPub - ok
18:48:25.0133 8584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:48:25.0135 8584 FileInfo - ok
18:48:25.0147 8584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:48:25.0150 8584 Filetrace - ok
18:48:25.0268 8584 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
18:48:25.0272 8584 FirebirdGuardianDefaultInstance - ok
18:48:25.0546 8584 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
18:48:25.0649 8584 FirebirdServerDefaultInstance - ok
18:48:25.0764 8584 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:48:25.0789 8584 FLEXnet Licensing Service - ok
18:48:25.0918 8584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:25.0921 8584 flpydisk - ok
18:48:25.0950 8584 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:48:25.0969 8584 FltMgr - ok
18:48:26.0072 8584 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:48:26.0105 8584 FontCache - ok
18:48:26.0172 8584 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:26.0176 8584 FontCache3.0.0.0 - ok
18:48:26.0232 8584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:48:26.0236 8584 FsDepends - ok
18:48:26.0251 8584 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:48:26.0253 8584 Fs_Rec - ok
18:48:26.0303 8584 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:48:26.0315 8584 fvevol - ok
18:48:26.0346 8584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:48:26.0350 8584 gagp30kx - ok
18:48:26.0459 8584 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:48:26.0471 8584 GameConsoleService - ok
18:48:26.0516 8584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:48:26.0519 8584 GEARAspiWDM - ok
18:48:26.0588 8584 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:48:26.0614 8584 gpsvc - ok
18:48:26.0659 8584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:26.0664 8584 gupdate - ok
18:48:26.0714 8584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:26.0716 8584 gupdatem - ok
18:48:26.0740 8584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:48:26.0743 8584 hcw85cir - ok
18:48:26.0780 8584 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:48:26.0799 8584 HdAudAddService - ok
18:48:26.0821 8584 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:48:26.0826 8584 HDAudBus - ok
18:48:26.0853 8584 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:48:26.0856 8584 HECIx64 - ok
18:48:26.0870 8584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:48:26.0873 8584 HidBatt - ok
18:48:26.0892 8584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:48:26.0896 8584 HidBth - ok
18:48:26.0924 8584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:48:26.0927 8584 HidIr - ok
18:48:26.0953 8584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:48:26.0957 8584 hidserv - ok
18:48:27.0005 8584 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:48:27.0007 8584 HidUsb - ok
18:48:27.0035 8584 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:48:27.0039 8584 hkmsvc - ok
18:48:27.0066 8584 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:48:27.0079 8584 HomeGroupListener - ok
18:48:27.0108 8584 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:48:27.0123 8584 HomeGroupProvider - ok
18:48:27.0225 8584 HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:48:27.0228 8584 HP Health Check Service - ok
18:48:27.0313 8584 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
18:48:27.0318 8584 HP Wireless Assistant Service - ok
18:48:27.0369 8584 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:48:27.0382 8584 hpqwmiex - ok
18:48:27.0425 8584 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:48:27.0428 8584 HpSAMD - ok
18:48:27.0486 8584 HPWMISVC (9df9cf7840a3a99f2ffd614f0a13f2f9) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:48:27.0488 8584 HPWMISVC - ok
18:48:27.0565 8584 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:48:27.0613 8584 HTTP - ok
18:48:27.0632 8584 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:48:27.0633 8584 hwpolicy - ok
18:48:27.0665 8584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:48:27.0669 8584 i8042prt - ok
18:48:27.0740 8584 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
18:48:27.0747 8584 iaStor - ok
18:48:27.0819 8584 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:48:27.0821 8584 IAStorDataMgrSvc - ok
18:48:27.0896 8584 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:48:27.0914 8584 iaStorV - ok
18:48:28.0038 8584 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:28.0081 8584 idsvc - ok
18:48:28.0864 8584 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:48:29.0097 8584 igfx - ok
18:48:29.0229 8584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:48:29.0233 8584 iirsp - ok
18:48:29.0316 8584 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:48:29.0351 8584 IKEEXT - ok
18:48:29.0534 8584 IntcAzAudAddService (e76fdfff07f8a2fa81ff250dda0f6bba) C:\Windows\system32\drivers\RTKVHD64.sys
18:48:29.0598 8584 IntcAzAudAddService - ok
18:48:29.0742 8584 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:48:29.0761 8584 IntcDAud - ok
18:48:29.0800 8584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:48:29.0803 8584 intelide - ok
18:48:29.0832 8584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:48:29.0835 8584 intelppm - ok
18:48:29.0871 8584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:48:29.0876 8584 IPBusEnum - ok
18:48:29.0895 8584 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:29.0898 8584 IpFilterDriver - ok
18:48:29.0974 8584 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:48:29.0996 8584 iphlpsvc - ok
18:48:30.0008 8584 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:48:30.0010 8584 IPMIDRV - ok
18:48:30.0043 8584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:48:30.0047 8584 IPNAT - ok
18:48:30.0187 8584 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:48:30.0219 8584 iPod Service - ok
18:48:30.0253 8584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:48:30.0255 8584 IRENUM - ok
18:48:30.0289 8584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:48:30.0292 8584 isapnp - ok
18:48:30.0334 8584 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:48:30.0348 8584 iScsiPrt - ok
18:48:30.0365 8584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:48:30.0368 8584 kbdclass - ok
18:48:30.0388 8584 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:48:30.0390 8584 kbdhid - ok
18:48:30.0451 8584 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:48:30.0453 8584 KeyIso - ok
18:48:30.0501 8584 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
18:48:30.0504 8584 KSecDD - ok
18:48:30.0530 8584 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
18:48:30.0533 8584 KSecPkg - ok
18:48:30.0558 8584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:48:30.0560 8584 ksthunk - ok
18:48:30.0601 8584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:48:30.0621 8584 KtmRm - ok
18:48:30.0688 8584 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:48:30.0709 8584 LanmanServer - ok
18:48:30.0741 8584 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:48:30.0746 8584 LanmanWorkstation - ok
18:48:30.0766 8584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:48:30.0770 8584 lltdio - ok
18:48:30.0847 8584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:48:30.0871 8584 lltdsvc - ok
18:48:30.0885 8584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:48:30.0888 8584 lmhosts - ok
18:48:30.0975 8584 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:48:30.0987 8584 LMS - ok
18:48:31.0035 8584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:48:31.0039 8584 LSI_FC - ok
18:48:31.0075 8584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:48:31.0079 8584 LSI_SAS - ok
18:48:31.0102 8584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:48:31.0106 8584 LSI_SAS2 - ok
18:48:31.0129 8584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:48:31.0133 8584 LSI_SCSI - ok
18:48:31.0156 8584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:48:31.0159 8584 luafv - ok
18:48:31.0214 8584 MAUSBPRODUCER (b3f713f0ba5d662de1b49293ffb03c06) C:\Windows\system32\DRIVERS\MAudioProducer.sys
18:48:31.0229 8584 MAUSBPRODUCER - ok
18:48:31.0269 8584 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:48:31.0274 8584 Mcx2Svc - ok
18:48:31.0301 8584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:48:31.0305 8584 megasas - ok
18:48:31.0346 8584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:48:31.0365 8584 MegaSR - ok
18:48:31.0463 8584 Microsoft SharePoint Workspace Audit Service - ok
18:48:31.0505 8584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:48:31.0509 8584 MMCSS - ok
18:48:31.0537 8584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:48:31.0541 8584 Modem - ok
18:48:31.0563 8584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:48:31.0564 8584 monitor - ok
18:48:31.0577 8584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:48:31.0580 8584 mouclass - ok
18:48:31.0608 8584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:48:31.0611 8584 mouhid - ok
18:48:31.0646 8584 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:48:31.0649 8584 mountmgr - ok
18:48:31.0714 8584 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:48:31.0718 8584 MozillaMaintenance - ok
18:48:31.0752 8584 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:48:31.0758 8584 mpio - ok
18:48:31.0783 8584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:48:31.0787 8584 mpsdrv - ok
18:48:31.0887 8584 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:48:31.0925 8584 MpsSvc - ok
18:48:31.0955 8584 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:48:31.0960 8584 MRxDAV - ok
18:48:31.0999 8584 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:48:32.0003 8584 mrxsmb - ok
18:48:32.0060 8584 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:48:32.0079 8584 mrxsmb10 - ok
18:48:32.0096 8584 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:48:32.0100 8584 mrxsmb20 - ok
18:48:32.0131 8584 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
18:48:32.0133 8584 msahci - ok
18:48:32.0164 8584 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:48:32.0169 8584 msdsm - ok
18:48:32.0206 8584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:48:32.0212 8584 MSDTC - ok
18:48:32.0254 8584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:48:32.0255 8584 Msfs - ok
18:48:32.0286 8584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:48:32.0288 8584 mshidkmdf - ok
18:48:32.0318 8584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:48:32.0319 8584 msisadrv - ok
18:48:32.0345 8584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:48:32.0351 8584 MSiSCSI - ok
18:48:32.0356 8584 msiserver - ok
18:48:32.0370 8584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:48:32.0373 8584 MSKSSRV - ok
18:48:32.0386 8584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:48:32.0388 8584 MSPCLOCK - ok
18:48:32.0406 8584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:48:32.0408 8584 MSPQM - ok
18:48:32.0452 8584 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:48:32.0470 8584 MsRPC - ok
18:48:32.0516 8584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:48:32.0519 8584 mssmbios - ok
18:48:32.0538 8584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:48:32.0541 8584 MSTEE - ok
18:48:32.0557 8584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:48:32.0560 8584 MTConfig - ok
18:48:32.0575 8584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:48:32.0576 8584 Mup - ok
18:48:32.0649 8584 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:48:32.0670 8584 napagent - ok
18:48:32.0712 8584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:48:32.0733 8584 NativeWifiP - ok
18:48:32.0814 8584 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:48:32.0868 8584 NDIS - ok
18:48:32.0891 8584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:48:32.0894 8584 NdisCap - ok
18:48:32.0914 8584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:48:32.0916 8584 NdisTapi - ok
18:48:32.0942 8584 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:48:32.0945 8584 Ndisuio - ok
18:48:32.0965 8584 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:48:32.0970 8584 NdisWan - ok
18:48:32.0981 8584 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:48:32.0984 8584 NDProxy - ok
18:48:33.0000 8584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:48:33.0001 8584 NetBIOS - ok
18:48:33.0033 8584 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:48:33.0045 8584 NetBT - ok
18:48:33.0098 8584 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:48:33.0101 8584 Netlogon - ok
18:48:33.0152 8584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:48:33.0172 8584 Netman - ok
18:48:33.0265 8584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:33.0269 8584 NetMsmqActivator - ok
18:48:33.0275 8584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:33.0277 8584 NetPipeActivator - ok
18:48:33.0336 8584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:48:33.0363 8584 netprofm - ok
18:48:33.0369 8584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:33.0371 8584 NetTcpActivator - ok
18:48:33.0376 8584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:48:33.0378 8584 NetTcpPortSharing - ok
18:48:33.0774 8584 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:48:33.0900 8584 netw5v64 - ok
18:48:34.0046 8584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:48:34.0050 8584 nfrd960 - ok
18:48:34.0102 8584 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:48:34.0127 8584 NlaSvc - ok
18:48:34.0181 8584 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
18:48:34.0184 8584 NPF - ok
18:48:34.0211 8584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:48:34.0212 8584 Npfs - ok
18:48:34.0245 8584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:48:34.0249 8584 nsi - ok
18:48:34.0261 8584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:48:34.0262 8584 nsiproxy - ok
18:48:34.0402 8584 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:48:34.0464 8584 Ntfs - ok
18:48:34.0632 8584 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:48:34.0635 8584 NuidFltr - ok
18:48:34.0661 8584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:48:34.0663 8584 Null - ok
18:48:34.0710 8584 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:48:34.0715 8584 nvraid - ok
18:48:34.0763 8584 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:48:34.0779 8584 nvstor - ok
18:48:34.0830 8584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:48:34.0834 8584 nv_agp - ok
18:48:34.0872 8584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:48:34.0876 8584 ohci1394 - ok
18:48:34.0990 8584 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:48:34.0995 8584 ose - ok
18:48:35.0391 8584 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:48:35.0522 8584 osppsvc - ok
18:48:35.0676 8584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:48:35.0697 8584 p2pimsvc - ok
18:48:35.0739 8584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:48:35.0762 8584 p2psvc - ok
18:48:35.0824 8584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:48:35.0828 8584 Parport - ok
18:48:35.0867 8584 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:48:35.0870 8584 partmgr - ok
18:48:35.0908 8584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:48:35.0922 8584 PcaSvc - ok
18:48:35.0953 8584 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:48:35.0957 8584 pci - ok
18:48:35.0983 8584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:48:35.0986 8584 pciide - ok
18:48:36.0029 8584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:48:36.0042 8584 pcmcia - ok
18:48:36.0057 8584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:48:36.0058 8584 pcw - ok
18:48:36.0111 8584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:48:36.0154 8584 PEAUTH - ok
18:48:36.0233 8584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:48:36.0237 8584 PerfHost - ok
18:48:36.0368 8584 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:48:36.0428 8584 pla - ok
18:48:36.0501 8584 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:48:36.0531 8584 PlugPlay - ok
18:48:36.0592 8584 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
18:48:36.0596 8584 Pml Driver HPZ12 - ok
18:48:36.0617 8584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:48:36.0622 8584 PNRPAutoReg - ok
18:48:36.0655 8584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:48:36.0661 8584 PNRPsvc - ok
18:48:36.0715 8584 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
18:48:36.0718 8584 Point64 - ok
18:48:36.0768 8584 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:48:36.0794 8584 PolicyAgent - ok
18:48:36.0839 8584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:48:36.0854 8584 Power - ok
18:48:36.0887 8584 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:48:36.0891 8584 PptpMiniport - ok
18:48:36.0905 8584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:48:36.0908 8584 Processor - ok
18:48:36.0958 8584 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:48:36.0970 8584 ProfSvc - ok
18:48:37.0007 8584 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:48:37.0009 8584 ProtectedStorage - ok
18:48:37.0047 8584 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:48:37.0050 8584 Psched - ok
18:48:37.0097 8584 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
18:48:37.0099 8584 PxHlpa64 - ok
18:48:37.0217 8584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:48:37.0278 8584 ql2300 - ok
18:48:37.0383 8584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:48:37.0387 8584 ql40xx - ok
18:48:37.0424 8584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:48:37.0444 8584 QWAVE - ok
18:48:37.0472 8584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:48:37.0475 8584 QWAVEdrv - ok
18:48:37.0494 8584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:48:37.0496 8584 RasAcd - ok
18:48:37.0532 8584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:48:37.0535 8584 RasAgileVpn - ok
18:48:37.0557 8584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:48:37.0563 8584 RasAuto - ok
18:48:37.0594 8584 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:48:37.0599 8584 Rasl2tp - ok
18:48:37.0632 8584 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:48:37.0653 8584 RasMan - ok
18:48:37.0680 8584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:48:37.0683 8584 RasPppoe - ok
18:48:37.0698 8584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:48:37.0701 8584 RasSstp - ok
18:48:37.0738 8584 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:48:37.0756 8584 rdbss - ok
18:48:37.0787 8584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:48:37.0790 8584 rdpbus - ok
18:48:37.0820 8584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:48:37.0820 8584 RDPCDD - ok
18:48:37.0838 8584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:48:37.0839 8584 RDPENCDD - ok
18:48:37.0858 8584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:48:37.0858 8584 RDPREFMP - ok
18:48:37.0904 8584 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:48:37.0920 8584 RDPWD - ok
18:48:37.0964 8584 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:48:37.0969 8584 rdyboost - ok
18:48:38.0021 8584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:48:38.0026 8584 RemoteAccess - ok
18:48:38.0048 8584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:48:38.0055 8584 RemoteRegistry - ok
18:48:38.0094 8584 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:48:38.0099 8584 RFCOMM - ok
18:48:38.0159 8584 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
18:48:38.0163 8584 rpcapd - ok
18:48:38.0193 8584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:48:38.0198 8584 RpcEptMapper - ok
18:48:38.0216 8584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:48:38.0219 8584 RpcLocator - ok
18:48:38.0263 8584 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:48:38.0271 8584 RpcSs - ok
18:48:38.0306 8584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:48:38.0309 8584 rspndr - ok
18:48:38.0325 8584 RSUSBSTOR - ok
18:48:38.0373 8584 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:48:38.0377 8584 RTL8167 - ok
18:48:38.0465 8584 RtVOsdService (febfb5730e12f62ca38f86a066e7348d) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
18:48:38.0486 8584 RtVOsdService - ok
18:48:38.0524 8584 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:48:38.0526 8584 SamSs - ok
18:48:38.0556 8584 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:48:38.0560 8584 sbp2port - ok
18:48:38.0612 8584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:48:38.0627 8584 SCardSvr - ok
18:48:38.0641 8584 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:48:38.0643 8584 scfilter - ok
18:48:38.0746 8584 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:48:38.0789 8584 Schedule - ok
18:48:38.0812 8584 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:48:38.0813 8584 SCPolicySvc - ok
18:48:38.0854 8584 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:48:38.0857 8584 sdbus - ok
18:48:38.0892 8584 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:48:38.0907 8584 SDRSVC - ok
18:48:38.0935 8584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:48:38.0937 8584 secdrv - ok
18:48:38.0950 8584 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:48:38.0953 8584 seclogon - ok
18:48:38.0966 8584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:48:38.0970 8584 SENS - ok
18:48:38.0990 8584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:48:38.0994 8584 SensrSvc - ok
18:48:39.0018 8584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:48:39.0021 8584 Serenum - ok
18:48:39.0042 8584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:48:39.0046 8584 Serial - ok
18:48:39.0062 8584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:48:39.0065 8584 sermouse - ok
18:48:39.0092 8584 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:48:39.0097 8584 SessionEnv - ok
18:48:39.0107 8584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:48:39.0110 8584 sffdisk - ok
18:48:39.0123 8584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:48:39.0125 8584 sffp_mmc - ok
18:48:39.0134 8584 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:48:39.0136 8584 sffp_sd - ok
18:48:39.0164 8584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:48:39.0167 8584 sfloppy - ok
18:48:39.0264 8584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:48:39.0283 8584 SharedAccess - ok
18:48:39.0334 8584 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:48:39.0352 8584 ShellHWDetection - ok
18:48:39.0394 8584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:48:39.0397 8584 SiSRaid2 - ok
18:48:39.0433 8584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:48:39.0436 8584 SiSRaid4 - ok
18:48:39.0469 8584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:48:39.0472 8584 Smb - ok
18:48:39.0517 8584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:48:39.0521 8584 SNMPTRAP - ok
18:48:39.0532 8584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:48:39.0533 8584 spldr - ok
18:48:39.0586 8584 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:48:39.0618 8584 Spooler - ok
18:48:39.0852 8584 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:48:39.0974 8584 sppsvc - ok
18:48:40.0066 8584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:48:40.0071 8584 sppuinotify - ok
18:48:40.0133 8584 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:48:40.0155 8584 srv - ok
18:48:40.0194 8584 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:48:40.0211 8584 srv2 - ok
18:48:40.0264 8584 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:48:40.0286 8584 SrvHsfHDA - ok
18:48:40.0391 8584 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:48:40.0446 8584 SrvHsfV92 - ok
18:48:40.0645 8584 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:48:40.0667 8584 SrvHsfWinac - ok
18:48:40.0714 8584 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:48:40.0718 8584 srvnet - ok
18:48:40.0765 8584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:48:40.0780 8584 SSDPSRV - ok
18:48:40.0801 8584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:48:40.0807 8584 SstpSvc - ok
18:48:40.0833 8584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:48:40.0836 8584 stexstor - ok
18:48:40.0886 8584 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:48:40.0930 8584 stisvc - ok
18:48:40.0956 8584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:48:40.0958 8584 swenum - ok
18:48:41.0008 8584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:48:41.0044 8584 swprv - ok
18:48:41.0096 8584 SynTP (4998ae89119c7106c92f0a64e4840ff6) C:\Windows\system32\DRIVERS\SynTP.sys
18:48:41.0117 8584 SynTP - ok
18:48:41.0250 8584 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:48:41.0327 8584 SysMain - ok
18:48:41.0429 8584 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:48:41.0434 8584 TabletInputService - ok
18:48:41.0462 8584 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:48:41.0485 8584 TapiSrv - ok
18:48:41.0579 8584 TASCAM_US122144 (79e084fccfef637580a06f3dc36c1a6c) C:\Windows\system32\Drivers\tascusb2.sys
18:48:41.0597 8584 TASCAM_US122144 - ok
18:48:41.0634 8584 TASCAM_US144_MK2_MIDI (de0ae9891aa5d08a9ec92c326d8000f9) C:\Windows\system32\drivers\tscusb2m.sys
18:48:41.0637 8584 TASCAM_US144_MK2_MIDI - ok
18:48:41.0668 8584 TASCAM_US144_MK2_WDM (bc94143174b92c181ae6135750daea7d) C:\Windows\system32\drivers\tscusb2a.sys
18:48:41.0672 8584 TASCAM_US144_MK2_WDM - ok
18:48:41.0703 8584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:48:41.0708 8584 TBS - ok
18:48:41.0858 8584 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:48:41.0907 8584 Tcpip - ok
18:48:42.0164 8584 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:48:42.0181 8584 TCPIP6 - ok
18:48:42.0317 8584 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:48:42.0320 8584 tcpipreg - ok
18:48:42.0343 8584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:48:42.0345 8584 TDPIPE - ok
18:48:42.0376 8584 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:48:42.0378 8584 TDTCP - ok
18:48:42.0402 8584 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:48:42.0405 8584 tdx - ok
18:48:42.0422 8584 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:48:42.0425 8584 TermDD - ok
18:48:42.0486 8584 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:48:42.0514 8584 TermService - ok
18:48:42.0529 8584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:48:42.0534 8584 Themes - ok
18:48:42.0564 8584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:48:42.0567 8584 THREADORDER - ok
18:48:42.0621 8584 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
18:48:42.0625 8584 tmactmon - ok
18:48:42.0665 8584 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
18:48:42.0670 8584 tmcomm - ok
18:48:42.0684 8584 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:48:42.0687 8584 tmevtmgr - ok
18:48:42.0719 8584 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
18:48:42.0723 8584 tmtdi - ok
18:48:42.0749 8584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:48:42.0754 8584 TrkWks - ok
18:48:42.0813 8584 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:48:42.0827 8584 TrustedInstaller - ok
18:48:42.0850 8584 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:48:42.0852 8584 tssecsrv - ok
18:48:42.0887 8584 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:48:42.0891 8584 tunnel - ok
18:48:42.0919 8584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:48:42.0922 8584 uagp35 - ok
18:48:42.0973 8584 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
18:48:42.0992 8584 udfs - ok
18:48:43.0029 8584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:48:43.0033 8584 UI0Detect - ok
18:48:43.0058 8584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:48:43.0062 8584 uliagpkx - ok
18:48:43.0095 8584 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:48:43.0098 8584 umbus - ok
18:48:43.0144 8584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:48:43.0147 8584 UmPass - ok
18:48:43.0380 8584 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:48:43.0458 8584 UNS - ok
18:48:43.0595 8584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:48:43.0615 8584 upnphost - ok
18:48:43.0673 8584 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:48:43.0677 8584 usbaudio - ok
18:48:43.0724 8584 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:48:43.0728 8584 usbccgp - ok
18:48:43.0757 8584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:48:43.0762 8584 usbcir - ok
18:48:43.0807 8584 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
18:48:43.0810 8584 usbehci - ok
18:48:43.0852 8584 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:48:43.0873 8584 usbhub - ok
18:48:43.0911 8584 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
18:48:43.0915 8584 usbohci - ok
18:48:43.0961 8584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:48:43.0964 8584 usbprint - ok
18:48:44.0008 8584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:48:44.0011 8584 usbscan - ok
18:48:44.0047 8584 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:48:44.0051 8584 USBSTOR - ok
18:48:44.0089 8584 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:48:44.0093 8584 usbuhci - ok
18:48:44.0144 8584 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:48:44.0159 8584 usbvideo - ok
18:48:44.0186 8584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:48:44.0191 8584 UxSms - ok
18:48:44.0225 8584 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:48:44.0227 8584 VaultSvc - ok
18:48:44.0261 8584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:48:44.0263 8584 vdrvroot - ok
18:48:44.0307 8584 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:48:44.0333 8584 vds - ok
18:48:44.0356 8584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:48:44.0359 8584 vga - ok
18:48:44.0373 8584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:48:44.0376 8584 VgaSave - ok
18:48:44.0410 8584 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:48:44.0416 8584 vhdmp - ok
18:48:44.0436 8584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:48:44.0439 8584 viaide - ok
18:48:44.0460 8584 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:48:44.0463 8584 volmgr - ok
18:48:44.0504 8584 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:48:44.0524 8584 volmgrx - ok
18:48:44.0560 8584 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:48:44.0582 8584 volsnap - ok
18:48:44.0627 8584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:48:44.0633 8584 vsmraid - ok
18:48:44.0783 8584 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:48:44.0846 8584 VSS - ok
18:48:44.0976 8584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:48:44.0979 8584 vwifibus - ok
18:48:45.0016 8584 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:48:45.0020 8584 vwififlt - ok
18:48:45.0036 8584 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:48:45.0039 8584 vwifimp - ok
18:48:45.0095 8584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:48:45.0114 8584 W32Time - ok
18:48:45.0142 8584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:48:45.0145 8584 WacomPen - ok
18:48:45.0187 8584 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:48:45.0190 8584 WANARP - ok
18:48:45.0196 8584 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:48:45.0198 8584 Wanarpv6 - ok
18:48:45.0328 8584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:48:45.0371 8584 WatAdminSvc - ok
18:48:45.0493 8584 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:48:45.0538 8584 wbengine - ok
18:48:45.0643 8584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:48:45.0658 8584 WbioSrvc - ok
18:48:45.0721 8584 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:48:45.0740 8584 wcncsvc - ok
18:48:45.0763 8584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:48:45.0768 8584 WcsPlugInService - ok
18:48:45.0819 8584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:48:45.0820 8584 Wd - ok
18:48:45.0869 8584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:48:45.0899 8584 Wdf01000 - ok
18:48:45.0917 8584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:48:45.0923 8584 WdiServiceHost - ok
18:48:45.0928 8584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:48:45.0932 8584 WdiSystemHost - ok
18:48:45.0972 8584 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:48:45.0992 8584 WebClient - ok
18:48:46.0029 8584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:48:46.0050 8584 Wecsvc - ok
18:48:46.0074 8584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:48:46.0079 8584 wercplsupport - ok
18:48:46.0115 8584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:48:46.0121 8584 WerSvc - ok
18:48:46.0171 8584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:48:46.0174 8584 WfpLwf - ok
18:48:46.0197 8584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:48:46.0200 8584 WIMMount - ok
18:48:46.0243 8584 WinDefend - ok
18:48:46.0256 8584 WinHttpAutoProxySvc - ok
18:48:46.0325 8584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:48:46.0340 8584 Winmgmt - ok
18:48:46.0483 8584 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:48:46.0543 8584 WinRM - ok
18:48:46.0724 8584 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:48:46.0726 8584 WinUsb - ok
18:48:46.0809 8584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:48:46.0865 8584 Wlansvc - ok
18:48:47.0078 8584 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:48:47.0141 8584 wlidsvc - ok
18:48:47.0261 8584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:48:47.0264 8584 WmiAcpi - ok
18:48:47.0314 8584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:48:47.0329 8584 wmiApSrv - ok
18:48:47.0373 8584 WMPNetworkSvc - ok
18:48:47.0407 8584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:48:47.0412 8584 WPCSvc - ok
18:48:47.0435 8584 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:48:47.0441 8584 WPDBusEnum - ok
18:48:47.0458 8584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:48:47.0459 8584 ws2ifsl - ok
18:48:47.0506 8584 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:48:47.0512 8584 wscsvc - ok
18:48:47.0520 8584 WSearch - ok
18:48:47.0711 8584 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:48:47.0790 8584 wuauserv - ok
18:48:47.0920 8584 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:48:47.0924 8584 WudfPf - ok
18:48:47.0962 8584 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:48:47.0967 8584 WUDFRd - ok
18:48:47.0998 8584 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:48:48.0004 8584 wudfsvc - ok
18:48:48.0029 8584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:48:48.0050 8584 WwanSvc - ok
18:48:48.0116 8584 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:48:48.0136 8584 yukonw7 - ok
18:48:48.0175 8584 MBR (0x1B8) (a9d691444202b6b49cc6c7223076f181) \Device\Harddisk0\DR0
18:48:48.0243 8584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:48:48.0243 8584 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:48:48.0253 8584 Boot (0x1200) (4538b15899450fa0354552a6cc7116a6) \Device\Harddisk0\DR0\Partition0
18:48:48.0257 8584 \Device\Harddisk0\DR0\Partition0 - ok
18:48:48.0274 8584 Boot (0x1200) (8ee34faca9fd81e8f6a09a9e499cc57b) \Device\Harddisk0\DR0\Partition1
18:48:48.0278 8584 \Device\Harddisk0\DR0\Partition1 - ok
18:48:48.0313 8584 Boot (0x1200) (988c1864cf6f73fefef353f33b94e41b) \Device\Harddisk0\DR0\Partition2
18:48:48.0316 8584 \Device\Harddisk0\DR0\Partition2 - ok
18:48:48.0317 8584 ============================================================
18:48:48.0317 8584 Scan finished
18:48:48.0317 8584 ============================================================
18:48:48.0332 7252 Detected object count: 1
18:48:48.0332 7252 Actual detected object count: 1
18:50:18.0684 7252 \Device\Harddisk0\DR0\# - copied to quarantine
18:50:18.0684 7252 \Device\Harddisk0\DR0 - copied to quarantine
18:50:18.0812 7252 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:50:18.0818 7252 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:50:18.0830 7252 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:50:18.0840 7252 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:50:18.0931 7252 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:50:18.0951 7252 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:50:18.0953 7252 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:50:18.0955 7252 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:50:18.0958 7252 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:50:18.0962 7252 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:50:18.0967 7252 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:50:18.0970 7252 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:50:18.0973 7252 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:50:18.0976 7252 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:50:19.0026 7252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:50:19.0041 7252 \Device\Harddisk0\DR0 - ok
18:50:19.0449 7252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:50:22.0519 8640 Deinitialize success

ComboFix 12-08-08.01 - KPM 08/08/2012 19:03:52.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2446 [GMT -7:00]
Running from: c:\users\KPM\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 02:20 . 2012-08-09 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 01:50 . 2012-08-09 01:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-08 00:28 . 2012-08-08 00:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CDF.tmp
2012-08-08 00:28 . 2012-08-08 00:28 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CAF.tmp
2012-07-21 08:17 . 2012-07-21 08:17 -------- d--h--w- c:\programdata\CanonIJEGV
2012-07-21 08:15 . 2012-07-21 08:15 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2012-07-21 08:15 . 2012-07-21 08:15 -------- d--h--w- c:\programdata\CanonEPP
2012-07-21 08:15 . 2012-07-21 08:15 -------- d-----w- c:\users\KPM\AppData\Roaming\Canon
2012-07-21 08:06 . 2011-04-27 18:01 373248 ----a-w- c:\windows\system32\CNC_AQL.dll
2012-07-21 08:06 . 2011-04-27 18:00 323584 ----a-w- c:\windows\SysWow64\CNC_AQL.dll
2012-07-21 08:06 . 2011-03-31 17:07 114688 ----a-w- c:\windows\SysWow64\CNC_AQU.dll
2012-07-21 08:06 . 2011-03-31 17:07 302080 ----a-w- c:\windows\system32\CNC_AQC.dll
2012-07-21 08:06 . 2011-03-31 17:06 112128 ----a-w- c:\windows\system32\CNC_AQI.dll
2012-07-21 08:06 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-07-21 08:06 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-07-21 08:01 . 2012-07-21 08:01 -------- d-----w- c:\program files\Common Files\CANON
2012-07-21 08:01 . 2012-07-21 08:01 -------- d-----w- c:\programdata\CanonIJWSpt
2012-07-21 07:59 . 2012-07-21 07:59 -------- d-----w- c:\program files\Canon
2012-07-21 07:58 . 2012-07-21 07:58 -------- d--h--w- c:\programdata\CanonBJ
2012-07-21 07:58 . 2011-05-23 12:00 98816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAQ.DLL
2012-07-21 07:58 . 2011-05-23 12:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAQ.DLL
2012-07-21 07:58 . 2012-07-21 07:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-21 07:58 . 2011-05-23 12:00 385536 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2012-07-21 07:58 . 2011-02-03 09:20 256000 ----a-w- c:\windows\system32\CNMIUAQ.DLL
2012-07-21 07:57 . 2012-07-21 08:02 -------- d-----w- c:\program files (x86)\Canon
2012-07-16 03:39 . 2012-07-16 04:08 -------- d-----w- c:\programdata\0C1CFAF40000F198A8D75EFD4F147CE7
2012-07-16 03:39 . 2012-07-16 03:39 -------- d-----w- c:\users\KPM\AppData\Local\{DB7B6B8B-CEF7-11E1-8270-B8AC6F996F26}
2012-07-12 10:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:33 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:13 . 2012-04-12 02:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 07:13 . 2011-06-24 17:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-05-20 15:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 02:46 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:46 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:46 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-03_17.29.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-08 00:37 . 2012-08-08 06:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-09 05:37 . 2012-08-08 06:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-09 05:37 . 2012-07-22 14:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-09 04:22 . 2012-08-08 06:19 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-09 04:22 . 2012-07-22 19:39 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-15 19:17 . 2012-08-08 00:31 58572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-09 01:53 49162 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-01 01:56 . 2012-08-09 01:53 17940 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2492497484-604347204-2352376640-1000_UserData.bin
+ 2011-01-30 09:24 . 2012-08-05 18:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-30 09:24 . 2012-08-03 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-30 09:24 . 2012-08-03 13:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-30 09:24 . 2012-08-05 18:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 18:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-03 17:28 . 2012-08-03 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 01:51 . 2012-08-09 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-03 17:28 . 2012-08-03 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 01:51 . 2012-08-09 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-22 14:11 . 2012-08-03 07:13 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-22 14:11 . 2012-08-08 06:19 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-31 02:45 . 2012-08-08 07:00 222316 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-03 17:10 672066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-09 01:56 672066 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-03 17:10 125302 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-09 01:56 125302 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-03 17:27 498392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-09 01:50 498392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-03 07:13 4784128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 06:19 4784128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 07:13 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 06:19 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-08-08 14:31 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-01 14:03 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-01 01:52 . 2012-08-09 01:50 46304834 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2492497484-604347204-2352376640-1000-8192.dat
- 2012-07-09 16:53 . 2012-07-22 19:44 10360856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-07-09 16:53 . 2012-08-09 01:50 10360856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-05 1612920]
.
c:\users\KPM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IO Control.lnk - c:\windows\Installer\{B8A6EF27-E73B-47F9-83D5-62D652E0E2E4}\NewShortcut5_2AA07447F06844BA88FA6CE6A9CE3FFC.exe [2012-4-30 40960]
UV Realtime.lnk - c:\program files (x86)\UV Realtime\UVRTAutostart.exe [2012-2-18 13312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-01-25 19456]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-01-25 27648]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-01-25 27136]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-01-25 33792]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-01-11 31744]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\DRIVERS\MAudioProducer.sys [2010-03-09 187912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2012-01-14 419160]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2012-01-14 31576]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2012-01-14 53080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-06 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-07-26 53488]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AgilentIOLibrariesService;Agilent IO Libraries Service;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2012-02-24 69992]
S2 AgtMdnsResponder;Agilent mDNS Responder Service;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2011-03-21 424960]
S2 Corner Bowl Log Manager;Corner Bowl Log Manager;c:\program files\Corner Bowl Software\Log Manager\cblmsrv.exe [2011-06-27 119808]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AgilentPXIResourceManager;Agilent PXI Resource Manager;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2012-02-24 200040]
S3 AgPciMem;AgPciMem;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys [2012-02-24 14448]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-30 21072]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:13]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 04:32]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Corner Bowl Log Manager"="c:\program files\Corner Bowl Software\Log Manager\cblmti.exe" [2011-06-27 40192]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-08-02 204048]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-03-09 798728]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\KPM\AppData\Roaming\Mozilla\Firefox\Profiles\f7cx4nwt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 19:41:58
ComboFix-quarantined-files.txt 2012-08-09 02:41
ComboFix2.txt 2012-08-03 17:36
.
Pre-Run: 385,438,830,592 bytes free
Post-Run: 385,029,914,624 bytes free
.
- - End Of File - - FF83D1DA0620FEB179AD1660D501CE77

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 19:49:05
-----------------------------
19:49:05.492 OS Version: Windows x64 6.1.7600
19:49:05.492 Number of processors: 2 586 0x2505
19:49:05.493 ComputerName: KPM-LAPTOP UserName: KPM
19:49:07.072 Initialize success
19:51:38.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:51:38.655 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
19:51:38.669 Disk 0 MBR read successfully
19:51:38.673 Disk 0 MBR scan
19:51:38.678 Disk 0 unknown MBR code
19:51:38.691 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:51:38.701 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459217 MB offset 409600
19:51:38.739 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17419 MB offset 940886016
19:51:38.760 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:51:38.798 Disk 0 scanning C:\Windows\system32\drivers
19:51:49.035 Service scanning
19:52:12.650 Modules scanning
19:52:12.665 Disk 0 trace - called modules:
19:52:12.736 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:52:12.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e18060]
19:52:12.756 3 CLASSPNP.SYS[fffff88001ad243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f24050]
19:52:12.766 Scan finished successfully
19:52:30.476 Disk 0 MBR has been saved successfully to "C:\Users\KPM\Desktop\MBR.dat"
19:52:30.481 The log file has been saved successfully to "C:\Users\KPM\Desktop\aswMBR.txt"


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
KPM :: KPM-LAPTOP [administrator]

8/8/2012 8:12:40 PM
mbam-log-2012-08-08 (20-12-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200025
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 10 August 2012 - 08:41 PM

Hi bppubjr

I'm afraid I have bad news.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and has been killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Instructions how to format and reinstall Windows can be found here

We have cleaned this machine but I can't guarantee that it will be 100% secure now. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
White Warrior

#12 bppubjr

bppubjr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 14 August 2012 - 12:12 AM

Thanks for your help, despite the poor prognosis. If I change my passwords, avoid doing sensitive tasks on this machine, and scan it regularly, do you think it would be ok NOT to reload the system? I'm hoping to avoid that eventuality, if at all possible, because (1) I don't have an operating system I can install, and (2) it's a giant pain in the a**. If you really don't think it's a good idea, I will have to face the music, but perhaps I can get away with it.

Kevin

Here is the ESET scan log. It found additional infections but cleaned them.

C:\Program Files (x86)\UV Realtime\UV Realtime.exe a variant of MSIL/Packed.CryptoObfuscator.C application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5CAF.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5CDF.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\KPM\AppData\Local\aosmzdtf.exe.vir a variant of Win32/Kryptik.AIUD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\KPM\AppData\Roaming\msqlap.dll.vir a variant of Win32/Medfos.AR trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.LA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.08.2012_18.48.09\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\KPM\AppData\Local\{DB7B6B8B-CEF7-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\KPM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1e4375b-5352d4b0 Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined
C:\Users\KPM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\35a654fd-6b657d37 multiple threats deleted - quarantined
C:\Users\KPM\Downloads\RARSoftwareInstaller.exe Win32/FreeInstaller application cleaned by deleting - quarantined
C:\Users\KPM\Downloads\UVRT-v1.8.0.0-Installer.exe a variant of MSIL/Packed.CryptoObfuscator.C application deleted - quarantined
C:\Users\KPM\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\KPM\Downloads\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\a843745.msi a variant of MSIL/Packed.CryptoObfuscator.C application deleted - quarantined

#13 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 15 August 2012 - 04:30 AM

Hi bppubjr

If I change my passwords, avoid doing sensitive tasks on this machine, and scan it regularly, do you think it would be ok NOT to reload the system?

That is your choice. You should be ok. Your logs look clean.

Now some updates.

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware.

You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here.

To learn how to install Windows 7 Service Pack 1 (SP1) please go here

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on [Java file you downloaded earlier[/b] to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
Let me know how you go and please let me know how the computer is running now?

White Warrior

#14 bppubjr

bppubjr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 August 2012 - 11:23 PM

White Warrior,

I've updated my Acrobat and Windows. I uninstalled Java until I run into something that needs it, and even then I'm a little wary of installing without a good reason. Are there big, gaping security holes to which I open myself by having Java and JRE installed?

A couple of other questions:

1. Combofix disabled "Recent Items" from my Start menu. Is there a reason? Is it safe to use?

2. What are the best utilities to use to prevent further or re-infection, and how often should I use it (them)?

Kevin

#15 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 18 August 2012 - 06:03 PM

Hi bppubjr

Are there big, gaping security holes to which I open myself by having Java and JRE installed?


Not if you keep the program up to date.

1. Combofix disabled "Recent Items" from my Start menu. Is there a reason? Is it safe to use?

Everything that combofix altered will be reset back to how it was when combofix is uninstalled.

2. What are the best utilities to use to prevent further or re-infection, and how often should I use it (them)?

I would keep MBAM and scan with it regularly.
Always keep all your programs up to date.

Now to uninstall ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: The space between x and / is needed.

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Please download OTL from the following mirror and save it to your desktop:

    This is THE Mirror
  • Double click on the Posted Image icon on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
Now some preventative steps to ensure you don't get infected again:

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Happy Surfing.

White Warrior.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users